Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Downloads from IE say that they have a virus

This is a discussion on Downloads from IE say that they have a virus within the Resolved HJT Threads forums, part of the Tech Support Forum category.


 
 
Thread Tools Search this Thread
Old 05-22-2012, 05:44 PM   #1
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Good Evening Tech Support Forum,
Been awhile since I've been here. Working on my sister-in-laws notebook and it has some issues. First, Vista SP2 would not install. Got it to install after running the Vista SP2 fix from Microsoft. After that, I was able to get all of the updates installed along with SP2. I have ran a scan with Malwarebytes and it comes up clean and MS Security Essentials shows no errors.

The issues are that the system is very slow, can't run anything that copied to the local HD and as I stated in the title, IE shows a virus when anything is downloaded and saved to the local HD.

Here's the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Staci at 19:30:28 on 2012-05-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.2318 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80119
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80119
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe -update activex
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpqSRMon]
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\community
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{2982D41A-5B0B-49DF-A31D-AE36EEEC6148} : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{674F0FE3-17A4-49C7-8E66-DA1DAD71CCD5} : DhcpNameServer = 192.168.100.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [hpqSRMon]
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files (x86)\HP\QuickPlay\000.fcl [2008-7-28 27632]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-7-28 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-1-3 24652]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-28 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 STTub30;USB Driver for Tube device v3.0.0;C:\Windows\system32\Drivers\STTub30.sys --> C:\Windows\system32\Drivers\STTub30.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCR2PC;VCR2PC Analog Capture;C:\Windows\system32\DRIVERS\0140_ION.sys --> C:\Windows\system32\DRIVERS\0140_ION.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-5-21 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-22 20:55:17 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E692F0F-F9E1-4327-B09D-22885FA12908}\mpengine.dll
2012-05-22 08:42:44 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-22 08:42:03 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-22 08:42:03 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-22 08:42:02 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-22 08:42:02 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-22 08:42:01 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-22 08:42:01 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-22 08:42:01 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-22 08:42:00 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-22 08:42:00 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-22 08:42:00 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-22 08:41:00 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-22 08:40:59 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-22 08:18:29 -------- d-----w- C:\Windows\SysWow64\spool
2012-05-22 08:18:29 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-05-22 08:18:26 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-05-22 05:27:11 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-05-22 05:27:11 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-05-22 05:27:07 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-05-22 05:27:07 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-05-22 05:27:06 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-05-22 05:27:06 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-05-22 05:24:00 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2012-05-22 05:24:00 369664 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2012-05-22 05:21:49 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-05-22 03:22:48 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-05-22 03:22:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-22 03:22:48 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-22 03:22:47 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-22 03:22:47 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-22 03:22:46 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-22 03:22:46 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-22 02:44:43 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-22 02:44:43 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-22 02:44:37 451072 ----a-w- C:\Windows\System32\winsrv.dll
2012-05-22 02:42:55 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-05-22 02:42:53 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-05-22 02:42:50 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-22 02:40:59 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2012-05-22 02:39:52 316928 ----a-w- C:\Windows\System32\msshsq.dll
2012-05-22 02:39:52 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll
2012-05-22 02:38:19 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-22 02:14:26 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-05-22 02:14:25 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-22 00:59:28 -------- d-----w- C:\Windows\SysWow64\vi-VN
2012-05-22 00:59:28 -------- d-----w- C:\Windows\SysWow64\eu-ES
2012-05-22 00:59:28 -------- d-----w- C:\Windows\SysWow64\ca-ES
2012-05-22 00:59:27 -------- d-----w- C:\Windows\System32\vi-VN
2012-05-22 00:59:27 -------- d-----w- C:\Windows\System32\eu-ES
2012-05-22 00:59:27 -------- d-----w- C:\Windows\System32\ca-ES
2012-05-22 00:47:50 -------- d-----w- C:\Windows\System32\SPReview
2012-05-22 00:00:25 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2012-05-21 23:59:47 56320 ----a-w- C:\Windows\System32\compcln.exe
2012-05-21 23:59:35 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
2012-05-21 23:58:43 946688 ----a-w- C:\Windows\System32\scavenge.dll
2012-05-21 23:56:58 97792 ----a-w- C:\Windows\SysWow64\oleprn.dll
2012-05-21 23:55:59 99328 ----a-w- C:\Windows\System32\samlib.dll
2012-05-21 23:54:59 799744 ----a-w- C:\Windows\SysWow64\certutil.exe
2012-05-21 23:53:59 820224 ----a-w- C:\Windows\System32\user32.dll
2012-05-21 23:52:57 1673216 ----a-w- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
2012-05-21 22:03:40 -------- d-----w- C:\Windows\CheckSur
2012-05-18 21:33:10 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-15 21:58:18 -------- d-----w- C:\Users\Staci\AppData\Local\LogMeIn
2012-05-15 21:58:13 59776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2012-05-15 21:58:13 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-15 21:58:12 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-15 21:58:12 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-15 21:58:12 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2012-05-15 21:58:05 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-15 21:57:59 -------- d-----w- C:\ProgramData\LogMeIn
2012-05-15 21:57:31 -------- d-----w- C:\Program Files (x86)\LogMeIn
2012-05-15 21:53:47 -------- d-----w- C:\Users\Staci\AppData\Local\Apps
2012-05-15 21:53:44 -------- d-----w- C:\Users\Staci\AppData\Local\Deployment
2012-05-15 01:10:50 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-05-14 23:02:21 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{146220D7-B8C9-4188-9ED2-FDAD4E3E3B4C}\gapaengine.dll
2012-05-14 22:40:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-14 22:40:10 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-14 22:39:07 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-05-13 17:57:16 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B93288BA-EE97-41BD-B6EB-7FD94C6AB542}\mpengine.dll
2012-05-13 17:42:46 -------- d-----w- C:\Temp
2012-05-13 17:12:49 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-05-13 15:56:38 -------- d-----w- C:\Users\Staci\AppData\Local\Seven Zip
2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M ====================
.
2012-05-22 12:46:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 12:45:03 1422720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 14:22:51 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-03-24 22:48:56 2231606 ----a-w- C:\ProgramData\Games.exe
2012-03-22 02:38:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-12 02:16:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:31:48.64 ===============

I've also attached the attach.zip log. I didn't run the GMER because this is a 64-bit system.

Thanks in advance for all of your help!!!

Doug
Attached Files
File Type: zip Attach.zip (2.6 KB, 11 views)

__________________
mrmuggyd is offline  
Old 05-28-2012, 02:04 PM   #2
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Bump Please

__________________
mrmuggyd is offline  
Old 05-29-2012, 06:04 AM   #3
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Hello

I'm not quite understanding this
Quote:
IE shows a virus when anything is downloaded and saved to the local HD.
Can you provide a screenshot of this?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 05-29-2012, 07:39 AM   #4
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
Thanks for the reply. Attached is a screenshot of the problem. I attempted to download the .msi file for MS Security Essentials. When trying to save the file after downloading is where the error occurs.

This occurs when trying to download any file from the Internet. I have flushed the IE cache and removed Temporary Files.

Thanks for the help.

Doug
Attached Thumbnails
Click image for larger version

Name:	Screenshot.jpg
Views:	48
Size:	252.8 KB
ID:	110243  
__________________
mrmuggyd is offline  
Old 05-29-2012, 07:15 PM   #5
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Thank you. :)

I hope there isn't a file infector onboard. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked

  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 05-30-2012, 05:06 AM   #6
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
No threats found.

As a note, if I create something in notepad and try to save it, it appears to save but when I go to find it, it's not there. I thought that I included that in my initial post but looking back, I didn't
__________________
mrmuggyd is offline  
Old 05-30-2012, 07:18 PM   #7
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 05-30-2012, 08:07 PM   #8
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
Thanks again for the help. Here's the Combofix log:

ComboFix 12-05-30.04 - Staci 05/30/2012 21:43:47.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1784 [GMT -5:00]
Running from: c:\users\Staci\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\239
c:\programdata\239\{7CB266C6-FA60-403F-AD4C-AFB141FC7B0B}.swf
c:\programdata\Games.exe
c:\programdata\qbpwCab.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\bszip.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 02:58 . 2012-05-31 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 22:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7036BFEA-5C04-4599-9DFE-365F2E03C0F2}\mpengine.dll
2012-05-30 12:07 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-30 03:17 . 2012-05-30 03:17 -------- d-----w- c:\program files (x86)\ESET
2012-05-22 22:21 . 2012-05-22 22:21 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-22 21:00 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-22 08:42 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll
2012-05-22 08:42 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-22 08:42 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-22 08:42 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-22 08:42 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-22 08:42 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-22 08:42 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-22 08:42 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-22 08:42 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-22 08:42 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-05-22 08:41 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-22 08:40 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-22 08:18 . 2012-05-22 08:18 -------- d-----w- c:\windows\SysWow64\spool
2012-05-22 08:18 . 2012-05-22 08:18 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-05-22 08:18 . 2012-05-22 08:18 -------- d-----w- c:\program files\Windows Portable Devices
2012-05-22 05:27 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-05-22 05:27 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-05-22 05:27 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-05-22 05:27 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-05-22 05:27 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-05-22 05:27 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-05-22 05:24 . 2009-09-25 01:35 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2012-05-22 05:24 . 2009-09-25 01:33 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2012-05-22 05:21 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2012-05-22 03:22 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-05-22 03:22 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-22 03:22 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-22 03:22 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-05-22 03:22 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-22 03:22 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-22 03:22 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-22 02:44 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-22 02:44 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-22 02:44 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-05-22 02:42 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-22 02:42 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-22 02:42 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2012-05-22 02:40 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-22 02:39 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll
2012-05-22 02:39 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
2012-05-22 02:38 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-22 02:14 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys
2012-05-22 02:14 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\system32\ca-ES
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\system32\eu-ES
2012-05-22 00:59 . 2012-05-22 00:59 -------- d-----w- c:\windows\system32\vi-VN
2012-05-22 00:47 . 2012-05-22 00:47 -------- d-----w- c:\windows\system32\SPReview
2012-05-22 00:00 . 2009-04-11 05:07 3584 ----a-w- c:\windows\system32\drivers\en-US\hdaudbus.sys.mui
2012-05-21 23:59 . 2009-04-11 05:10 56320 ----a-w- c:\windows\system32\compcln.exe
2012-05-21 23:59 . 2009-04-11 05:05 7680 ----a-w- c:\windows\system32\drivers\en-US\bthport.sys.mui
2012-05-21 23:58 . 2009-04-11 05:11 946688 ----a-w- c:\windows\system32\scavenge.dll
2012-05-21 23:56 . 2009-04-11 05:11 16818176 ----a-w- c:\program files\Movie Maker\OmdBase.dll
2012-05-21 23:55 . 2009-04-11 05:11 99328 ----a-w- c:\windows\system32\samlib.dll
2012-05-21 23:54 . 2009-04-11 05:11 1676800 ----a-w- c:\windows\system32\chsbrkr.dll
2012-05-21 23:53 . 2009-04-11 05:11 820224 ----a-w- c:\windows\system32\user32.dll
2012-05-21 23:52 . 2009-04-11 05:11 1673216 ----a-w- c:\windows\system32\WindowsAnytimeUpgradeCPL.dll
2012-05-21 22:03 . 2012-05-21 22:03 -------- d-----w- c:\windows\CheckSur
2012-05-18 21:33 . 2012-05-18 21:33 -------- d-----w- c:\windows\system32\EventProviders
2012-05-15 21:58 . 2012-05-15 21:58 -------- d-----w- c:\users\Staci\AppData\Local\LogMeIn
2012-05-15 21:58 . 2012-05-22 03:09 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-05-15 21:58 . 2012-05-22 03:09 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-15 21:58 . 2012-05-22 03:09 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-15 21:58 . 2011-09-16 19:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-05-15 21:58 . 2012-05-22 03:09 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-15 21:57 . 2012-05-30 17:54 -------- d-----w- c:\programdata\LogMeIn
2012-05-15 21:57 . 2012-05-22 03:12 -------- d-----w- c:\program files (x86)\LogMeIn
2012-05-15 21:53 . 2012-05-15 21:53 -------- d-----w- c:\users\Staci\AppData\Local\Apps
2012-05-15 21:53 . 2012-05-15 21:56 -------- d-----w- c:\users\Staci\AppData\Local\Deployment
2012-05-15 01:10 . 2012-05-15 01:10 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-14 23:02 . 2012-05-14 23:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{146220D7-B8C9-4188-9ED2-FDAD4E3E3B4C}\gapaengine.dll
2012-05-14 22:40 . 2012-05-14 22:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-14 22:40 . 2012-05-14 22:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-14 22:39 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-05-13 17:57 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B93288BA-EE97-41BD-B6EB-7FD94C6AB542}\mpengine.dll
2012-05-13 17:42 . 2012-05-22 22:24 -------- d-----w- C:\Temp
2012-05-13 17:12 . 2012-05-13 17:12 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-05-13 15:56 . 2012-05-13 15:56 -------- d-----w- c:\users\Staci\AppData\Local\Seven Zip
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-01-09 04:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 02:38 . 2011-07-03 16:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-12 02:16 . 2010-05-22 15:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-06-26 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 01:56]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 01:56]
.
2009-11-02 c:\windows\Tasks\HPCeeScheduleForStaci.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-28 03:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\community
TCP: DhcpNameServer = 192.168.100.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files (x86)\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-05-30 22:04:31
ComboFix-quarantined-files.txt 2012-05-31 03:04
.
Pre-Run: 67,255,922,688 bytes free
Post-Run: 67,012,030,464 bytes free
.
- - End Of File - - 5F5C9D76C92158F5E62FA876FFA923E1
__________________
mrmuggyd is offline  
Old 05-30-2012, 08:25 PM   #9
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. :) Any improvement?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 05-30-2012, 08:41 PM   #10
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
I'm able to save files to the PC now, but I tried downloading the Security Essentials install .msi file and got the same "virus found" message that I posted before.
__________________
mrmuggyd is offline  
Old 05-30-2012, 08:43 PM   #11
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



That's so very strange and I've never seen that before (and I've been around a long time)

Does that happen with any other file you try to download?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 05-30-2012, 08:59 PM   #12
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
I just opened a .pdf and was able to save it to my desktop. I attempted to download the attach.zip file that I uploaded early and received the virus message again.
__________________
mrmuggyd is offline  
Old 05-30-2012, 09:16 PM   #13
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
Sorry to double-post. I rebooted the system and still have the issue. IE is a little faster but still slow in launching. I'm also attaching an error that I'm seeing. Not sure of something my sister-in-law did or what.

Doug
Attached Thumbnails
Click image for larger version

Name:	Screenshot.jpg
Views:	41
Size:	119.0 KB
ID:	110339  
__________________
mrmuggyd is offline  
Old 05-30-2012, 09:20 PM   #14
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



I'm seeing AVG security Toolbar remnants as well as AVG still being associated with the Handler, which may be causing the conflict.

Go to AVG's site --> AVG Download tools and utilities and download the AVG uninstaller for 64-bit machine.

Run it and reboot, then try to download something again. If still getting that message, please run dds.scr again and post the dds.txt

========================

Edit - just saw your last post. Go ahead and allow it to empty Recycle Bin
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 05-31-2012, 03:00 PM   #15
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
Still getting the message downloading things. Here's the DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Staci at 16:55:29 on 2012-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.2236 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\community
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{2982D41A-5B0B-49DF-A31D-AE36EEEC6148} : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{674F0FE3-17A4-49C7-8E66-DA1DAD71CCD5} : DhcpNameServer = 192.168.100.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files (x86)\HP\QuickPlay\000.fcl [2008-7-28 27632]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-7-28 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-1-3 24652]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-28 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 STTub30;USB Driver for Tube device v3.0.0;C:\Windows\system32\Drivers\STTub30.sys --> C:\Windows\system32\Drivers\STTub30.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCR2PC;VCR2PC Analog Capture;C:\Windows\system32\DRIVERS\0140_ION.sys --> C:\Windows\system32\DRIVERS\0140_ION.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-5-21 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-31 03:34:12 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-31 03:09:22 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04823F02-6D37-4CC1-9DD7-141A7DA73D52}\mpengine.dll
2012-05-31 02:40:43 98816 ----a-w- C:\Windows\sed.exe
2012-05-31 02:40:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-31 02:40:43 256000 ----a-w- C:\Windows\PEV.exe
2012-05-31 02:40:43 208896 ----a-w- C:\Windows\MBR.exe
2012-05-30 12:07:04 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-30 03:17:51 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-22 08:42:03 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-22 08:42:03 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-22 08:42:02 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-22 08:42:02 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-22 08:42:01 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-22 08:42:01 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-22 08:42:01 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-22 08:42:00 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-22 08:42:00 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-22 08:42:00 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-22 08:41:00 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-22 08:40:59 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-22 08:18:29 -------- d-----w- C:\Windows\SysWow64\spool
2012-05-22 08:18:29 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-05-22 08:18:26 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-05-22 05:27:11 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-05-22 05:27:11 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-05-22 05:27:07 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-05-22 05:27:07 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-05-22 05:27:06 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-05-22 05:27:06 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-05-22 05:24:00 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2012-05-22 05:24:00 369664 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2012-05-22 05:21:49 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-05-22 03:22:48 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-05-22 03:22:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-22 03:22:48 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-22 03:22:47 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-22 03:22:47 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-22 03:22:46 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-22 03:22:46 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-22 02:44:43 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-22 02:44:43 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-22 02:44:37 451072 ----a-w- C:\Windows\System32\winsrv.dll
2012-05-22 02:42:55 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-05-22 02:42:53 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-05-22 02:42:50 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-22 02:40:59 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2012-05-22 02:39:52 316928 ----a-w- C:\Windows\System32\msshsq.dll
2012-05-22 02:39:52 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll
2012-05-22 02:38:19 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-22 02:14:26 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-05-22 02:14:25 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-22 00:59:28 -------- d-----w- C:\Windows\SysWow64\vi-VN
2012-05-22 00:59:28 -------- d-----w- C:\Windows\SysWow64\eu-ES
2012-05-22 00:59:28 -------- d-----w- C:\Windows\SysWow64\ca-ES
2012-05-22 00:59:27 -------- d-----w- C:\Windows\System32\vi-VN
2012-05-22 00:59:27 -------- d-----w- C:\Windows\System32\eu-ES
2012-05-22 00:59:27 -------- d-----w- C:\Windows\System32\ca-ES
2012-05-22 00:47:50 -------- d-----w- C:\Windows\System32\SPReview
2012-05-22 00:00:25 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2012-05-21 23:59:47 56320 ----a-w- C:\Windows\System32\compcln.exe
2012-05-21 23:59:35 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
2012-05-21 23:58:43 946688 ----a-w- C:\Windows\System32\scavenge.dll
2012-05-21 23:56:58 97792 ----a-w- C:\Windows\SysWow64\oleprn.dll
2012-05-21 23:55:59 99328 ----a-w- C:\Windows\System32\samlib.dll
2012-05-21 23:54:59 799744 ----a-w- C:\Windows\SysWow64\certutil.exe
2012-05-21 23:53:59 820224 ----a-w- C:\Windows\System32\user32.dll
2012-05-21 23:52:57 1673216 ----a-w- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
2012-05-21 22:03:40 -------- d-----w- C:\Windows\CheckSur
2012-05-18 21:33:10 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-15 21:58:18 -------- d-----w- C:\Users\Staci\AppData\Local\LogMeIn
2012-05-15 21:58:13 59776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2012-05-15 21:58:13 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-15 21:58:12 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-15 21:58:12 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-15 21:58:12 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2012-05-15 21:58:05 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-15 21:57:59 -------- d-----w- C:\ProgramData\LogMeIn
2012-05-15 21:57:31 -------- d-----w- C:\Program Files (x86)\LogMeIn
2012-05-15 21:53:47 -------- d-----w- C:\Users\Staci\AppData\Local\Apps
2012-05-15 21:53:44 -------- d-----w- C:\Users\Staci\AppData\Local\Deployment
2012-05-15 01:10:50 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-05-14 23:02:21 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{146220D7-B8C9-4188-9ED2-FDAD4E3E3B4C}\gapaengine.dll
2012-05-14 22:40:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-14 22:40:10 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-14 22:39:07 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-05-13 17:57:16 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B93288BA-EE97-41BD-B6EB-7FD94C6AB542}\mpengine.dll
2012-05-13 17:42:46 -------- d-----w- C:\Temp
2012-05-13 15:56:38 -------- d-----w- C:\Users\Staci\AppData\Local\Seven Zip
2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M ====================
.
2012-05-22 12:46:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 12:45:03 1422720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 14:22:51 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-03-22 02:38:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-12 02:16:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 16:56:50.47 ===============

Note: IE does appear to launch and run faster. Still have slow boot times.

Doug
__________________
mrmuggyd is offline  
Old 05-31-2012, 08:02 PM   #16
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Open notepad and copy/paste the text in the code box below into it:

Quote:
DDS::
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

Folder::
C:\Program Files (x86)\AVG
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

How about now? Still having trouble with downloading?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 05-31-2012, 09:05 PM   #17
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
GOOD NEWS!!!! I'm able to download now and save files. It doesn't get deleted by the AV. I attaching the new log from the Combofix run.

As a note, I will be heading out of town until Sunday. I will check back in Sunday night for any new posts.

Here's the log:

ComboFix 12-05-30.04 - Staci 05/31/2012 22:33:13.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.2398 [GMT -5:00]
Running from: c:\users\Staci\Desktop\ComboFix.exe
Command switches used :: c:\users\Staci\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\ace.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\arabica.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\boost.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\bsdiff.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\bzip.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\carp.html
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\cryptopp.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\curl.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\dazukofs.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\expat.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\imagemagick.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\infozip.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\lua.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\md4_md5_license.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\milter.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\minizip.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\openssl_license.html
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\sasl.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\tinyxml.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\unrar.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\untar.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\xalan_xerces.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\zlib.txt
c:\program files (x86)\AVG\AVG10\3rd_party\readme.txt
c:\program files (x86)\AVG\AVG10\avg.snu
c:\program files (x86)\AVG\AVG10\avg_us.chm
c:\program files (x86)\AVG\AVG10\avg_us.lng
c:\program files (x86)\AVG\AVG10\avgabout.dll
c:\program files (x86)\AVG\AVG10\avgamnot.dll
c:\program files (x86)\AVG\AVG10\avgapia.dll
c:\program files (x86)\AVG\AVG10\avgapix.dll
c:\program files (x86)\AVG\AVG10\avgar_us.chm
c:\program files (x86)\AVG\AVG10\avgatend.stp
c:\program files (x86)\AVG\AVG10\avgatupd.stp
c:\program files (x86)\AVG\AVG10\avgcclia.dll
c:\program files (x86)\AVG\AVG10\avgcclix.dll
c:\program files (x86)\AVG\AVG10\avgcerta.dll
c:\program files (x86)\AVG\AVG10\avgcertx.dll
c:\program files (x86)\AVG\AVG10\avgcfga.dll
c:\program files (x86)\AVG\AVG10\avgcfgex.exe
c:\program files (x86)\AVG\AVG10\avgcfgx.dll
c:\program files (x86)\AVG\AVG10\avgchcla.dll
c:\program files (x86)\AVG\AVG10\avgchclx.dll
c:\program files (x86)\AVG\AVG10\avgchjwa.dll
c:\program files (x86)\AVG\AVG10\avgchsva.exe
c:\program files (x86)\AVG\AVG10\avgclita.dll
c:\program files (x86)\AVG\AVG10\avgclitx.dll
c:\program files (x86)\AVG\AVG10\avgcmgr.exe
c:\program files (x86)\AVG\AVG10\avgcorea.dll.bak
c:\program files (x86)\AVG\AVG10\avgcorex.dll.bak
c:\program files (x86)\AVG\AVG10\avgcrema.exe.bak
c:\program files (x86)\AVG\AVG10\avgcsla.dll
c:\program files (x86)\AVG\AVG10\avgcslx.dll
c:\program files (x86)\AVG\AVG10\avgcsrva.exe
c:\program files (x86)\AVG\AVG10\avgcsrvx.exe
c:\program files (x86)\AVG\AVG10\avgdg_us.chm
c:\program files (x86)\AVG\AVG10\avgdiagex.exe
c:\program files (x86)\AVG\AVG10\avgdumpa.exe
c:\program files (x86)\AVG\AVG10\avgdumpx.exe
c:\program files (x86)\AVG\AVG10\avgemca.exe
c:\program files (x86)\AVG\AVG10\avgf_us.chm
c:\program files (x86)\AVG\AVG10\avgfree_us.mht
c:\program files (x86)\AVG\AVG10\avgidp_us.chm
c:\program files (x86)\AVG\AVG10\avgidpsdkx.dll
c:\program files (x86)\AVG\AVG10\avglnga.dll
c:\program files (x86)\AVG\AVG10\avglngx.dll
c:\program files (x86)\AVG\AVG10\avgloga.dll
c:\program files (x86)\AVG\AVG10\avglogx.dll
c:\program files (x86)\AVG\AVG10\avgls_us.chm
c:\program files (x86)\AVG\AVG10\avglscanx.exe
c:\program files (x86)\AVG\AVG10\avgmfapx.exe
c:\program files (x86)\AVG\AVG10\avgmfarx.dll
c:\program files (x86)\AVG\AVG10\avgmtrapx.dll
c:\program files (x86)\AVG\AVG10\avgmvfla.dll
c:\program files (x86)\AVG\AVG10\avgmvflx.dll
c:\program files (x86)\AVG\AVG10\avgmwdef_us.mht
c:\program files (x86)\AVG\AVG10\avgnsa.exe
c:\program files (x86)\AVG\AVG10\avgntdumpa.exe
c:\program files (x86)\AVG\AVG10\avgntdumpx.exe
c:\program files (x86)\AVG\AVG10\avgoff2ka.dll
c:\program files (x86)\AVG\AVG10\avgoff2kx.dll
c:\program files (x86)\AVG\AVG10\avgpostinstx.dll
c:\program files (x86)\AVG\AVG10\avgpp.dll
c:\program files (x86)\AVG\AVG10\avgppa.dll
c:\program files (x86)\AVG\AVG10\avgresf.dll
c:\program files (x86)\AVG\AVG10\avgrkta.dll
c:\program files (x86)\AVG\AVG10\avgrsa.exe
c:\program files (x86)\AVG\AVG10\avgsals_us.mht
c:\program files (x86)\AVG\AVG10\avgsbfree_us.mht
c:\program files (x86)\AVG\AVG10\avgsbga.dll
c:\program files (x86)\AVG\AVG10\avgscana.dll
c:\program files (x86)\AVG\AVG10\avgscana.exe
c:\program files (x86)\AVG\AVG10\avgscanx.dll
c:\program files (x86)\AVG\AVG10\avgscanx.exe
c:\program files (x86)\AVG\AVG10\avgsched.dll
c:\program files (x86)\AVG\AVG10\avgsrma.dll
c:\program files (x86)\AVG\AVG10\avgsrmaa.exe
c:\program files (x86)\AVG\AVG10\avgsrmax.exe
c:\program files (x86)\AVG\AVG10\avgsrmx.dll
c:\program files (x86)\AVG\AVG10\avgssie.dll
c:\program files (x86)\AVG\AVG10\avgssiea.dll
c:\program files (x86)\AVG\AVG10\avgtbapi.dll
c:\program files (x86)\AVG\AVG10\avgtray.exe
c:\program files (x86)\AVG\AVG10\avgtrial_us.mht
c:\program files (x86)\AVG\AVG10\avgui.exe
c:\program files (x86)\AVG\AVG10\avguiadv.dll
c:\program files (x86)\AVG\AVG10\avguires.dll
c:\program files (x86)\AVG\AVG10\avgupd.sig
c:\program files (x86)\AVG\AVG10\avgupdx.dll
c:\program files (x86)\AVG\AVG10\avgvva.dll
c:\program files (x86)\AVG\AVG10\avgvvx.dll
c:\program files (x86)\AVG\AVG10\avgwd.dll
c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
c:\program files (x86)\AVG\AVG10\avgwdwsc.dll
c:\program files (x86)\AVG\AVG10\avgwebui.dll
c:\program files (x86)\AVG\AVG10\avgwsc.exe
c:\program files (x86)\AVG\AVG10\avgxpl.dll
c:\program files (x86)\AVG\AVG10\avgxpla.dll
c:\program files (x86)\AVG\AVG10\axioo.dll
c:\program files (x86)\AVG\AVG10\cf.dat
c:\program files (x86)\AVG\AVG10\Chrome\safesearch.crx
c:\program files (x86)\AVG\AVG10\compat.ini
c:\program files (x86)\AVG\AVG10\contacts_us.html
c:\program files (x86)\AVG\AVG10\dfncfg.dat
c:\program files (x86)\AVG\AVG10\Drivers\avgld.cat
c:\program files (x86)\AVG\AVG10\Drivers\avgld.inf
c:\program files (x86)\AVG\AVG10\Drivers\avgldx64.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgldx86.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgmf.cat
c:\program files (x86)\AVG\AVG10\Drivers\avgmf.inf
c:\program files (x86)\AVG\AVG10\Drivers\avgmfx64.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgmfx86.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgrk.cat
c:\program files (x86)\AVG\AVG10\Drivers\avgrk.inf
c:\program files (x86)\AVG\AVG10\Drivers\avgrkx64.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgrkx86.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgtdi.cat
c:\program files (x86)\AVG\AVG10\Drivers\avgtdi.inf
c:\program files (x86)\AVG\AVG10\Drivers\avgtdia.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgtdix.sys
c:\program files (x86)\AVG\AVG10\Drivers\ErHrVx64\AVGIDSEH.cat
c:\program files (x86)\AVG\AVG10\Drivers\ErHrVx64\AVGIDSEH.inf
c:\program files (x86)\AVG\AVG10\Drivers\ErHrVx64\AVGIDSEH.sys
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSDriver.cat
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSDriver.inf
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSFilter.cat
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSFilter.inf
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSFilter.sys
c:\program files (x86)\AVG\AVG10\Firefox\Chrome\searchshield.jar
c:\program files (x86)\AVG\AVG10\Firefox4\chrome.manifest
c:\program files (x86)\AVG\AVG10\Firefox4\Chrome\searchshield.jar
c:\program files (x86)\AVG\AVG10\Firefox4\Components\avgssff4.dll
c:\program files (x86)\AVG\AVG10\Firefox4\Components\avgssff5.dll
c:\program files (x86)\AVG\AVG10\Firefox4\Components\ISearchShield4.xpt
c:\program files (x86)\AVG\AVG10\Firefox4\install.rdf
c:\program files (x86)\AVG\AVG10\fixcfg.exe
c:\program files (x86)\AVG\AVG10\HtmLayout.dll
c:\program files (x86)\AVG\AVG10\Icons\alert_mask.png
c:\program files (x86)\AVG\AVG10\Icons\background_middle_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\background_middle_green.gif
c:\program files (x86)\AVG\AVG10\Icons\background_middle_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\background_middle_red.gif
c:\program files (x86)\AVG\AVG10\Icons\background_middle_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_green.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_red.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\block-doc.gif
c:\program files (x86)\AVG\AVG10\Icons\blocked.gif
c:\program files (x86)\AVG\AVG10\Icons\blocked12.png
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_green.gif
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_red.gif
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_green.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_red.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\box_bottom_red.gif
c:\program files (x86)\AVG\AVG10\Icons\box_top_red.gif
c:\program files (x86)\AVG\AVG10\Icons\caution.gif
c:\program files (x86)\AVG\AVG10\Icons\caution12.png
c:\program files (x86)\AVG\AVG10\Icons\click_here_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\click_here_green.gif
c:\program files (x86)\AVG\AVG10\Icons\click_here_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\click_here_red.gif
c:\program files (x86)\AVG\AVG10\Icons\click_here_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\clock.gif
c:\program files (x86)\AVG\AVG10\Icons\clock12.png
c:\program files (x86)\AVG\AVG10\Icons\close.gif
c:\program files (x86)\AVG\AVG10\Icons\green_inline_border_bl.png
c:\program files (x86)\AVG\AVG10\Icons\green_inline_border_br.png
c:\program files (x86)\AVG\AVG10\Icons\green_inline_border_r.png
c:\program files (x86)\AVG\AVG10\Icons\green_inline_border_tl.png
c:\program files (x86)\AVG\AVG10\Icons\green_inline_border_tr.png
c:\program files (x86)\AVG\AVG10\Icons\icons_blocked.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_caution.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_close.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_safe.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_unknown.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_warning.gif
c:\program files (x86)\AVG\AVG10\Icons\LS_Logo_Results.gif
c:\program files (x86)\AVG\AVG10\Icons\orange_inline_border_bl.png
c:\program files (x86)\AVG\AVG10\Icons\orange_inline_border_br.png
c:\program files (x86)\AVG\AVG10\Icons\orange_inline_border_r.png
c:\program files (x86)\AVG\AVG10\Icons\orange_inline_border_tl.png
c:\program files (x86)\AVG\AVG10\Icons\orange_inline_border_tr.png
c:\program files (x86)\AVG\AVG10\Icons\red_inline_border_bl.png
c:\program files (x86)\AVG\AVG10\Icons\red_inline_border_br.png
c:\program files (x86)\AVG\AVG10\Icons\red_inline_border_r.png
c:\program files (x86)\AVG\AVG10\Icons\red_inline_border_tl.png
c:\program files (x86)\AVG\AVG10\Icons\red_inline_border_tr.png
c:\program files (x86)\AVG\AVG10\Icons\safe.gif
c:\program files (x86)\AVG\AVG10\Icons\safe12.png
c:\program files (x86)\AVG\AVG10\Icons\unknown.gif
c:\program files (x86)\AVG\AVG10\Icons\vrsn-secured-lsfo.gif
c:\program files (x86)\AVG\AVG10\Icons\warning.gif
c:\program files (x86)\AVG\AVG10\Icons\warning12.png
c:\program files (x86)\AVG\AVG10\Icons\yellow_inline_border_bl.png
c:\program files (x86)\AVG\AVG10\Icons\yellow_inline_border_br.png
c:\program files (x86)\AVG\AVG10\Icons\yellow_inline_border_r.png
c:\program files (x86)\AVG\AVG10\Icons\yellow_inline_border_tl.png
c:\program files (x86)\AVG\AVG10\Icons\yellow_inline_border_tr.png
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\driver\platform_VISTA\UniversalDD.sys
c:\program files (x86)\AVG\AVG10\imsdk64.dll
c:\program files (x86)\AVG\AVG10\js.dat
c:\program files (x86)\AVG\AVG10\license_us.htm
c:\program files (x86)\AVG\AVG10\mfacz.lns
c:\program files (x86)\AVG\AVG10\mfada.lns
c:\program files (x86)\AVG\AVG10\mfaes.lns
c:\program files (x86)\AVG\AVG10\mfafr.lns
c:\program files (x86)\AVG\AVG10\mfage.lns
c:\program files (x86)\AVG\AVG10\mfahu.lns
c:\program files (x86)\AVG\AVG10\mfaid.lns
c:\program files (x86)\AVG\AVG10\mfain.lns
c:\program files (x86)\AVG\AVG10\mfait.lns
c:\program files (x86)\AVG\AVG10\mfajp.lns
c:\program files (x86)\AVG\AVG10\mfako.lns
c:\program files (x86)\AVG\AVG10\mfams.lns
c:\program files (x86)\AVG\AVG10\mfanl.lns
c:\program files (x86)\AVG\AVG10\mfapb.lns
c:\program files (x86)\AVG\AVG10\mfapl.lns
c:\program files (x86)\AVG\AVG10\mfapt.lns
c:\program files (x86)\AVG\AVG10\mfaru.lns
c:\program files (x86)\AVG\AVG10\mfasc.lns
c:\program files (x86)\AVG\AVG10\mfask.lns
c:\program files (x86)\AVG\AVG10\mfasp.lns
c:\program files (x86)\AVG\AVG10\mfatr.lns
c:\program files (x86)\AVG\AVG10\mfaus.lns
c:\program files (x86)\AVG\AVG10\mfavera.txt
c:\program files (x86)\AVG\AVG10\mfaverx.txt
c:\program files (x86)\AVG\AVG10\mfazh.lns
c:\program files (x86)\AVG\AVG10\mfazt.lns
c:\program files (x86)\AVG\AVG10\mwbsr_e_free_us.mht
c:\program files (x86)\AVG\AVG10\mwbsr_f_free_us.mht
c:\program files (x86)\AVG\AVG10\PCTuneup\AxBrowsers.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\DiskCleanerHelper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\DiskDefragHelper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\helper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\localizer.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe
c:\program files (x86)\AVG\AVG10\PCTuneup\MicroScannerElevation.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\PerlRegExp.bpl
c:\program files (x86)\AVG\AVG10\PCTuneup\RegistryCleanerHelper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\RescueCenterHelper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\rtl120.bpl
c:\program files (x86)\AVG\AVG10\PCTuneup\vcl120.bpl
c:\program files (x86)\AVG\AVG10\ph.dat
c:\program files (x86)\AVG\AVG10\sb.dat
c:\program files (x86)\AVG\AVG10\sb.dat.xcd
c:\program files (x86)\AVG\AVG10\sb2.dat
c:\program files (x86)\AVG\AVG10\sc.dat
c:\program files (x86)\AVG\AVG10\sc.dat.xcd
c:\program files (x86)\AVG\AVG10\Temp\file3196.tmp
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\23_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\26_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\27_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\29_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\38_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\39_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\40_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\41_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\42_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\43_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\44_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\45_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\46_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\48_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\49_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\50_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\56_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\57_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\58_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\59_sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\channels.dat
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome.manifest
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\26_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\27_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\29_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\38_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\39_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\40_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\41_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\42_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\43_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\44_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\45_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\46_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\48_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\49_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\50_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\56_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\57_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\58_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\59_config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\autocomplete-popup.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\config.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\contexthtml.xul
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\custom.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\26_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\27_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\29_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\38_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\41_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\42_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\43_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\44_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\45_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\46_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\49_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\50_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\56_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\58_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\59_tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\about.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bg_arr.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bg_body.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bg_main-heading.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bg_rule-overlay.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bg_rule.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bg_tab.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_AB.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_ABSearch.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_arrow.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_bottom_shadow.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirm.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmAVGSafe.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmEmail.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmFacebook.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmIco_fb.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmIco_notifier.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmIco_weather.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmTbr.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmWeather.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_egs.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_general.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_logo.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_protection.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_search.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBox.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBoxBaidu.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBoxBlank.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_SPupdate.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_SPupdateSearchBox.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_style.css
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_top_shadow.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_update.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\deletehistory_processing.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_config.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifier.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierBackground.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierBullet.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierClose.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDown.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDownActive.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDownDisabled.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierIco.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNext.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNextActive.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNextDisabled.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPrevious.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPreviousActive.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPreviousDisabled.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierScrollbar.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierSettings.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUp.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUpActive.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUpDisabled.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_config.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_error.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\facebook_logo.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_notifier.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_notifierIco.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_status.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\facebook_style.css
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\facebook_textbox.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_user.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBAccess.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBCalc.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBExcel.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBExplorer.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBMediaPlayer.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBNotepad.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBOutlook.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBOutlookExpress.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBPaint.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBPowerPoint.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBSkype.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBWord.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundGrey.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundRed.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!bullet.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!close.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoiDNES.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRead.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRSS.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoSimple.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoUnread.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!logo.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!settings.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!tabHilighted.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.css
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_bullet-1.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_config.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_askdialog.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_background.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_checkboxdialog.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_closedialog.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_closedialog_bg1.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_closedialog_bg2.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icohelp.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icohelp.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icoQuest.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icoRisk.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icoSafe.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icoUnkn.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_loading.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_logo.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_main.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_menu1.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_menu2.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_menu3.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_menu4.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_style.css
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_gray.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_green.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_orange.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_red.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_yellow.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_gray.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_green.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_orange.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_red.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_yellow.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_gray.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_green.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_orange.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_red.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_yellow.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_blocked.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_gray.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_green.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_orange.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_red.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_yellow.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_gray.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_green.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_orange.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_red.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_yellow.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_caution.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_dangerous.html
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_blocked.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_caution.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_close.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_safe.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_unknown.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_warning.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_LS_Logo_Results.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_questionable.html
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_risky.html
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_safe.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_safe.html
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_unknown.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_unknown.html
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_waiting.html
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_warning.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_button.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_button_hilight.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_buttonHilight.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByBlank.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByYahoo.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tbapi.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\toolbarprotector_window.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\updater_error.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\updater_ok.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\updater_processing.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\weather_bg.gif
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\weather_error.htm
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\weather_img.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html\weather_x.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\htmlwindow.xul
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\imageButton.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\26_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\38_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\39_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\40_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\41_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\42_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\43_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\44_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\45_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\46_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\48_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\49_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\50_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\56_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\57_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\58_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\59_en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\en.ini
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\languages.cfg
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\include.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\include_lite.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\marquee.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\overlay.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\overlay.xul
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\searchProviders.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons\default\htmlwindow.ico
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\38_searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\38_spBaidu.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\39_spGeneralSearch.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\40_searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\40_spYandex.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\41_searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\41_spYandex.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\42_spGeneralSearch.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\43_searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\43_spYandex.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\44_spGeneralSearch.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\45_searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\45_spYandex.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\46_spGeneralSearch.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\48_searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\48_spBaidu.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\49_searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\49_spBaidu.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\50_searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\50_spBaidu.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\56_spYahoo.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\57_spYahoo.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\58_spYahoo.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\59_spYahoo.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\chevron.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\contexthtml.css
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\dragdrop.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\emailchecker_icoEmail.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\emailchecker_icoEmailNew.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\gripper.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoAbout.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoAVGInfo.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoFacebook_facebook.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoFacebook_FriendReq.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoFacebook_messages.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoFacebook_pokes.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoGoButtonBG.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoHomepage.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoOptions.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoProtection.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoProtectionLimited.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoRSS.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoRSSBlue.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoRSSGray.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoRSSGreen.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_D.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_Q.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_R.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_S.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_U.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_W.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoTrash.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBAccess.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBCalc.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBExcel.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBExplorer.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBMediaPlayer.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBNotepad.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBOutlook.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBOutlookExpress.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBPaint.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBPowerPoint.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBSkype.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBWord.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUpdate.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoWeather.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\logo.ico
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\logo.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\overlay.css
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\rssreader_!icoRead.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\rssreader_!icoUnread.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\Search_provider_drop.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\searchProvider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\settings_icon.ico
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\slider.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\spImages.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\spLocal.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\spSearch.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\spShopping.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\spVideo.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\spWiki.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\spYahooBG.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\spYahooBG_small.png
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin\toolbarprotector_icon.ico
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\autocomplete.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\avgapi.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\facebook.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils.xpt
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\notifications.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\sp.js
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\xpavgdatabaseversion.xpt
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\xpavgprogramversion.xpt
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\xpavgsearchratingsconfig.xpt
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\xpavgtbapi.dll
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\xpavgtbapi.xpt
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components\xpavgverdicts.xpt
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\install.rdf
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\xpfunc.dll
c:\program files (x86)\AVG\AVG10\Toolbar.old\Firefox\sp.xml
c:\program files (x86)\AVG\AVG10\Toolbar.old\IE8Lib.dll
c:\program files (x86)\AVG\AVG10\Toolbar.old\IEToolbar.dll
c:\program files (x86)\AVG\AVG10\Toolbar.old\ToolbarBroker.exe
c:\program files (x86)\AVG\AVG10\updatecomps.bak
c:\program files (x86)\AVG\AVG8\fakefile.txt
c:\program files (x86)\AVG\AVG8\upgrader.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 03:50 . 2012-06-01 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 03:09 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04823F02-6D37-4CC1-9DD7-141A7DA73D52}\mpengine.dll
2012-05-30 12:07 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-30 03:17 . 2012-05-30 03:17 -------- d-----w- c:\program files (x86)\ESET
2012-05-22 22:21 . 2012-05-22 22:21 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-22 08:42 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll
2012-05-22 08:42 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-22 08:42 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-22 08:42 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-22 08:42 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-22 08:42 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-22 08:42 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-22 08:42 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-22 08:42 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-22 08:42 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-05-22 08:41 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-22 08:40 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-22 08:18 . 2012-05-22 08:18 -------- d-----w- c:\windows\SysWow64\spool
2012-05-22 08:18 . 2012-05-22 08:18 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-05-22 08:18 . 2012-05-22 08:18 -------- d-----w- c:\program files\Windows Portable Devices
2012-05-22 05:27 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-05-22 05:27 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-05-22 05:27 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-05-22 05:27 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-05-22 05:27 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-05-22 05:27 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-05-22 05:24 . 2009-09-25 01:35 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2012-05-22 05:24 . 2009-09-25 01:33 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2012-05-22 05:21 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2012-05-22 03:22 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-05-22 03:22 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-22 03:22 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-22 03:22 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-05-22 03:22 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-22 03:22 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-22 03:22 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-22 02:44 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-22 02:44 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-22 02:44 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-05-22 02:42 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-22 02:42 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-22 02:42 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2012-05-22 02:40 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-22 02:39 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll
2012-05-22 02:39 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
2012-05-22 02:38 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-22 02:14 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys
2012-05-22 02:14 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\system32\ca-ES
2012-05-22 00:59 . 2012-05-22 01:00 -------- d-----w- c:\windows\system32\eu-ES
2012-05-22 00:59 . 2012-05-22 00:59 -------- d-----w- c:\windows\system32\vi-VN
2012-05-22 00:47 . 2012-05-22 00:47 -------- d-----w- c:\windows\system32\SPReview
2012-05-22 00:00 . 2009-04-11 05:07 3584 ----a-w- c:\windows\system32\drivers\en-US\hdaudbus.sys.mui
2012-05-21 23:59 . 2009-04-11 05:10 56320 ----a-w- c:\windows\system32\compcln.exe
2012-05-21 23:59 . 2009-04-11 05:05 7680 ----a-w- c:\windows\system32\drivers\en-US\bthport.sys.mui
2012-05-21 23:58 . 2009-04-11 05:11 946688 ----a-w- c:\windows\system32\scavenge.dll
2012-05-21 23:56 . 2009-04-11 05:11 16818176 ----a-w- c:\program files\Movie Maker\OmdBase.dll
2012-05-21 23:55 . 2009-04-11 05:11 99328 ----a-w- c:\windows\system32\samlib.dll
2012-05-21 23:54 . 2009-04-11 05:11 1676800 ----a-w- c:\windows\system32\chsbrkr.dll
2012-05-21 23:53 . 2009-04-11 05:11 820224 ----a-w- c:\windows\system32\user32.dll
2012-05-21 23:52 . 2009-04-11 05:11 1673216 ----a-w- c:\windows\system32\WindowsAnytimeUpgradeCPL.dll
2012-05-21 22:03 . 2012-05-21 22:03 -------- d-----w- c:\windows\CheckSur
2012-05-18 21:33 . 2012-05-18 21:33 -------- d-----w- c:\windows\system32\EventProviders
2012-05-15 21:58 . 2012-05-15 21:58 -------- d-----w- c:\users\Staci\AppData\Local\LogMeIn
2012-05-15 21:58 . 2012-05-22 03:09 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-05-15 21:58 . 2012-05-22 03:09 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-15 21:58 . 2012-05-22 03:09 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-15 21:58 . 2011-09-16 19:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-05-15 21:58 . 2012-05-22 03:09 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-15 21:57 . 2012-05-31 13:17 -------- d-----w- c:\programdata\LogMeIn
2012-05-15 21:57 . 2012-05-22 03:12 -------- d-----w- c:\program files (x86)\LogMeIn
2012-05-15 21:53 . 2012-05-15 21:53 -------- d-----w- c:\users\Staci\AppData\Local\Apps
2012-05-15 21:53 . 2012-05-15 21:56 -------- d-----w- c:\users\Staci\AppData\Local\Deployment
2012-05-15 01:10 . 2012-05-15 01:10 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-14 23:02 . 2012-05-14 23:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{146220D7-B8C9-4188-9ED2-FDAD4E3E3B4C}\gapaengine.dll
2012-05-14 22:40 . 2012-05-14 22:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-14 22:40 . 2012-05-14 22:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-14 22:39 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-05-13 17:57 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B93288BA-EE97-41BD-B6EB-7FD94C6AB542}\mpengine.dll
2012-05-13 17:42 . 2012-05-22 22:24 -------- d-----w- C:\Temp
2012-05-13 15:56 . 2012-05-13 15:56 -------- d-----w- c:\users\Staci\AppData\Local\Seven Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-04-04 20:56 . 2011-01-09 04:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 02:38 . 2011-07-03 16:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-12 02:16 . 2010-05-22 15:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-31_02.59.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-05-31 10:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-05-24 10:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-05-24 10:12 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-05-31 10:32 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-05-24 10:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-05-31 10:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-05-31 21:50 70616 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-03 19:47 . 2012-05-31 21:50 18816 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3847604405-247037848-1984472528-1000_UserData.bin
+ 2008-11-18 23:23 . 2012-05-31 21:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-18 23:23 . 2012-05-22 22:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-18 23:23 . 2012-05-22 22:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-18 23:23 . 2012-05-31 21:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-18 23:23 . 2012-05-31 21:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-18 23:23 . 2012-05-22 22:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-31 21:48 . 2012-05-31 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-22 22:00 . 2012-05-22 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-31 21:48 . 2012-05-31 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-22 22:00 . 2012-05-22 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:45 . 2012-05-31 21:50 105160 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-05-31 02:41 688954 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-05-31 21:56 688954 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-05-31 21:56 138646 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-05-31 02:41 138646 c:\windows\system32\perfc009.dat
- 2012-05-22 20:34 . 2012-05-22 21:59 389160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-22 20:34 . 2012-05-31 21:47 389160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-31 04:02 . 2012-05-31 04:02 578984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3847604405-247037848-1984472528-1000-8192.dat
+ 2012-05-31 04:02 . 2012-05-31 04:02 389928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3847604405-247037848-1984472528-1000-12288.dat
+ 2012-05-31 04:02 . 2012-05-31 21:47 3112052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3847604405-247037848-1984472528-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-06-26 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 01:56]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 01:56]
.
2009-11-02 c:\windows\Tasks\HPCeeScheduleForStaci.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-28 03:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\community
TCP: DhcpNameServer = 192.168.100.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files (x86)\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-05-31 22:56:24
ComboFix-quarantined-files.txt 2012-06-01 03:56
ComboFix2.txt 2012-05-31 03:04
.
Pre-Run: 65,875,566,592 bytes free
Post-Run: 65,832,800,256 bytes free
.
- - End Of File - - 088CF3B0DD36E12FDC37DD08BDA28887
__________________
mrmuggyd is offline  
Old 05-31-2012, 09:19 PM   #18
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Amazing that AVG caused all that, isn't it?

The logs are clean, but I'll leave this open until you get back from out of town. Surf the net, try more downloads and let me know if all is still well.

Have a safe trip.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-02-2012, 06:54 PM   #19
Registered Member
 
Join Date: Jun 2009
Location: Iowa
Posts: 108
OS: XP



Ried,
Good evening. I got back in town early and decided to check out the notebook. I don't appear to have any more issues. I'm able to download different items and IE is definitely faster. I don't see any of the issues that we were having earlier in the week.

So thank you for all of your help. Your team should be commended on all of the great work that you do!!!!!

Doug
__________________
mrmuggyd is offline  
Old 06-02-2012, 08:12 PM   #20
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Welcome back. :)

That's great to hear, can thanks for the kind words.

Best wishes to you.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Same Virus Twice... PC slower with Error Messages - AntiVirus or Virus caused this?
I have Vista 32 bit, and my PC was working fine until I downloaded the same virus twice. I was unsure what had caused it the first time as I was downloading numerous things, but I only realised what it was after trying to re-download one of the programmes a second time after the first virus....
StoneWall_ Inactive Malware Help Topics 2 09-02-2011 06:07 PM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
cannot read virus file, some quarantined.
I think Avira has dealt with this but it is unable to read one of the virus files: A0035790.exe So, I am worried this might still be active. Any ideas if everything is clear? Begin scan in 'C:\' C:\Documents and Settings\J\Application Data\Sun\Java\Deployment\cache\6.0\9\7c887a89-25767019 ...
qwertyjjj Resolved HJT Threads 1 03-27-2011 09:39 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 08:22 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts