Hi Truenorth, thanks for your time and help. Much appreciated. Here is the SB log file
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-04-04 Includes\Adware.sbi
2012-09-03 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2011-11-29 Includes\DialerC.sbi
2012-01-31 Includes\HeavyDuty.sbi
2012-06-19 Includes\Hijackers.sbi
2012-07-31 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2012-03-13 Includes\Keyloggers.sbi
2012-03-13 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2012-08-28 Includes\Malware.sbi
2012-09-04 Includes\MalwareC.sbi
2011-02-24 Includes\PUPS.sbi
2012-08-21 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2012-06-19 Includes\Security.sbi
2011-12-13 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2012-09-05 Includes\Spyware.sbi
2012-09-04 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi
2012-09-04 Includes\TrojansC-02.sbi
2012-08-30 Includes\TrojansC-03.sbi
2012-08-28 Includes\TrojansC-04.sbi
2012-08-31 Includes\TrojansC-05.sbi
2012-08-27 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB2572066)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB2604042)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB2656378)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB953295)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB979904)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB2656353)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB2656370)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB979906)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Security Update for Windows Media Player (KB2378111)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB975558)
/ Windows Media Player: Security Update for Windows Media Player (KB978695)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2360131)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2416400)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2482017)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2497640)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2530548)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2544521)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2559049)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2586448)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2618444)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2647516)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2675157)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2699988)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2722913)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB982381)
/ Windows XP / SP10: Security Update for Microsoft Windows (KB2564958)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB2079403)
/ Windows XP / SP4: Security Update for Windows XP (KB2115168)
/ Windows XP / SP4: Security Update for Windows XP (KB2121546)
/ Windows XP / SP4: Update for Windows XP (KB2141007)
/ Windows XP / SP4: Hotfix for Windows XP (KB2158563)
/ Windows XP / SP4: Security Update for Windows XP (KB2229593)
/ Windows XP / SP4: Security Update for Windows XP (KB2259922)
/ Windows XP / SP4: Security Update for Windows XP (KB2279986)
/ Windows XP / SP4: Security Update for Windows XP (KB2286198)
/ Windows XP / SP4: Security Update for Windows XP (KB2296011)
/ Windows XP / SP4: Security Update for Windows XP (KB2296199)
/ Windows XP / SP4: Update for Windows XP (KB2345886)
/ Windows XP / SP4: Security Update for Windows XP (KB2347290)
/ Windows XP / SP4: Security Update for Windows XP (KB2360937)
/ Windows XP / SP4: Security Update for Windows XP (KB2387149)
/ Windows XP / SP4: Security Update for Windows XP (KB2393802)
/ Windows XP / SP4: Security Update for Windows XP (KB2412687)
/ Windows XP / SP4: Security Update for Windows XP (KB2419632)
/ Windows XP / SP4: Security Update for Windows XP (KB2423089)
/ Windows XP / SP4: Security Update for Windows XP (KB2436673)
/ Windows XP / SP4: Security Update for Windows XP (KB2440591)
/ Windows XP / SP4: Security Update for Windows XP (KB2443105)
/ Windows XP / SP4: Hotfix for Windows XP (KB2443685)
/ Windows XP / SP4: Update for Windows XP (KB2467659)
/ Windows XP / SP4: Security Update for Windows XP (KB2476490)
/ Windows XP / SP4: Security Update for Windows XP (KB2476687)
/ Windows XP / SP4: Security Update for Windows XP (KB2478960)
/ Windows XP / SP4: Security Update for Windows XP (KB2478971)
/ Windows XP / SP4: Security Update for Windows XP (KB2479628)
/ Windows XP / SP4: Security Update for Windows XP (KB2481109)
/ Windows XP / SP4: Security Update for Windows XP (KB2483185)
/ Windows XP / SP4: Security Update for Windows XP (KB2485376)
/ Windows XP / SP4: Security Update for Windows XP (KB2485663)
/ Windows XP / SP4: Security Update for Windows XP (KB2491683)
/ Windows XP / SP4: Security Update for Windows XP (KB2503658)
/ Windows XP / SP4: Security Update for Windows XP (KB2503665)
/ Windows XP / SP4: Security Update for Windows XP (KB2506212)
/ Windows XP / SP4: Security Update for Windows XP (KB2506223)
/ Windows XP / SP4: Security Update for Windows XP (KB2507618)
/ Windows XP / SP4: Security Update for Windows XP (KB2507938)
/ Windows XP / SP4: Security Update for Windows XP (KB2508272)
/ Windows XP / SP4: Security Update for Windows XP (KB2508429)
/ Windows XP / SP4: Security Update for Windows XP (KB2509553)
/ Windows XP / SP4: Security Update for Windows XP (KB2510581)
/ Windows XP / SP4: Security Update for Windows XP (KB2511455)
/ Windows XP / SP4: Security Update for Windows XP (KB2524375)
/ Windows XP / SP4: Security Update for Windows XP (KB2535512)
/ Windows XP / SP4: Security Update for Windows XP (KB2536276)
/ Windows XP / SP4: Security Update for Windows XP (KB2536276-v2)
/ Windows XP / SP4: Update for Windows XP (KB2541763)
/ Windows XP / SP4: Security Update for Windows XP (KB2544893)
/ Windows XP / SP4: Security Update for Windows XP (KB2544893-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB2555917)
/ Windows XP / SP4: Security Update for Windows XP (KB2562937)
/ Windows XP / SP4: Security Update for Windows XP (KB2566454)
/ Windows XP / SP4: Security Update for Windows XP (KB2567053)
/ Windows XP / SP4: Security Update for Windows XP (KB2567680)
/ Windows XP / SP4: Security Update for Windows XP (KB2570222)
/ Windows XP / SP4: Hotfix for Windows XP (KB2570791)
/ Windows XP / SP4: Security Update for Windows XP (KB2570947)
/ Windows XP / SP4: Microsoft .NET Framework 1.0 Hotfix (KB2572066)
/ Windows XP / SP4: Security Update for Windows XP (KB2584146)
/ Windows XP / SP4: Security Update for Windows XP (KB2585542)
/ Windows XP / SP4: Security Update for Windows XP (KB2592799)
/ Windows XP / SP4: Security Update for Windows XP (KB2598479)
/ Windows XP / SP4: Security Update for Windows XP (KB2603381)
/ Windows XP / SP4: Microsoft .NET Framework 1.0 Hotfix (KB2604042)
/ Windows XP / SP4: Update for Windows XP (KB2607712)
/ Windows XP / SP4: Update for Windows XP (KB2616676)
/ Windows XP / SP4: Security Update for Windows XP (KB2618451)
/ Windows XP / SP4: Security Update for Windows XP (KB2620712)
/ Windows XP / SP4: Security Update for Windows XP (KB2621440)
/ Windows XP / SP4: Security Update for Windows XP (KB2624667)
/ Windows XP / SP4: Security Update for Windows XP (KB2631813)
/ Windows XP / SP4: Security Update for Windows XP (KB2633171)
/ Windows XP / SP4: Hotfix for Windows XP (KB2633952)
/ Windows XP / SP4: Security Update for Windows XP (KB2639417)
/ Windows XP / SP4: Security Update for Windows XP (KB2641653)
/ Windows XP / SP4: Update for Windows XP (KB2641690)
/ Windows XP / SP4: Security Update for Windows XP (KB2646524)
/ Windows XP / SP4: Security Update for Windows XP (KB2647518)
/ Windows XP / SP4: Security Update for Windows XP (KB2653956)
/ Windows XP / SP4: Security Update for Windows XP (KB2655992)
/ Windows XP / SP4: Microsoft .NET Framework 1.0 Hotfix (KB2656378)
/ Windows XP / SP4: Security Update for Windows XP (KB2659262)
/ Windows XP / SP4: Security Update for Windows XP (KB2660465)
/ Windows XP / SP4: Security Update for Windows XP (KB2661637)
/ Windows XP / SP4: Security Update for Windows XP (KB2676562)
/ Windows XP / SP4: Security Update for Windows XP (KB2685939)
/ Windows XP / SP4: Security Update for Windows XP (KB2686509)
/ Windows XP / SP4: Security Update for Windows XP (KB2691442)
/ Windows XP / SP4: Security Update for Windows XP (KB2695962)
/ Windows XP / SP4: Security Update for Windows XP (KB2698365)
/ Windows XP / SP4: Security Update for Windows XP (KB2705219)
/ Windows XP / SP4: Security Update for Windows XP (KB2707511)
/ Windows XP / SP4: Security Update for Windows XP (KB2709162)
/ Windows XP / SP4: Security Update for Windows XP (KB2712808)
/ Windows XP / SP4: Security Update for Windows XP (KB2718523)
/ Windows XP / SP4: Update for Windows XP (KB2718704)
/ Windows XP / SP4: Security Update for Windows XP (KB2719985)
/ Windows XP / SP4: Security Update for Windows XP (KB2723135)
/ Windows XP / SP4: Security Update for Windows XP (KB2731847)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Hotfix for Windows XP (KB954708)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB961503)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Update for Windows XP (KB971029)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB971961)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975562)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Hotfix for Windows XP (KB976002-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978542)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979482)
/ Windows XP / SP4: Security Update for Windows XP (KB979559)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB979687)
/ Windows XP / SP4: Security Update for Windows XP (KB980195)
/ Windows XP / SP4: Security Update for Windows XP (KB980218)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)
/ Windows XP / SP4: Security Update for Windows XP (KB980436)
/ Windows XP / SP4: Security Update for Windows XP (KB981322)
/ Windows XP / SP4: Security Update for Windows XP (KB981349)
/ Windows XP / SP4: Hotfix for Windows XP (KB981793)
/ Windows XP / SP4: Security Update for Windows XP (KB981852)
/ Windows XP / SP4: Security Update for Windows XP (KB981957)
/ Windows XP / SP4: Security Update for Windows XP (KB981997)
/ Windows XP / SP4: Security Update for Windows XP (KB982132)
/ Windows XP / SP4: Security Update for Windows XP (KB982214)
/ Windows XP / SP4: Security Update for Windows XP (KB982381)
/ Windows XP / SP4: Security Update for Windows XP (KB982665)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 919008
MD5: B63E5C7807334A3A8F731062F15462CC
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A
Located: HK_LM:Run, AlwaysReady Power Message APP
command: ARPWRMSG.EXE
file: C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: B596347A26DC054EBB44EB3BC8E95B0A
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: F7DD2D785280DB73DC9060F80361BEFB
Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 61440
MD5: 242ABD06C109A1871FFA76C1C0DCA136
Located: HK_LM:Run, AVG_TRAY
command: "C:\Program Files\AVG\AVG2012\avgtray.exe"
file: C:\Program Files\AVG\AVG2012\avgtray.exe
size: 2587008
MD5: 80956486306D1F546EDC1DD7FAE87F62
Located: HK_LM:Run, DATAMNGR
command: C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
file: C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
size: 1694608
MD5: D8B3EB0A5B5FDBC1609E4E2B66CE3F93
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
Located: HK_LM:Run, Freecorder FLV Service
command: "C:\Program Files\Freecorder\FLVSrvc.exe" /run
file: C:\Program Files\Freecorder\FLVSrvc.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 30040
MD5: 0E34B7BB1FCF22BCC1E394D16F9E992B
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: FDD4F5F7C4BAD248AB16233A1639C078
Located: HK_LM:Run, HPHUPD08
command: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
file: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
size: 49152
MD5: 4F113169A2DE985D043A5530987AD6D0
Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
Located: HK_LM:Run, KBD
command: C:\HP\KBD\KBD.EXE
file: C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
Located: HK_LM:Run, PS2
command: C:\WINDOWS\system32\ps2.exe
file: C:\WINDOWS\system32\ps2.exe
size: 90112
MD5: FF8CCC86C4E42F59B189BD28D362B599
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F
Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 233472
MD5: 310F1E8A0781887BA1C217448C0E4D48
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 14820864
MD5: 0AF9324D43DF9DF59BB2B0F08223A26C
Located: HK_LM:Run, ServeZip
command: "C:\Program Files\ServeZip\ServeZip.exe" -StartUp
file: C:\Program Files\ServeZip\ServeZip.exe
size: 1731824
MD5: C89AEE9F158C3F04342538A3C163BC49
Located: HK_LM:Run, SpeedTouch USB Diagnostics
command: "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
file: C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
size: 866816
MD5: D40191AA225638AB20E59524CDD74030
Located: HK_LM:Run, TkBellExe
command: "c:\program files\real\realplayer\update\realsched.exe" -osboot
file: c:\program files\real\realplayer\update\realsched.exe
size: 296096
MD5: A73731A0B0A165907799E9AFB461F856
Located: HK_LM:Run, vProt
command: "C:\Program Files\AVG Secure Search\vprot.exe"
file: C:\Program Files\AVG Secure Search\vprot.exe
size: 1107552
MD5: 1AF481FD411221752AA10DAC1A01E5A3
Located: HK_LM:RunOnce, AvgUninstallURL
command: cmd.exe /c start
http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjE0MTI0ODg5LVhPMTArMi1RSVgxKzQtWDIwMTArMi1MSUMrMjItRkwxMCsxLVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCszODkyNi1ERDEwRisxLVNUMTBGQVBQKzE"&"prod=90"&"ver=10.0.1410
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, GrpConv
command: grpconv -o
file: grpconv -o
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA0
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\lines.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\lines.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA1550
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\playBtn.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\playBtn.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA1746
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\se.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\se.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA2349
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\pauseBtn.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\pauseBtn.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA400
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\chooseStation.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\chooseStation.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA4051
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\sv.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\sv.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA4399
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\bg.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\bg.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA5647
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\sa.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\sa.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA5661
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\tr.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\tr.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA6634
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ua.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ua.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA7610
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\rd_strp.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\rd_strp.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA9277
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ru.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ru.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC1216
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\chooseStation.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC1525
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ru.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC1732
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\se.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC2142
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ua.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC2166
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\sv.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC3693
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\pauseBtn.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC463
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\sa.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC4721
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\playBtn.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC6090
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\lines.gif"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC6763
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\rd_strp.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC8600
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\us.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC8912
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\tr.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC919
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ro.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC9858
command: cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\bg.png"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, DAEMON Tools
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
file: C:\Program Files\DAEMON Tools\daemon.exe
size: 167368
MD5: 7FE662041CE93F79DD20BD57BE151B3E
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3872080
MD5: CCEAA8D97341E1335AFC353C03456288
Located: HK_CU:Run, NBJ
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
file: C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
size: 1871872
MD5: 829A54E0D5B6F619B784D727454D692B
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:RunOnce, SpybotDeletingB1056
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\fr.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\fr.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB1437
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\chooseStation.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\chooseStation.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB1692
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\jp.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\jp.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB191
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\no.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\no.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2251
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\logo.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\logo.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2341
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\radio.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\radio.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2397
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\icon_seperator.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\icon_seperator.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2526
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\cn.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\cn.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2584
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\it.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\it.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2589
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\chrome.manifest"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\chrome.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2607
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\logo.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\logo.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2612
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\translate.PNG"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\translate.PNG"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2814
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\toolbar_icons_games.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\toolbar_icons_games.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB2964
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\install.rdf"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\install.rdf"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3014
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\rd_strp.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\rd_strp.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3286
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\home.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\home.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3441
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\bbyln.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\bbyln.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3447
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ua.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ua.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3504
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\es.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\es.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3505
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\specialoffer.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\specialoffer.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3559
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\bg.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\bg.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3665
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\cz.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\cz.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3786
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\babylon.css"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\babylon.css"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB3960
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\babylon.xul"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\babylon.xul"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB4050
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ro.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ro.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB4512
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\arwDwn.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\arwDwn.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB4826
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\lines.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\mnRadio\lines.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5336
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\tellafriend.gif"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\tellafriend.gif"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5569
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\toolbarIcons_casino.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\toolbarIcons_casino.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5787
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ch.png"
file: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\flgs\ch.png"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5820
where: S-1-5-21-1599043371-477627393-4007624765-1007...
command: command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e1bhlq0b.default\extensions\
[email protected]\content\imgs\claro.png"
file: command.com /c del "C:\Documents and Settings\HP_A