Jump to content


Photo

Ad-Aware hangs!


  • This topic is locked This topic is locked
35 replies to this topic

#1 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 04 February 2010 - 03:32 AM

To start, it helps to read the original topic: http://www.lavasofts...showtopic=28446

I was directed here to post some logs and a HijackThis log. But first, I did a little alteration of my scan routines. This time I had the Ad-Aware window hidden such that I'd need the tray icon to open it. When it identified infections, it alerted me and I tried to run it, but the main program refused to open so I could view the infections. It instead said it crashed and wanted to send an error report to LavaSoft (which of course it DIDN'T do). SO basically what I'm having problems with is getting Ad-Aware to work so I can deal with the detected malware files. It will hang on smart scan and full scan, no exceptions so far.

Certainly something is in there that's making Ad-Aware act up like this. And BTW, this is an upgrade to 8.1.4 from Ad-Aware 2008 as an "overtop" install. I'd like to remove the infections first and see if Ad-Aware works properly after that first before I try a raw clean install.

The Ad-Aware scan logs are showing me a lot of "Not In Idle State" messages when I try to view the infections that it picked up.

Now I've attached the log files. Have a look.

Attached Files



#2 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 21 February 2010 - 02:45 AM

Hey Avanguard,

Welcome to Lavasoft Support Forum! I'm Ltangelic and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. :)

Unfortunately, HijackThis is no longer enough to tackle the current infections. We need to run some more tools to scan deeper.

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under custom scans copy and paste the followingnetsvcs
    %SYSTEMDRIVE%\*.exe
    %ProgramFiles%\Movie Maker\*.dll
    %ALLUSERSAPPDATA%\*.dll
    %SYSTEMROOT%\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dll
    %DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
    %systemroot%\system32\*.dll /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    c:\$recycle.bin\*.* /s
    CREATERESTOREPOINT
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Lavasoft Volunteer Security Advisor




#3 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 23 February 2010 - 04:51 PM

Hey Avanguard,

Welcome to Lavasoft Support Forum! I'm Ltangelic and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. :)

Unfortunately, HijackThis is no longer enough to tackle the current infections. We need to run some more tools to scan deeper.

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under custom scans copy and paste the followingnetsvcs
    %SYSTEMDRIVE%\*.exe
    %ProgramFiles%\Movie Maker\*.dll
    %ALLUSERSAPPDATA%\*.dll
    %SYSTEMROOT%\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dll
    %DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
    %systemroot%\system32\*.dll /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    c:\$recycle.bin\*.* /s
    CREATERESTOREPOINT
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post


Two of the custom scan strings were labled as invalid by OST. They were "%allusersappdata", and "%DriveLetter%".

But anyway, here's the log. Sorry it took so long to get it, I had to take it off the internet and get it cleaned up a little (programs mostly) by another family member. Told them to not muck with it until I could fix the problem it was having.

Attached Files

  • Attached File  OTS.Txt   201.34KB   270 downloads


#4 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 25 February 2010 - 01:58 PM

Hey Avanguard,

Apologies for the delay, I was busy yesterday.

I am so sorry but could you post the log on here instead of attaching? The log isn't readable when it's attached. If you need to, you can post in multiple posts.

Thanks so much. :wub:
Lavasoft Volunteer Security Advisor




#5 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 28 February 2010 - 03:10 AM



#6 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 28 February 2010 - 12:34 PM

Hey Avanguard,

I don't see much in your log, let's run some scans shall we? ;)

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Avira AntiVir and Spybot Teatimer) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

1) Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

2) Run Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next reply (please include in your post):

ComboFix.txt
MBAM scan log
Lavasoft Volunteer Security Advisor




#7 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 01 March 2010 - 04:06 AM

I'll go a bit farther. This generated an extra report log. It will be included in case it means anything. ComboFix did quarantine some items though (like sndrec32.exe) and disabled certain sound functions of my ISP client.

It also kept saying my antivir guard was enabled even though its tray icon and status said it wasn't.

~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 10-02-27.04 - MarkMcCloud 02/28/2010 20:09:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.389 [GMT -5:00]
Running from: h:\documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG309.tmp
C:\LOG30C.tmp
C:\LOG30E.tmp
C:\LOG30F.tmp
C:\LOG38.tmp
C:\LOG5.tmp
c:\recycler\NPROTECT
C:\Thumbs.db
c:\winnt\Downloaded Program Files\popcaploader.inf
c:\winnt\sndrec32.exe
c:\winnt\system32\SHELLLNK.TLB
c:\winnt\system32\Vb40032.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLAYERGATEWAYMGR


((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-02-17 13:50 . 2010-02-17 13:50 -------- dc----w- c:\documents and settings\SusanCheetah\Application Data\AdobeUM
2010-02-16 19:49 . 2010-02-16 19:49 -------- dc----w- c:\documents and settings\SusanCheetah\Local Settings\Application Data\Adobe
2010-02-16 19:00 . 2010-02-16 19:00 -------- dc----w- c:\documents and settings\SusanCheetah\Local Settings\Application Data\Apple Computer
2010-02-16 14:40 . 2010-02-16 14:40 50 -c--a-w- c:\winnt\system32\bridf06a.dat
2010-02-16 14:38 . 2006-02-24 22:27 1492480 -c--a-w- c:\winnt\system32\BrWia06a.dll
2010-02-16 14:38 . 2005-12-13 15:53 38912 -c--a-w- c:\winnt\system32\BrUsi06a.dll
2010-02-16 14:38 . 2004-10-15 17:50 15295 -c--a-w- c:\winnt\system32\drivers\BrScnUsb.sys
2010-02-16 14:38 . 2006-02-16 23:49 52736 -c--a-w- c:\winnt\system32\brinsstr.dll
2010-02-16 14:37 . 2005-06-02 06:09 86016 -c--a-w- c:\winnt\system32\BrWebIns.dll
2010-02-16 14:37 . 2005-06-02 06:08 69632 -c--a-w- c:\winnt\system32\BRWEBUP.EXE
2010-02-16 14:37 . 2004-12-03 06:26 188416 -c--a-w- c:\winnt\system32\PDRVINST.DLL
2010-02-16 14:37 . 2006-01-17 06:03 126976 -c--a-w- c:\winnt\system32\BrfxD05a.dll
2010-02-16 14:37 . 2003-11-28 23:57 0 -c--a-w- c:\winnt\brdfxspd.dat
2010-02-16 14:37 . 2010-02-16 14:38 -------- dc----w- c:\program files\Brother
2010-02-16 14:37 . 2004-12-10 21:35 147456 -c--a-w- c:\winnt\brunin03.dll
2010-02-16 14:35 . 2010-02-16 14:35 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\program files\Common Files\ScanSoft Shared
2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\program files\ScanSoft
2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-02-16 14:33 . 2010-02-16 14:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Brother
2010-02-16 10:42 . 2010-02-16 10:42 -------- dc----w- c:\documents and settings\SusanCheetah\Application Data\Windows Search
2010-02-15 23:03 . 2010-02-15 23:03 -------- dcsh--w- c:\documents and settings\SusanCheetah\IETldCache
2010-02-15 23:00 . 2008-04-13 19:45 32128 -c--a-w- c:\winnt\system32\drivers\usbccgp.sys
2010-02-15 23:00 . 2008-04-13 19:45 32128 -c--a-w- c:\winnt\system32\dllcache\usbccgp.sys
2010-02-15 12:12 . 2010-02-15 12:12 -------- dc----w- c:\program files\Trillian
2010-02-11 12:11 . 2010-02-11 12:11 -------- dc----w- c:\documents and settings\Owner\Application Data\fofix
2010-01-30 16:15 . 2009-12-02 13:19 64288 -c--a-w- c:\winnt\system32\drivers\Lbd.sys
2010-01-30 16:15 . 2010-02-16 14:38 -------- dc----w- c:\winnt\system32\DRVSTORE
2010-01-30 16:13 . 2010-01-30 16:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 01:19 . 2004-07-15 10:49 -------- dc----w- c:\program files\wmconnect
2010-02-16 14:37 . 2004-04-15 15:36 -------- dc----w- c:\program files\Common Files\InstallShield
2010-02-16 14:37 . 2004-04-15 15:36 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-02-15 21:41 . 2009-04-01 08:06 -------- dc----w- c:\program files\Windows Live
2010-02-15 21:06 . 2008-08-20 00:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2010-02-15 11:59 . 2004-08-12 17:56 -------- dc----w- c:\program files\Mozilla Thunderbird
2010-02-15 09:23 . 2004-07-15 08:53 -------- dc----w- c:\program files\GetRight
2010-02-15 08:37 . 2004-07-15 08:46 -------- dc----w- c:\program files\mIRC
2010-02-14 18:52 . 2006-11-29 07:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2010-02-14 18:43 . 2004-10-16 01:14 -------- dc----w- c:\program files\Google
2010-02-14 18:36 . 2004-07-20 09:16 -------- dc----w- c:\program files\Audacity
2010-02-14 04:39 . 2004-07-15 08:49 -------- dc----w- c:\program files\Semagic
2010-01-30 16:12 . 2004-07-15 23:25 -------- dc----w- c:\program files\Lavasoft
2010-01-30 16:12 . 2007-11-17 09:45 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 12:48 . 2004-08-06 01:53 -------- dc----w- c:\program files\Common Files\Java
2010-01-28 12:47 . 2004-08-06 02:15 -------- dc----w- c:\program files\Java
2010-01-26 03:11 . 2008-07-01 16:14 -------- dc----w- c:\program files\Microsoft Silverlight
2010-01-26 03:10 . 2010-01-26 03:10 532360 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-24 07:06 . 2010-01-24 07:06 -------- dc----w- c:\documents and settings\Owner\Application Data\IObit
2010-01-23 07:10 . 2009-02-05 00:48 -------- dc----w- c:\program files\Microsoft
2010-01-20 12:26 . 2005-10-30 12:24 12288 -csha-w- c:\program files\Thumbs.db
2010-01-20 12:08 . 2008-03-12 19:21 -------- dc----w- c:\program files\MozBackup
2009-12-24 16:07 . 2004-08-11 17:37 45632 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 19:14 . 2006-04-28 14:58 916480 -c--a-w- c:\winnt\system32\wininet.dll
2009-12-17 22:14 . 2008-12-02 00:46 411368 -c--a-w- c:\winnt\system32\deploytk.dll
2009-12-16 07:00 . 2009-05-12 14:27 56816 ----a-w- c:\winnt\system32\drivers\avgntflt.sys
2005-10-05 21:45 . 2005-10-05 21:45 21 -c--a-w- c:\program files\AVPersonalAVWIN.INI
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-07 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2005-06-21 126976]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2005-01-23 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\winnt\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\winnt\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]
backup=c:\winnt\pss\Hawking Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\winnt\pss\Kodak EasyShare software.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
backup=c:\winnt\pss\KODAK Picture Transfer Software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\winnt\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wal-Mart Connect Tray Icon.lnk]
backup=c:\winnt\pss\Wal-Mart Connect Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\winnt\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\winnt\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]
backup=c:\winnt\pss\ZoneAlarm Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PhoneBOT Tray Icon.lnk]
backup=c:\winnt\pss\PhoneBOT Tray Icon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=c:\winnt\pss\YouTube Uploader.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StarSkin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\strto
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2003-03-26 17:15 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-08-10 15:37 61440 -c--a-w- c:\progra~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-03-28 20:48 622592 -c--a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-04-10 19:58 61440 -c--a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2004-02-23 08:16 144896 -c--a-w- c:\program files\AIM\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
2002-12-12 04:14 46592 -c--a-w- c:\winnt\system32\dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-02 10:21 133104 -c--atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 16:36 155648 -c--a-w- c:\winnt\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 -c----w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 03:13 385024 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-05-08 19:26 208941 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 23:02 49152 -c--a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 15:22 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-06-04 02:05 32881 -c--a-w- c:\program files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-05-08 19:26 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 -c--a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PhoneBOTService"=2 (0x2)
"NPFMntor"=2 (0x2)
"navapsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"SharedAccess"=2 (0x2)
"wscsvc"=2 (0x2)
"CiSvc"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [1/30/2010 11:15 AM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/12/2009 9:27 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
R2 PackethSvc;Virtual NIC Service;c:\winnt\system32\PackethSvc.exe [7/15/2004 5:51 AM 64512]
R2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [6/3/2006 11:36 AM 36864]
S1 ntiomin;ntiomin; [x]
S1 rxp;rxp;\??\c:\winnt\system32\drivers\rxp.sys --> c:\winnt\system32\drivers\rxp.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\winnt\system32\drivers\BRGSp50.sys [7/24/2007 4:59 PM 20608]
S3 dsiarhwprog;dsiarhwprog;c:\winnt\system32\drivers\dsiarhwprog.sys [12/30/2009 5:49 PM 29184]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 VtcDrv;Philips SA60xx Recovery Device;c:\winnt\system32\drivers\vtcdrv.sys [12/29/2007 5:17 PM 18560]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\winnt\system32\drivers\ZD1211BU.sys [7/24/2007 4:59 PM 402432]
.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2009-02-09 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 10:21]
.
.
------- Supplementary Scan -------
.
uStart Page = www.gateway.net/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Block This Image (ABP) - e:\program files\Adblock Pro\blockimg.html
IE: &Download All with FlashGet - e:\hard drive\Program Files\FlashGet\jc_all.htm
IE: &Download with FlashGet - e:\hard drive\Program Files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Semagic - c:\program files\Semagic\link.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: adobe.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://i.grab.com/media/3ef815/games/files/663/popcaploader_v6.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.livejournal.com/users/markmccloud/friends/
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LogonStudio - e:\hard drive\Program Files\WinCustomize\LogonStudio\logonstudio.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-DivXOP - c:\program files\TGTSoft\StyleXP\StyleXP.exe
MSConfigStartUp-ImpulseFastStart - e:\program files\Stardock\Impulse\Impulse.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~2.DLL
MSConfigStartUp-spc_w - c:\program files\NZSearch\nzspc.exe
AddRemove-Adblock Pro - e:\program files\Adblock Pro\uninst.exe
AddRemove-Adobe Photoshop 7.0 - e:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-Birth of the Federation version 1.0.2 - e:\program files\botf\Uninst.isu
AddRemove-EvilLyrics - e:\hard drive\Program Files\EvilLyrics\uninst.exe
AddRemove-FlashGet - e:\hard drive\Program Files\FlashGet\uninst.exe
AddRemove-HijackThis - e:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-ITM 99 - e:\hard drive\program files\Technical Manual 99\UninstITM.isu
AddRemove-LogonStudio - e:\harddr~1\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE
AddRemove-Mobile Music Polyphonic - c:\program files\MobileMusic\Mobile Music Polyphonic\Uninst.isu
AddRemove-MozBackup 1.4_is1 - c:\program files\MozBackup 1.4\unins000.exe
AddRemove-MPMP v2.0 Alpha and Fed Pack 1 Install - c:\winnt\unvise32.exe
AddRemove-Orion RC2 - c:\windows\Resources\Themes\Orion\Uninstal.exe
AddRemove-Picasa 3 - e:\program files\Google\Picasa3\Uninstall.exe
AddRemove-ResEdit - c:\program files\TGTSoft\ResEdit\ResEdit-uninstall.exe
AddRemove-SLAMRMO - c:\winnt\Modio\SLAMR2KO\Setup.exe
AddRemove-Smart Defrag_is1 - e:\program files\IObit\IObit SmartDefrag\unins000.exe
AddRemove-Themexp.org File - c:\progra~1\themexp\THEMEX~1.ORG\UNWISE.EXE
AddRemove-VisiPics_is1 - e:\program files\VisiPics\unins000.exe
AddRemove-Visual Task Tips - e:\program files\Windows XP Enhancements\VisualTaskTips\uninst.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xtvwic1r.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 20:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINNT\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINNT\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINNT\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINNT\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINNT\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINNT\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINNT\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINNT\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINNT\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINNT\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINNT\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINNT\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINNT\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINNT\\system32\\syncui.dll,0"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="shell32.dll,220"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\Common Files\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(2892)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\winnt\System32\DRIVERS\dcfssvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\wanmpsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\winnt\system32\SearchIndexer.exe
c:\program files\Common Files\Stardock\SDMCP.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-02-28 21:02:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-01 02:02

Pre-Run: 23,344,123,904 bytes free
Post-Run: 24,299,372,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - BC70403284DE08701410A9638817FEA6

~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware 1.44
Database version: 3808
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/28/2010 9:47:31 PM
mbam-log-2010-02-28 (21-47-31).txt

Scan type: Quick Scan
Objects scanned: 150988
Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02dca195-602b-4b1f-83ff-381b7e804bdb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02dca195-602b-4b1f-83ff-381b7e804bdb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\HDBHO.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

~~~~~~~~~~~~~~~~~~~~~~~~~~

2010-03-01 02:00:37 . 2010-03-01 02:00:37 1,068 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29}.reg.dat
2010-03-01 02:00:37 . 2010-03-01 02:00:37 1,132 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9}.reg.dat
2010-03-01 02:00:37 . 2010-03-01 02:00:37 1,522 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Winamp Toolbar for Firefox.reg.dat
2010-03-01 02:00:37 . 2010-03-01 02:00:37 934 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Visual Task Tips.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 1,246 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-VisiPics_is1.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 572 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Themexp.org File.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 2,130 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Smart Defrag_is1.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 776 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-SLAMRMO.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 496 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ResEdit.reg.dat
2010-03-01 02:00:35 . 2010-03-01 02:00:35 928 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Picasa 3.reg.dat
2010-03-01 02:00:35 . 2010-03-01 02:00:35 454 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Orion RC2.reg.dat
2010-03-01 02:00:35 . 2010-03-01 02:00:35 728 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-MPMP v2.0 Alpha and Fed Pack 1 Install.reg.dat
2010-03-01 02:00:35 . 2010-03-01 02:00:35 1,748 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-MozBackup 1.4_is1.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 602 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Mobile Music Polyphonic.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 580 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-LogonStudio.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 530 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ITM 99.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 878 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-HijackThis.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 838 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-FlashGet.reg.dat
2010-03-01 02:00:33 . 2010-03-01 02:00:33 470 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-EvilLyrics.reg.dat
2010-03-01 02:00:33 . 2010-03-01 02:00:33 484 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Birth of the Federation version 1.0.2.reg.dat
2010-03-01 02:00:33 . 2010-03-01 02:00:33 1,958 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Photoshop 7.0.reg.dat
2010-03-01 02:00:33 . 2010-03-01 02:00:33 702 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adblock Pro.reg.dat
2010-03-01 01:59:23 . 2010-03-01 01:59:23 580 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-spc_w.reg.dat
2010-03-01 01:59:23 . 2010-03-01 01:59:23 646 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-New.reg.dat
2010-03-01 01:59:22 . 2010-03-01 01:59:22 642 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ImpulseFastStart.reg.dat
2010-03-01 01:59:21 . 2010-03-01 01:59:21 604 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DivXOP.reg.dat
2010-03-01 01:59:21 . 2010-03-01 01:59:21 622 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Aim6.reg.dat
2010-03-01 01:58:53 . 2010-03-01 01:58:53 183 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-LogonStudio.reg.dat
2010-03-01 01:17:49 . 2010-03-01 01:17:49 916 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_APPLAYERGATEWAYMGR.reg.dat
2010-03-01 01:17:08 . 2010-03-01 01:17:08 8,967 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-02-28 23:11:40 . 2010-02-28 23:11:40 51 -c--a-w- C:\Qoobox\Quarantine\catchme.log
2008-03-05 02:30:45 . 2008-03-05 02:30:45 6,144 -c--a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2007-12-17 12:37:52 . 2007-12-17 12:37:52 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG38.tmp.vir
2007-12-16 20:58:22 . 2007-12-16 20:58:22 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG5.tmp.vir
2007-12-15 17:36:33 . 2007-12-15 17:36:33 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG30F.tmp.vir
2007-12-15 09:52:41 . 2007-12-15 09:52:41 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG30E.tmp.vir
2007-12-15 09:44:05 . 2007-12-15 09:44:05 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG30C.tmp.vir
2007-12-15 09:10:20 . 2007-12-15 09:10:20 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG309.tmp.vir
2004-08-18 19:47:58 . 2004-08-18 19:47:58 241 -c--a-w- C:\Qoobox\Quarantine\C\WINNT\Downloaded Program Files\popcaploader.inf.vir
2003-05-16 16:25:12 . 2002-08-29 12:00:00 124,416 -c--a-w- C:\Qoobox\Quarantine\C\WINNT\sndrec32.exe.vir
2001-11-29 16:57:16 . 2001-11-29 16:57:16 6,114 -c--a-w- C:\Qoobox\Quarantine\C\WINNT\system32\SHELLLNK.TLB.vir
2000-01-05 18:52:10 . 2000-01-05 18:52:10 722,192 -c--a-w- C:\Qoobox\Quarantine\C\WINNT\system32\Vb40032.dll.vir

Edited by Avanguard, 01 March 2010 - 04:19 AM.


#8 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 02 March 2010 - 03:04 PM

Hey Avanguard,

Apologies for the delay, I had internet connection problems today. I'll get back with a fix by tomorrow, thank you for your patience. :rolleyes:
Lavasoft Volunteer Security Advisor




#9 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 03 March 2010 - 11:35 AM

Hey Avanguard,

Strange that the sound functions from your ISP is disabled. Can you try contacting your ISP to rectify it? I highly doubt it's caused by the tools we ran.

I don't see much in your log, we'll do some more scans and check on some files. :lol:

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Avira AntiVir and Spybot Teatimer) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

1) Upload file for analysis

To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and close My Computer.
  • Now your computer is configured to show all hidden files.
NEXT
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\winnt\brunin03.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
2) Run scan with Dr Web

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow http://perplexus.gee...green_arrow.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

3) Run Kaspersky Webscanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Make sure the C:\Program Files\JAVA folder is removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")
THEN

Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Next reply (please include in your post):

Virscan report
Dr Web log
Kaspersky scan log
Lavasoft Volunteer Security Advisor




#10 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 06 March 2010 - 09:10 AM

The Kaspersky took the most time. 56k internet connections don't blend well with online virus scans. Logs will follow and may take more than one post, starting with the fresh OTS.

~~~~~~~~~~
OTS

OTS logfile created on: 3/6/2010 2:29:10 AM - Run 2
OTS by OldTimer - Version 3.1.22.1 Folder = H:\Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 22.41 Gb Free Space | 60.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 988.73 Mb Total Space | 924.25 Mb Free Space | 93.48% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: LYNDIS
Current User Name: MarkMcCloud
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
scanningprocess.exe -> C:\Documents and Settings\Owner\Local Settings\temp\jkos-MarkMcCloud\binaries\ScanningProcess.exe -> [2010/03/05 05:22:39 | 000,139,264 | ---- | M] (Kaspersky Lab.)
ots.exe -> H:\Documents\Downloads\OTS.exe -> [2010/02/23 06:37:44 | 000,632,832 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/01/30 22:33:04 | 001,181,328 | ---- | M] (Lavasoft)
jusched.exe -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/12/22 12:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\Program Files\Java\jre6\bin\java.exe -> [2009/12/17 17:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/09/11 21:12:57 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/06/27 03:12:26 | 000,108,289 | ---- | M] (Avira GmbH)
sansadispatch.exe -> C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe -> [2009/04/07 18:37:15 | 000,079,872 | ---- | M] (SanDisk Corporation)
rbroker.exe -> C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe -> [2009/04/01 11:53:08 | 000,107,008 | ---- | M] ()
wlidsvc.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE -> [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
mushclient.exe -> C:\Program Files\MUSHclient\mushclient.exe -> [2009/02/22 21:13:26 | 002,605,056 | ---- | M] (Gammon Software Solutions)
getright.exe -> C:\Program Files\GetRight\GetRight.exe -> [2008/06/23 13:50:46 | 004,694,296 | ---- | M] (Headlight Software, Inc.)
slrundll.exe -> C:\WINNT\system32\slrundll.exe -> [2008/04/13 19:12:35 | 000,032,866 | ---- | M] (Smart Link)
explorer.exe -> C:\WINNT\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
hkcmd.exe -> C:\WINNT\system32\hkcmd.exe -> [2005/06/21 15:44:34 | 000,126,976 | ---- | M] (Intel Corporation)
sdmcp.exe -> C:\Program Files\Common Files\Stardock\SDMCP.exe -> [2005/05/10 12:31:22 | 000,241,664 | ---- | M] (Stardock)
slserv.exe -> C:\WINNT\system32\slserv.exe -> [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link)
wanmpsvc.exe -> C:\WINNT\wanmpsvc.exe -> [2003/04/02 13:09:44 | 000,065,536 | ---- | M] (America Online, Inc.)
simplemu.exe -> C:\Program Files\simplemu\SimpleMU.exe -> [2002/12/08 15:48:50 | 000,824,832 | ---- | M] (Kathleen MacMahon)
unsecapp.exe -> C:\WINNT\system32\wbem\unsecapp.exe -> [2002/08/29 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation)
wwm.exe -> C:\Program Files\wmconnect\wwm.exe -> [2001/10/26 14:18:10 | 000,151,615 | ---- | M] (America Online, Inc.)
packethsvc.exe -> C:\WINNT\system32\PackethSvc.exe -> [2001/08/09 14:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.)
dcfssvc.exe -> C:\WINNT\system32\drivers\dcfssvc.exe -> [2001/06/11 10:59:04 | 000,159,806 | ---- | M] (Eastman Kodak Company)
ptssvc.exe -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [2001/01/31 16:41:32 | 000,036,864 | ---- | M] ()

[Modules - Safe List]
ots.exe -> H:\Documents\Downloads\OTS.exe -> [2010/02/23 06:37:44 | 000,632,832 | ---- | M] (OldTimer Tools)
serwvdrv.dll -> C:\WINNT\system32\serwvdrv.dll -> [2002/08/29 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINNT\system32\umdmxfrm.dll -> [2002/08/29 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/01/30 22:33:04 | 001,181,328 | ---- | M] (Lavasoft)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/09/11 21:12:57 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/06/27 03:12:26 | 000,108,289 | ---- | M] (Avira GmbH)
(wlidsvc) Windows Live ID Sign-in Assistant [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [Disabled | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/04/07 18:16:26 | 000,136,120 | ---- | M] (Google)
(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -> [2005/08/07 07:38:11 | 000,068,096 | ---- | M] ()
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation)
(SLService) SmartLinkService [Auto | Running] -> C:\WINNT\System32\slserv.exe -> [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINNT\wanmpsvc.exe -> [2003/04/02 13:09:44 | 000,065,536 | ---- | M] (America Online, Inc.)
(NetSvc) Intel NCS NetService [On_Demand | Stopped] -> C:\Program Files\Intel\NCS\Sync\NetSvc.exe -> [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation)
(PackethSvc) Virtual NIC Service [Auto | Running] -> C:\WINNT\system32\PackethSvc.exe -> [2001/08/09 14:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.)
(Dcfssvc) Dcfssvc [Auto | Running] -> C:\WINNT\system32\drivers\dcfssvc.exe -> [2001/06/11 10:59:04 | 000,159,806 | ---- | M] (Eastman Kodak Company)
(ptssvc) ptssvc [Auto | Running] -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [2001/01/31 16:41:32 | 000,036,864 | ---- | M] ()

[Driver Services - Safe List]
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINNT\system32\drivers\avgntflt.sys -> [2009/12/16 02:00:35 | 000,056,816 | ---- | M] (Avira GmbH)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINNT\system32\DRIVERS\Lbd.sys -> [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB)
(ssmdrv) ssmdrv [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ssmdrv.sys -> [2009/06/27 03:12:26 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINNT\system32\drivers\avipbb.sys -> [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\PxHelp20.sys -> [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\alcxwdm.sys -> [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.)
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\tmcomm.sys -> [2008/04/23 23:46:41 | 000,102,664 | ---- | M] (Trend Micro Inc.)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(VtcDrv) Philips SA60xx Recovery Device [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\vtcdrv.sys -> [2007/07/07 10:58:50 | 000,018,560 | ---- | M] (Windows ® Codename Longhorn DDK provider)
(dsiarhwprog) dsiarhwprog [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\dsiarhwprog.sys -> [2007/02/08 08:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINNT\system32\drivers\cdralw2k.sys -> [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions)
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINNT\system32\drivers\cdr4_xp.sys -> [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions)
(xnacc) Microsoft Common Controller For Windows Driver Service [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\xnacc.sys -> [2006/06/01 14:15:20 | 000,509,440 | ---- | M] (Microsoft Corporation)
(ZD1211BU(Hawking)) Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ZD1211BU.sys -> [2005/10/28 10:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation)
(BRGSp50) BRGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\BRGSp50.sys -> [2005/06/08 17:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\e100b325.sys -> [2005/03/04 08:10:38 | 000,157,696 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\ialmnt5.sys -> [2005/01/23 12:05:06 | 000,804,317 | ---- | M] (Intel Corporation)
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\Entech.sys -> [2004/10/25 19:02:00 | 000,021,664 | ---- | M] (EnTech Taiwan)
(ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ZDPSp50.sys -> [2004/10/25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\BrScnUsb.sys -> [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\nv4_mini.sys -> [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slntamr.sys -> [2004/04/01 07:56:00 | 000,404,990 | ---- | M] (Smart Link)
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\mtlmnt5.sys -> [2004/04/01 07:56:00 | 000,126,686 | ---- | M] (Smart Link)
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ntmtlfax.sys -> [2004/01/28 15:37:46 | 000,180,360 | ---- | M] (Smart Link)
(SlNtHal) SlNtHal [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slnthal.sys -> [2004/01/28 15:26:28 | 000,095,424 | ---- | M] (Smart Link)
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\mtlstrm.sys -> [2004/01/28 14:46:22 | 001,309,184 | ---- | M] (Smart Link)
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slwdmsup.sys -> [2004/01/28 14:20:44 | 000,013,240 | ---- | M] (Smart Link)
(RecAgent) RecAgent [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\RecAgent.sys -> [2004/01/13 15:03:30 | 000,013,776 | ---- | M] (Smart Link)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ialmsbw.sys -> [2003/11/20 08:26:00 | 000,122,110 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ialmkchw.sys -> [2003/11/20 08:26:00 | 000,099,002 | ---- | M] (Intel Corporation)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\wanatw4.sys -> [2003/04/02 13:03:30 | 000,033,588 | ---- | M] (America Online, Inc.)
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\Dvd_2k.sys -> [2003/03/26 12:17:14 | 000,025,930 | ---- | M] (Roxio)
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\Mmc_2k.sys -> [2003/03/26 12:17:12 | 000,030,662 | ---- | M] (Roxio)
(pwd_2k) pwd_2k [Kernel | System | Running] -> C:\WINNT\system32\drivers\pwd_2K.sys -> [2003/03/26 12:17:10 | 000,144,250 | ---- | M] (Roxio)
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\WINNT\system32\drivers\udfreadr_xp.sys -> [2003/03/26 12:15:28 | 000,206,464 | ---- | M] (Roxio)
(cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\WINNT\system32\drivers\cdudf_xp.sys -> [2003/03/26 12:15:02 | 000,241,280 | ---- | M] (Roxio)
(iaStor) Intel Integrated RAID [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
(DCamUSBSQTECH) Dual-Mode DSC(2770) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\SQCaptur.sys -> [2003/01/10 09:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\ptilink.sys -> [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ultra) ultra [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ac97intc.sys -> [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation)
(wandrv) WAN Network Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\wandrv.sys -> [2001/08/09 16:26:02 | 000,022,608 | ---- | M] (America Online, Inc.)
(Exportit) Exportit [Kernel | System | Stopped] -> C:\WINNT\system32\drivers\ExportIt.sys -> [2001/05/10 08:00:00 | 000,124,960 | ---- | M] (Eastman Kodak Company)
(DcPTP) %DcPTP.SvcDesc% [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcPtp.sys -> [2001/04/20 07:58:56 | 000,055,248 | ---- | M] (Eastman Kodak Company)
(DCFS2k) DCFS2k [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\DCFS2k.sys -> [2001/03/30 14:25:30 | 000,032,960 | ---- | M] (Eastman Kodak Company)
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> C:\WINNT\system32\drivers\DcCam.sys -> [2001/03/30 06:35:46 | 000,034,144 | ---- | M] (Eastman Kodak Company)
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcFpoint.sys -> [2001/01/17 08:44:06 | 000,061,872 | ---- | M] (Eastman Kodak Company)
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcLps.sys -> [2001/01/17 08:43:54 | 000,008,304 | ---- | M] (Eastman Kodak Company)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: Main\\"Start Page" -> www.gateway.net/ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\xksmcbvj.default\prefs.js ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.livejourn...cloud/friends/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 ->
extensions.enabledItems -> elemhidehelper@adblockplus.org:1.0.6 ->
extensions.enabledItems -> chromeditplus@webdesigns.ms11.net:2.8.8 ->
extensions.enabledItems -> max@subfighter.com:1.0.3 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50 ->
extensions.enabledItems -> paypalfirefoxplugin@orbiscom:2.2.26.0 ->
extensions.enabledItems -> {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.7 ->
extensions.enabledItems -> foxmarks@kei.com:3.4.10 ->
extensions.enabledItems -> {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.3 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
extensions.enabledItems -> {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87 ->
network.proxy.socks_version -> 4 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\xksmcbvj.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom -> C:\Program Files\PayPal\PayPal Plug-In [C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN] -> [2009/06/16 06:52:43 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/20 18:11:30 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/01/20 18:10:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions -> ->
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/01/22 18:25:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS ->
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2010/01/20 19:28:41 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/01/20 19:28:41 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions -> [2010/03/05 04:16:11 | 000,000,000 | ---D | M]
Vista-aero -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} -> [2010/01/20 23:06:20 | 000,000,000 | ---D | M]
Ex Aequo -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{11e842b0-5653-11db-b0de-0800200c9a66}(2) -> [2010/01/25 21:02:39 | 000,000,000 | ---D | M]
FlashGot -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2) -> [2010/01/25 21:02:40 | 000,000,000 | ---D | M]
Remove It Permanently -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} -> [2010/02/03 04:38:48 | 000,000,000 | ---D | M]
Flashblock -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/01/25 21:02:40 | 000,000,000 | ---D | M]
ChatZilla -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(2) -> [2010/01/25 21:02:41 | 000,000,000 | ---D | M]
NoScript -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2010/03/03 17:49:20 | 000,000,000 | ---D | M]
NoScript -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
Phoenity Modern -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
Nightly Tester Tools -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
ReloadEvery -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2) -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
BlackJapan -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}(2) -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
Acid Burn r1 -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{acidburnr1-4ed8-4a4d-9194-975a45a391xp} -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
DownloadHelper -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
PitchDark -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
Adblock Plus -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
Gradient iCool -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} -> [2010/01/28 18:43:07 | 000,000,000 | ---D | M]
Luna -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{F10B4D44-508F-4a2f-A941-5E834F7C1F8B}(2) -> [2010/01/25 21:02:47 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\chromeditplus@webdesigns.ms11.net -> [2010/01/25 21:02:17 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\elemhidehelper@adblockplus.org -> [2010/01/25 21:02:18 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\foxmarks@kei(2).com -> [2010/01/25 21:02:23 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\foxmarks@kei.com -> [2010/02/01 00:48:45 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\max@subfighter.com -> [2010/01/20 19:37:36 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\staged-xpis -> [2010/03/03 17:49:21 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\temp -> [2010/01/25 21:02:39 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions -> [2010/01/20 23:06:36 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
aolsearch.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\aolsearch.xml -> [2008/01/23 20:02:46 | 000,001,878 | ---- | M] ()
WikiFur-1.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\WikiFur-1.xml -> [2010/03/04 00:09:46 | 000,001,161 | ---- | M] ()
wikifur-en.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikifur-en.xml -> [2010/01/20 19:25:54 | 000,001,574 | ---- | M] ()
WikiFur.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\WikiFur.xml -> [2006/11/08 23:28:12 | 000,001,188 | ---- | M] ()
wikipedia-1.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikipedia-1.xml -> [2008/06/24 01:14:38 | 000,001,108 | ---- | M] ()
wikipedia.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikipedia.xml -> [2008/06/24 01:32:00 | 000,001,108 | ---- | M] ()
youtube-video-search.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\youtube-video-search.xml -> [2007/05/19 03:19:46 | 000,002,109 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/05 04:16:11 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> [2008/03/01 22:47:07 | 000,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org -> [2006/11/11 17:26:38 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/02/28 20:45:32 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINNT\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> E:\Hard Drive\Program Files\FlashGet\jccatch.dll [FGCatchUrl] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java™ Plug-In 2 SSV Helper] -> [2010/01/11 20:42:48 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/01/11 20:42:48 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.)
{EAD3A971-6A23-4246-8691-C9244E858967} [HKLM] -> C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [OToolbarHelper Class] -> [2009/04/01 11:53:42 | 000,099,328 | ---- | M] ()
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> E:\Hard Drive\Program Files\FlashGet\getflash.dll [FlashGet GetFlash Class] -> File not found
{F385C231-605B-4d8f-ACA9-DBFF765BBE17} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Adblock Pro] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{DC0F2F93-27FA-4f84-ACAA-9416F90B9511}" [HKLM] -> C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [PayPal Plug-In] -> [2009/04/01 11:55:50 | 003,147,264 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"HotKeysCmds" -> C:\WINNT\system32\hkcmd.exe [C:\WINNT\system32\hkcmd.exe] -> [2005/06/21 15:44:34 | 000,126,976 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINNT\system32\igfxtray.exe [C:\WINNT\system32\igfxtray.exe] -> [2005/01/23 11:36:10 | 000,155,648 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/01/31 22:13:08 | 000,385,024 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Common Files\Java\Java Update\jusched.exe ["C:\Program Files\Common Files\Java\Java Update\jusched.exe"] -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SansaDispatch" -> C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe] -> [2009/04/07 18:37:15 | 000,079,872 | ---- | M] (SanDisk Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< SusanCheetah Startup Folder > -> C:\Documents and Settings\SusanCheetah\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoSplash" -> [0] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"CDRAutoRun" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"CDRAutoRun" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Block This Image (ABP) -> e:\Program Files\Adblock Pro\blockimg.html [e:\Program Files\Adblock Pro\blockimg.html] -> File not found
&Download All with FlashGet -> E:\Hard Drive\Program Files\FlashGet\jc_all.htm [E:\Hard Drive\Program Files\FlashGet\jc_all.htm] -> File not found
&Download with FlashGet -> E:\Hard Drive\Program Files\FlashGet\jc_link.htm [E:\Hard Drive\Program Files\FlashGet\jc_link.htm] -> File not found
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
Copy to Semagic -> C:\Program Files\Semagic\copy.htm [C:\Program Files\Semagic\copy.htm] -> [2005/08/15 04:30:58 | 000,000,267 | ---- | M] ()
Semagic -> C:\Program Files\Semagic\link.htm [C:\Program Files\Semagic\link.htm] -> [2005/08/15 04:30:58 | 000,000,186 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Button: Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> C:\Program Files\AIM\aim.exe [Button: AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Hard Drive\Program Files\FlashGet\FlashGet.exe [Button: FlashGet] -> File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Hard Drive\Program Files\FlashGet\FlashGet.exe [Menu: FlashGet] -> File not found
{d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec [HKLM] -> Reg Error: Value error. [Button: Run IMVU] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}:{7685B225-8229-4321-BA13-A24485B0A760} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Button: Adblock Pro Preferences] -> File not found
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}:{7685B225-8229-4321-BA13-A24485B0A760} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Menu: Adblock Pro Preferences] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\"{F4FBA929-A891-492C-A0F6-5C79CC4F1742}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
Extension\.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Error: Value error.] -> [2001/01/30 13:56:24 | 000,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6731 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6746 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6746 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1785 domain(s) found. ->
93 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1785 domain(s) found. ->
93 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7673 domain(s) found. ->
www_adobe.com [http] -> Trusted sites ->
compuserve.com .[*] -> Out of zone range - ( 5 ) ->
objects_compuserve.com [*] -> Out of zone range - ( 6 ) ->
67 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com...ex/qtplugin.cab [QuickTime Object] ->
{0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> https://support.micr...veX/MSDcode.cab [Microsoft Data Collection Control] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> https://support.gate...//PCPitStop.CAB [PCPitstop Utility] ->
{0F04992B-E661-4DB9-B223-903AB628225D} [HKLM] -> file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB [DoMoreRunExe.DoMoreRun] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.micr...heckControl.cab [Windows Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.syma...bin/AvSniff.cab [Symantec AntiVirus scanner] ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKLM] -> http://download.yaho...s/yinst0401.cab [YInstStarter Class] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.micros...ontent/opuc.cab [Office Update Installation Engine] ->
{49232000-16E4-426C-A231-62846947304B} [HKLM] -> http://ipgweb.cce.hp...ads/sysinfo.cab [Reg Error: Key error.] ->
{4B48D5DF-9021-45F7-A240-60304302A215} [HKLM] -> http://www.microsoft.../WebCleaner.cab [MalwareCleaner Class] ->
{511073AD-BE56-4D43-AE68-93390514385E} [HKLM] -> file://C:\Program Files\gateway\helpspot\TechTools.CAB [TechToolsActivex.TechTools] ->
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [HKLM] -> http://catalog.updat...b?1236859723968 [MUCatalogWebControl Class] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onec...lscbase8300.cab [Windows Live Safety Center Base Module] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.mi...b?1263255474324 [WUWebControl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.syma...n/bin/cabsa.cab [Symantec RuFSI Utility Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.mi...b?1258321201703 [MUWebControl Class] ->
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} [HKLM] -> http://housecall65.t...ivex/hcImpl.cab [Housecall ActiveX 6.5] ->
{739E8D90-2F4C-43AD-A1B8-66C356FCEA35} [HKLM] -> hcp://system/RunExeActiveX.CAB [RunExeActiveX.RunExe] ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} [HKLM] -> http://www3.ca.com/s...nfo/webscan.cab [WScanCtl Class] ->
{8714912E-380D-11D5-B8AA-00D0B78F3D48} [HKLM] -> http://chat.yahoo.com/cab/yuplapp.cab [Yahoo! Webcam Upload Wrapper] ->
{88D969C0-F192-11D4-A65F-0040963251E5} [HKLM] -> http://ipgweb.cce.hp...oads/msxml4.cab [XML DOM Document 4.0] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_18] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.ma...r/ultrashim.cab [Reg Error: Key error.] ->
{93CEA8A4-6059-4E0B-ADDD-73848153DD5E} [HKLM] -> http://support.gatew...h/weblaunch.cab [CWebLaunchCtl Object] ->
{94B82441-A413-4E43-8422-D49930E69764} [HKLM] -> http://echat.us.dell...t/TLIEFlash.CAB [TLIEFlashObj Class] ->
{97BB6657-DC7F-4489-9067-51FAB9D8857E} [HKLM] -> http://support.gatew.../weblaunch2.cab [CWebLaunchCtl Object] ->
{99FE5072-78AA-4FEE-89BA-69A5FA55343F} [HKLM] -> http://download.micr...44/igdtoolx.cab [IGDTester Class] ->
{9A57B18E-2F5D-11D5-8997-00104BD12D94} [HKLM] -> http://support.gatew...rvest/gwCID.CAB [compid Class] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> http://v4.windowsupd...8183.1688773148 [Reg Error: Key error.] ->
{A8658086-E6AC-4957-BC8E-8D54A7E8A790} [HKLM] -> http://www.microsoft...DI/0/GDIChk.CAB [GDIChk Object] ->
{A8F2B9BD-A6A0-486A-9744-18920D898429} [HKLM] -> http://www.sibelius....tiveXPlugin.cab [Reg Error: Key error.] ->
{C606BA60-AB76-48B6-96A7-2C4D5C386F70} [HKLM] -> http://www.verizon.n...tivePreQual.cab [PreQualifier Class] ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_18] ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} [HKLM] -> http://gameadvisor.f...bal/msc3121.cab [Measurement Services Client v.3.12] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.ma...ent/swflash.cab [Reg Error: Key error.] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://i.grab.com/me...aploader_v6.cab [Reg Error: Key error.] ->
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} [HKLM] -> http://chat.yahoo.com/cab/yvwrctl.cab [Yahoo! Webcam Viewer Wrapper] ->
{F54C1137-5E34-4B95-95A5-BA56D4D8D743} [HKLM] -> http://www.gamespot....ownload/kdx.cab [Secure Delivery] ->
DirectAnimation Java Classes [HKLM] -> file://C:\WINNT\Java\classes\dajava.cab [Reg Error: Key error.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINNT\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINNT\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
C:\WINNT\system32\logonuiX.exe -> C:\WINNT\system32\logonuiX.exe -> [2009/11/18 11:49:29 | 005,053,440 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINNT\System32\igfxsrvc.dll -> [2005/06/21 15:44:12 | 000,348,160 | ---- | M] (Intel Corporation)
MCPClient -> C:\Program Files\Common Files\Stardock\MCPStub.dll -> [2005/01/31 14:13:38 | 000,049,152 | ---- | M] (Stardock)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" [HKLM] -> C:\Program Files\Common Files\Stardock\MCPCore.dll [0aMCPClient] -> [2005/05/10 12:31:20 | 000,086,016 | ---- | M] (Stardock)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 21:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2005/11/28 11:11:36 | 000,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/09/19 04:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/06/14 19:09:28 | 026,996,008 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
H:\Autorun.inf [[Autorun] | Open=StartPortableApps.exe | Action=Start PortableApps.com | Icon=StartPortableApps.exe | Label=PortableApps.com | ] -> H:\Autorun.inf [ FAT ] -> [2008/03/04 16:31:14 | 000,000,120 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{3ef0719c-a0f0-11dc-bcdc-00038a000011}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ef0719c-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command
\{3ef0719c-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command\\"" -> H:\StartPortableApps.exe [H:\StartPortableApps.exe] -> [2008/05/21 17:02:52 | 000,088,712 | ---- | M] (PortableApps.com)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->

[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* ->
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [MediaMonkey.1Play] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" "%1" -> File not found
Directory [MediaMonkey.2PlayNext] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" -> File not found
Directory [MediaMonkey.3Enqueue] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" -> File not found
Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2/14/2010 3:01:35 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11316 -> Description = Product: Project64 1.6 -- Error 1316.A network error occurred while attempting to read from the file C:\WINNT\Installer\Project64 1.6.msi
Application [ Error ] 2/15/2010 5:06:39 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11327 -> Description = Product: Impulse -- Error 1327. Invalid Drive: E:\
Application [ Error ] 2/15/2010 5:45:53 PM Computer Name = LYNDIS | Source = .NET Runtime Optimization Service | ID = 1101 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: E:\Program Files\Stardock\Impulse\Impulse.exe . Error code = 0x80131047
Application [ Error ] 2/15/2010 5:45:54 PM Computer Name = LYNDIS | Source = .NET Runtime Optimization Service | ID = 1101 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: E:\Program Files\Stardock\Impulse\ImpulseDock.exe . Error code = 0x80131047
Application [ Error ] 2/18/2010 7:22:46 AM Computer Name = LYNDIS | Source = Application Error | ID = 1000 -> Description = Faulting application wwm.exe, version 6.0.2.0, faulting module supersub.dll, version 6.0.2.0, fault address 0x000043df.
Application [ Error ] 2/28/2010 9:40:09 PM Computer Name = LYNDIS | Source = Application Hang | ID = 1002 -> Description = Hanging application wwm.exe, version 6.0.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/28/2010 10:06:35 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue.
Application [ Error ] 2/28/2010 10:06:47 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue.
Application [ Error ] 3/3/2010 6:52:28 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue.
Application [ Error ] 3/4/2010 5:52:25 PM Computer Name = LYNDIS | Source = Application Hang | ID = 1002 -> Description = Hanging application dfsvc.exe, version 2.0.50727.3053, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 3/5/2010 4:58:28 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 3/5/2010 4:58:28 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
System [ Error ] 3/5/2010 5:02:28 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7023 -> Description = The Automatic Updates service terminated with the following error: %%126
System [ Error ] 3/5/2010 5:02:30 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: ntiomin rxp
System [ Error ] 3/5/2010 6:07:14 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 3/5/2010 6:07:14 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

[Files/Folders - Created Within 30 Days]
DoctorWeb -> C:\Documents and Settings\Owner\DoctorWeb -> [2010/03/04 01:05:45 | 000,000,000 | ---D | C]
Downloads -> C:\Documents and Settings\Owner\My Documents\Downloads -> [2010/03/03 18:05:06 | 000,000,000 | ---D | C]
Downloads -> C:\Downloads -> [2010/02/28 22:53:17 | 000,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2010/02/28 21:14:47 | 000,000,000 | -HSD | C]
Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2010/02/28 21:04:35 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINNT\System32\drivers\mbamswissarmy.sys -> [2010/02/28 21:04:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/02/28 21:04:21 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINNT\System32\drivers\mbam.sys -> [2010/02/28 21:04:18 | 000,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/02/28 21:04:18 | 000,000,000 | ---D | C]
Prefetch -> C:\WINNT\Prefetch -> [2010/02/28 21:02:18 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/02/28 20:05:21 | 000,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINNT\SWXCACLS.exe -> [2010/02/28 18:12:27 | 000,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINNT\SWREG.exe -> [2010/02/28 18:12:27 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINNT\SWSC.exe -> [2010/02/28 18:12:27 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINNT\NIRCMD.exe -> [2010/02/28 18:12:27 | 000,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\WINNT\ERDNT -> [2010/02/28 18:11:40 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/02/28 18:09:48 | 000,000,000 | ---D | C]
BrWia06a.dll -> C:\WINNT\System32\BrWia06a.dll -> [2010/02/16 09:38:20 | 001,492,480 | ---- | C] (Brother Industries, Ltd.)
BrUsi06a.dll -> C:\WINNT\System32\BrUsi06a.dll -> [2010/02/16 09:38:20 | 000,038,912 | ---- | C] (Brother Industries, Ltd.)
BrScnUsb.sys -> C:\WINNT\System32\drivers\BrScnUsb.sys -> [2010/02/16 09:38:20 | 000,015,295 | ---- | C] (Brother Industries Ltd.)
brinsstr.dll -> C:\WINNT\System32\brinsstr.dll -> [2010/02/16 09:38:18 | 000,052,736 | ---- | C] (Brother Industries,Ltd.)
PDRVINST.DLL -> C:\WINNT\System32\PDRVINST.DLL -> [2010/02/16 09:37:48 | 000,188,416 | ---- | C] (brother)
BrWebIns.dll -> C:\WINNT\System32\BrWebIns.dll -> [2010/02/16 09:37:48 | 000,086,016 | ---- | C] (brother)
BRWEBUP.EXE -> C:\WINNT\System32\BRWEBUP.EXE -> [2010/02/16 09:37:48 | 000,069,632 | ---- | C] (brother)
BrfxD05a.dll -> C:\WINNT\System32\BrfxD05a.dll -> [2010/02/16 09:37:35 | 000,126,976 | ---- | C] (Brother Industries,LTD)
brunin03.dll -> C:\WINNT\brunin03.dll -> [2010/02/16 09:37:33 | 000,147,456 | ---- | C] (Brother Industries,Ltd.)
Brother -> C:\Program Files\Brother -> [2010/02/16 09:37:33 | 000,000,000 | ---D | C]
InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [2010/02/16 09:35:16 | 000,000,000 | ---D | C]
ScanSoft Shared -> C:\Program Files\Common Files\ScanSoft Shared -> [2010/02/16 09:34:46 | 000,000,000 | ---D | C]
ScanSoft -> C:\Program Files\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | C]
ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | C]
Brother -> C:\Documents and Settings\All Users\Application Data\Brother -> [2010/02/16 09:33:22 | 000,000,000 | ---D | C]
usbccgp.sys -> C:\WINNT\System32\dllcache\usbccgp.sys -> [2010/02/15 18:00:02 | 000,032,128 | ---- | C] (Microsoft Corporation)
My Videos -> C:\Documents and Settings\Owner\My Documents\My Videos -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
My Pictures -> C:\Documents and Settings\Owner\My Documents\My Pictures -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
My Music -> C:\Documents and Settings\Owner\My Documents\My Music -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
Trillian -> C:\Program Files\Trillian -> [2010/02/15 07:12:01 | 000,000,000 | ---D | C]
Office 2003 -> C:\Documents and Settings\Owner\Desktop\Office 2003 -> [2010/02/11 09:42:43 | 000,000,000 | ---D | C]
fofix -> C:\Documents and Settings\Owner\Application Data\fofix -> [2010/02/11 07:11:08 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/08/31 05:19:15 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/08/31 05:18:43 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\LocalService\Application Data\JGsoft -> [2009/03/15 03:42:23 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/03/13 21:02:03 | 000,000,000 | ---D | M]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2008/11/05 02:37:23 | 000,000,000 | ---D | M]
AdobeUM -> C:\Documents and Settings\NetworkService\Application Data\AdobeUM -> [2008/07/20 05:49:14 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2008/07/20 05:48:57 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2008/07/20 05:47:42 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2008/02/29 17:43:05 | 000,000,000 | ---D | M]
Symantec -> C:\Documents and Settings\NetworkService\Application Data\Symantec -> [2007/01/02 18:03:58 | 000,000,000 | ---D | M]
Symantec -> C:\Documents and Settings\LocalService\Application Data\Symantec -> [2006/11/12 17:19:12 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2003/05/16 11:19:14 | 000,000,000 | --SD | M]
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp ->

[Files/Folders - Modified Within 30 Days]
Ad-Aware Update (Weekly).job -> C:\WINNT\tasks\Ad-Aware Update (Weekly).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 4).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 4).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 3).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 3).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 2).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 2).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 1).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 1).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
win.ini -> C:\WINNT\win.ini -> [2010/03/05 04:03:19 | 000,001,708 | ---- | M] ()
wpa.dbl -> C:\WINNT\System32\wpa.dbl -> [2010/03/05 04:01:53 | 000,001,158 | ---- | M] ()
bootstat.dat -> C:\WINNT\bootstat.dat -> [2010/03/05 04:00:40 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/03/05 04:00:30 | 1332,531,200 | -HS- | M] ()
ntuser.dat -> C:\Documents and Settings\Owner\ntuser.dat -> [2010/03/05 03:59:29 | 016,777,216 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2010/03/05 03:59:29 | 000,000,178 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db -> [2010/03/05 03:59:08 | 020,325,348 | -H-- | M] ()
DrWeb.csv -> C:\Documents and Settings\Owner\Desktop\DrWeb.csv -> [2010/03/04 21:48:28 | 000,002,877 | ---- | M] ()
drweb-cureit.exe -> C:\Documents and Settings\Owner\My Documents\drweb-cureit.exe -> [2010/03/04 01:04:28 | 032,729,168 | ---- | M] ()
SA.DAT -> C:\WINNT\tasks\SA.DAT -> [2010/03/01 00:25:29 | 000,000,006 | -H-- | M] ()
system.ini -> C:\WINNT\system.ini -> [2010/02/28 22:14:38 | 000,000,293 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2010/02/28 22:14:38 | 000,000,277 | RHS- | M] ()
GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job -> C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job -> [2010/02/28 21:29:18 | 000,000,938 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/28 21:04:27 | 000,000,702 | ---- | M] ()
perfh009.dat -> C:\WINNT\System32\perfh009.dat -> [2010/02/28 20:48:39 | 000,462,938 | ---- | M] ()
perfc009.dat -> C:\WINNT\System32\perfc009.dat -> [2010/02/28 20:48:39 | 000,078,654 | ---- | M] ()
PerfStringBackup.INI -> C:\WINNT\System32\PerfStringBackup.INI -> [2010/02/28 20:48:37 | 000,551,784 | ---- | M] ()
hosts -> C:\WINNT\System32\drivers\etc\hosts -> [2010/02/28 20:45:32 | 000,000,027 | ---- | M] ()
LogonStudio.ini -> C:\WINNT\LogonStudio.ini -> [2010/02/23 07:45:45 | 000,000,024 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2010/02/17 05:52:40 | 000,000,207 | ---- | M] ()
QTFont.qfn -> C:\WINNT\QTFont.qfn -> [2010/02/16 14:00:05 | 000,054,156 | -H-- | M] ()
QTFont.for -> C:\WINNT\QTFont.for -> [2010/02/16 14:00:05 | 000,001,409 | ---- | M] ()
BRWMARK.INI -> C:\WINNT\BRWMARK.INI -> [2010/02/16 09:41:47 | 000,000,419 | ---- | M] ()
BRPP2KA.INI -> C:\WINNT\BRPP2KA.INI -> [2010/02/16 09:41:47 | 000,000,027 | ---- | M] ()
Brpfx04a.ini -> C:\WINNT\Brpfx04a.ini -> [2010/02/16 09:40:09 | 000,000,210 | ---- | M] ()
brpcfx.ini -> C:\WINNT\brpcfx.ini -> [2010/02/16 09:40:09 | 000,000,093 | ---- | M] ()
bridf06a.dat -> C:\WINNT\System32\bridf06a.dat -> [2010/02/16 09:40:09 | 000,000,050 | ---- | M] ()
tdstemp.002 -> C:\tdstemp.002 -> [2010/02/15 15:59:15 | 000,001,421 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/15 06:54:38 | 000,095,232 | ---- | M] ()
cdplayer.ini -> C:\WINNT\cdplayer.ini -> [2010/02/10 08:01:48 | 000,000,849 | ---- | M] ()
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp ->

[Files - No Company Name]
DrWeb.csv -> C:\Documents and Settings\Owner\Desktop\DrWeb.csv -> [2010/03/04 21:48:28 | 000,002,877 | ---- | C] ()
drweb-cureit.exe -> C:\Documents and Settings\Owner\My Documents\drweb-cureit.exe -> [2010/03/03 20:46:45 | 032,729,168 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/28 21:04:27 | 000,000,702 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/02/28 20:05:32 | 000,000,207 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/02/28 20:05:27 | 000,260,272 | ---- | C] ()
PEV.exe -> C:\WINNT\PEV.exe -> [2010/02/28 18:12:27 | 000,261,632 | ---- | C] ()
sed.exe -> C:\WINNT\sed.exe -> [2010/02/28 18:12:27 | 000,098,816 | ---- | C] ()
grep.exe -> C:\WINNT\grep.exe -> [2010/02/28 18:12:27 | 000,080,412 | ---- | C] ()
MBR.exe -> C:\WINNT\MBR.exe -> [2010/02/28 18:12:27 | 000,077,312 | ---- | C] ()
zip.exe -> C:\WINNT\zip.exe -> [2010/02/28 18:12:27 | 000,068,096 | ---- | C] ()
QTFont.qfn -> C:\WINNT\QTFont.qfn -> [2010/02/16 14:00:05 | 000,054,156 | -H-- | C] ()
QTFont.for -> C:\WINNT\QTFont.for -> [2010/02/16 14:00:05 | 000,001,409 | ---- | C] ()
BRPP2KA.INI -> C:\WINNT\BRPP2KA.INI -> [2010/02/16 09:41:47 | 000,000,027 | ---- | C] ()
BRWMARK.INI -> C:\WINNT\BRWMARK.INI -> [2010/02/16 09:41:46 | 000,000,419 | ---- | C] ()
Brpfx04a.ini -> C:\WINNT\Brpfx04a.ini -> [2010/02/16 09:40:09 | 000,000,210 | ---- | C] ()
brpcfx.ini -> C:\WINNT\brpcfx.ini -> [2010/02/16 09:40:09 | 000,000,093 | ---- | C] ()
bridf06a.dat -> C:\WINNT\System32\bridf06a.dat -> [2010/02/16 09:40:09 | 000,000,050 | ---- | C] ()
CVRPAGE.BMP -> C:\WINNT\CVRPAGE.BMP -> [2010/02/16 09:37:37 | 000,006,224 | ---- | C] ()
brdfxspd.dat -> C:\WINNT\brdfxspd.dat -> [2010/02/16 09:37:34 | 000,000,000 | ---- | C] ()
maxlink.ini -> C:\WINNT\maxlink.ini -> [2010/02/16 09:35:48 | 000,027,019 | ---- | C] ()
tdstemp.002 -> C:\tdstemp.002 -> [2010/02/15 15:59:15 | 000,001,421 | ---- | C] ()
FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010/01/25 22:10:28 | 000,532,360 | ---- | C] ()
RtlCPAPI.dll -> C:\WINNT\System32\RtlCPAPI.dll -> [2009/11/01 22:59:25 | 000,147,456 | ---- | C] ()
qt-dx331.dll -> C:\WINNT\System32\qt-dx331.dll -> [2008/09/19 16:57:34 | 003,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\WINNT\System32\dtu100.dll.manifest -> [2008/09/19 16:55:10 | 000,000,416 | ---- | C] ()
idxcntrs.ini -> C:\WINNT\System32\idxcntrs.ini -> [2007/09/27 09:51:02 | 000,020,698 | ---- | C] ()
gsrvctr.ini -> C:\WINNT\System32\gsrvctr.ini -> [2007/09/27 09:48:48 | 000,030,628 | ---- | C] ()
gthrctr.ini -> C:\WINNT\System32\gthrctr.ini -> [2007/09/27 09:48:28 | 000,031,698 | ---- | C] ()
InsDrvZD.dll -> C:\WINNT\System32\InsDrvZD.dll -> [2007/07/24 16:59:02 | 000,028,672 | ---- | C] ()
InsDrvZD64.DLL -> C:\WINNT\System32\InsDrvZD64.DLL -> [2007/07/24 16:59:02 | 000,015,872 | ---- | C] ()
(null)toolkit.ini -> C:\WINNT\(null)toolkit.ini -> [2007/07/13 18:44:31 | 000,000,113 | ---- | C] ()
ff_vfw.dll -> C:\WINNT\System32\ff_vfw.dll -> [2007/05/25 20:06:45 | 000,010,752 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINNT\System32\ff_vfw.dll.manifest -> [2007/05/25 20:06:45 | 000,000,547 | ---- | C] ()
Start.INI -> C:\WINNT\Start.INI -> [2007/05/08 05:46:49 | 000,000,032 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINNT\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINNT\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 000,026,489 | ---- | C] ()
kodakpcd.MarkMcCloud.ini -> C:\WINNT\kodakpcd.MarkMcCloud.ini -> [2006/06/07 07:58:38 | 000,000,023 | ---- | C] ()
LogonStudio.ini -> C:\WINNT\LogonStudio.ini -> [2006/04/19 17:10:30 | 000,000,024 | ---- | C] ()
JPGUtils.dll -> C:\WINNT\System32\JPGUtils.dll -> [2006/04/19 17:09:57 | 000,187,392 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINNT\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINNT\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 000,026,040 | ---- | C] ()
huffyuv.ini -> C:\WINNT\huffyuv.ini -> [2006/04/11 16:27:12 | 000,000,134 | ---- | C] ()
WB.ini -> C:\WINNT\WB.ini -> [2006/03/25 01:53:47 | 000,000,072 | ---- | C] ()
wbload.dll -> C:\WINNT\System32\wbload.dll -> [2006/03/25 01:49:57 | 000,020,480 | ---- | C] ()
atid.ini -> C:\WINNT\atid.ini -> [2006/01/25 01:51:55 | 000,000,029 | ---- | C] ()
CD-Start.INI -> C:\WINNT\CD-Start.INI -> [2005/11/22 20:37:06 | 000,000,032 | ---- | C] ()
Star Trek Birth of the Federation - Editor.INI -> C:\WINNT\Star Trek Birth of the Federation - Editor.INI -> [2005/10/28 03:42:31 | 000,000,047 | ---- | C] ()
StyleBuilder.INI -> C:\WINNT\StyleBuilder.INI -> [2005/09/02 17:38:36 | 000,000,099 | ---- | C] ()
gscr.dll -> C:\WINNT\gscr.dll -> [2005/06/02 18:51:01 | 000,028,672 | ---- | C] ()
cdplayer.ini -> C:\WINNT\cdplayer.ini -> [2005/05/08 15:58:30 | 000,000,849 | ---- | C] ()
mmpoly.ini -> C:\WINNT\mmpoly.ini -> [2005/04/11 19:00:59 | 000,000,070 | ---- | C] ()
dcstds3.dll -> C:\WINNT\dcstds3.dll -> [2005/03/11 11:09:10 | 000,000,006 | ---- | C] ()
NemuAudio08.ini -> C:\WINNT\System32\NemuAudio08.ini -> [2005/02/12 17:10:38 | 000,000,126 | ---- | C] ()
lq.dll -> C:\WINNT\lq.dll -> [2005/01/28 07:36:56 | 000,007,168 | ---- | C] ()
NMDll.dll -> C:\WINNT\System32\NMDll.dll -> [2005/01/28 07:36:55 | 000,468,480 | ---- | C] ()
yhl.dll -> C:\WINNT\yhl.dll -> [2005/01/28 07:36:54 | 000,020,480 | ---- | C] ()
ODBC.INI -> C:\WINNT\ODBC.INI -> [2005/01/08 20:54:41 | 000,000,480 | ---- | C] ()
Sfc3ng.INI -> C:\WINNT\Sfc3ng.INI -> [2005/01/01 04:50:29 | 000,000,604 | ---- | C] ()
iPlayer.INI -> C:\WINNT\iPlayer.INI -> [2004/12/23 23:58:48 | 000,000,000 | ---- | C] ()
pcfriend.INI -> C:\WINNT\pcfriend.INI -> [2004/11/15 04:32:39 | 000,000,000 | ---- | C] ()
psisdecd.dll -> C:\WINNT\System32\psisdecd.dll -> [2004/10/08 05:11:47 | 000,363,520 | ---- | C] ()
cncs232.dll -> C:\WINNT\System32\cncs232.dll -> [2004/09/15 08:32:10 | 000,286,208 | ---- | C] ()
NemuVideo.ini -> C:\WINNT\System32\NemuVideo.ini -> [2004/08/10 14:53:38 | 000,000,065 | ---- | C] ()
zlib.dll -> C:\WINNT\System32\zlib.dll -> [2004/07/23 22:52:03 | 000,053,760 | ---- | C] ()
devenum(2).dll -> C:\WINNT\System32\devenum(2).dll -> [2004/07/15 13:52:17 | 000,053,248 | ---- | C] ()
winamp.ini -> C:\WINNT\winamp.ini -> [2004/07/15 03:50:02 | 000,001,157 | ---- | C] ()
xvidvfw.dll -> C:\WINNT\System32\xvidvfw.dll -> [2004/06/06 11:53:42 | 000,155,648 | ---- | C] ()
xvidcore.dll -> C:\WINNT\System32\xvidcore.dll -> [2004/06/05 11:56:16 | 000,679,936 | ---- | C] ()
smscfg.ini -> C:\WINNT\smscfg.ini -> [2004/04/15 11:01:41 | 000,000,061 | ---- | C] ()
PCDrSystemInformation.dll -> C:\WINNT\System32\PCDrSystemInformation.dll -> [2004/04/15 10:43:24 | 000,282,624 | ---- | C] ()
PCDrKernelModeServices.dll -> C:\WINNT\System32\PCDrKernelModeServices.dll -> [2004/04/15 10:38:13 | 000,086,016 | ---- | C] ()
ProgressTrace.dll -> C:\WINNT\System32\ProgressTrace.dll -> [2004/04/15 10:38:13 | 000,065,536 | ---- | C] ()
OEMINFO.INI -> C:\WINNT\System32\OEMINFO.INI -> [2004/04/15 10:36:36 | 000,000,699 | ---- | C] ()
libeay32.dll -> C:\WINNT\System32\libeay32.dll -> [2004/03/22 13:22:30 | 000,880,128 | ---- | C] ()
ssleay32.dll -> C:\WINNT\System32\ssleay32.dll -> [2004/03/22 13:22:30 | 000,171,520 | ---- | C] ()
OpenQuicktimeLib.dll -> C:\WINNT\System32\OpenQuicktimeLib.dll -> [2004/01/27 12:13:54 | 000,421,888 | ---- | C] ()
tds3shl.dll -> C:\WINNT\System32\tds3shl.dll -> [2003/06/11 18:05:06 | 000,032,768 | ---- | C] ()
orun32.ini -> C:\WINNT\orun32.ini -> [2003/05/16 12:56:01 | 000,000,873 | ---- | C] ()
MCC16.DLL -> C:\WINNT\System32\MCC16.DLL -> [2002/12/18 15:10:36 | 000,006,048 | ---- | C] ()
OggDS.dll -> C:\WINNT\System32\OggDS.dll -> [2002/10/06 18:42:58 | 000,237,568 | ---- | C] ()
vorbisenc.dll -> C:\WINNT\System32\vorbisenc.dll -> [2002/10/04 23:04:26 | 000,921,600 | ---- | C] ()
vorbis.dll -> C:\WINNT\System32\vorbis.dll -> [2002/10/04 23:04:26 | 000,188,416 | ---- | C] ()
ogg.dll -> C:\WINNT\System32\ogg.dll -> [2002/10/04 23:04:18 | 000,045,056 | ---- | C] ()
mag.dll -> C:\WINNT\System32\mag.dll -> [2002/03/19 17:30:00 | 000,010,752 | ---- | C] ()
msvdm.dll -> C:\WINNT\System32\msvdm.dll -> [2002/03/19 16:30:00 | 000,141,824 | ---- | C] ()
Jpeg32.dll -> C:\WINNT\System32\Jpeg32.dll -> [2002/03/04 10:16:34 | 000,110,592 | R--- | C] ()
PciBus.sys -> C:\WINNT\System32\drivers\PciBus.sys -> [2001/11/19 19:05:18 | 000,003,972 | ---- | C] ()
cpuinf32.dll -> C:\WINNT\System32\cpuinf32.dll -> [2001/09/17 12:20:02 | 000,009,216 | ---- | C] ()
Canon456.dll -> C:\WINNT\System32\Canon456.dll -> [2000/11/15 17:00:00 | 000,000,019 | ---- | C] ()
sysres.dll -> C:\WINNT\System32\sysres.dll -> [1998/08/16 05:00:00 | 000,004,096 | ---- | C] ()
coinst.dll -> C:\WINNT\System32\coinst.dll -> [1980/01/01 00:00:00 | 000,049,152 | ---- | C] ()

[File - Lop Check]
InterTrust -> C:\Documents and Settings\Administrator\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
America Online -> C:\Documents and Settings\All Users\Application Data\America Online -> [2004/07/15 05:51:09 | 000,000,000 | ---D | M]
Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [2005/09/26 02:50:35 | 000,000,000 | ---D | M]
Downloaded Installations -> C:\Documents and Settings\All Users\Application Data\Downloaded Installations -> [2007/06/13 16:13:12 | 000,000,000 | ---D | M]
DriverScanner -> C:\Documents and Settings\All Users\Application Data\DriverScanner -> [2008/12/10 22:08:14 | 000,000,000 | ---D | M]
PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2008/07/09 18:28:54 | 000,000,000 | ---D | M]
ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | M]
SecTaskMan -> C:\Documents and Settings\All Users\Application Data\SecTaskMan -> [2009/08/01 17:00:16 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\All Users\Application Data\Stardock -> [2008/08/19 19:06:37 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/02/26 00:14:18 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2004/07/15 03:54:42 | 000,000,000 | ---D | M]
WholeSecurity -> C:\Documents and Settings\All Users\Application Data\WholeSecurity -> [2009/06/01 09:23:44 | 000,000,000 | ---D | M]
{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> [2010/02/15 16:06:35 | 000,000,000 | -H-D | M]
{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> [2010/01/30 11:13:40 | 000,000,000 | -H-D | M]
InterTrust -> C:\Documents and Settings\Default User\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
Adblock Pro -> C:\Documents and Settings\Guest\Application Data\Adblock Pro -> [2009/02/16 08:51:13 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\Guest\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\LocalService\Application Data\JGsoft -> [2009/03/15 03:42:23 | 000,000,000 | ---D | M]
acccore -> C:\Documents and Settings\Owner\Application Data\acccore -> [2006/12/29 17:11:26 | 000,000,000 | ---D | M]
Adblock Pro -> C:\Documents and Settings\Owner\Application Data\Adblock Pro -> [2008/08/25 17:18:15 | 000,000,000 | ---D | M]
Aim -> C:\Documents and Settings\Owner\Application Data\Aim -> [2004/08/11 21:31:59 | 000,000,000 | ---D | M]
Desktop Sidebar -> C:\Documents and Settings\Owner\Application Data\Desktop Sidebar -> [2008/06/22 21:24:26 | 000,000,000 | ---D | M]
Exodus -> C:\Documents and Settings\Owner\Application Data\Exodus -> [2005/02/10 17:54:19 | 000,000,000 | ---D | M]
FileMaker -> C:\Documents and Settings\Owner\Application Data\FileMaker -> [2005/09/24 15:37:20 | 000,000,000 | ---D | M]
fltk.org -> C:\Documents and Settings\Owner\Application Data\fltk.org -> [2005/02/03 00:53:12 | 000,000,000 | ---D | M]
fofix -> C:\Documents and Settings\Owner\Application Data\fofix -> [2010/02/11 07:11:17 | 000,000,000 | ---D | M]
gen_ff v1.04 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.04 -> [2004/09/23 05:53:06 | 000,000,000 | ---D | M]
gen_ff v1.05 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.05 -> [2005/05/23 22:23:42 | 000,000,000 | ---D | M]
gen_ff v1.07 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.07 -> [2006/03/21 10:03:47 | 000,000,000 | ---D | M]
IMVU -> C:\Documents and Settings\Owner\Application Data\IMVU -> [2007/05/04 00:55:12 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\Owner\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\Owner\Application Data\InterVideo -> [2004/08/08 16:45:01 | 000,000,000 | ---D | M]
IObit -> C:\Documents and Settings\Owner\Application Data\IObit -> [2010/01/24 02:06:11 | 000,000,000 | ---D | M]
IP Lookup v2.0 -> C:\Documents and Settings\Owner\Application Data\IP Lookup v2.0 -> [2005/08/24 19:14:20 | 000,000,000 | ---D | M]
IrfanView -> C:\Documents and Settings\Owner\Application Data\IrfanView -> [2008/08/16 20:20:41 | 000,000,000 | ---D | M]
JAM Software -> C:\Documents and Settings\Owner\Application Data\JAM Software -> [2008/11/14 01:46:10 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\Owner\Application Data\JGsoft -> [2007/04/23 05:26:01 | 000,000,000 | ---D | M]
Kazaa Lite -> C:\Documents and Settings\Owner\Application Data\Kazaa Lite -> [2004/07/16 21:25:11 | 000,000,000 | ---D | M]
Kontiki -> C:\Documents and Settings\Owner\Application Data\Kontiki -> [2004/08/16 10:53:15 | 000,000,000 | ---D | M]
Offline Explorer -> C:\Documents and Settings\Owner\Application Data\Offline Explorer -> [2005/01/28 10:39:53 | 000,000,000 | ---D | M]
SanDisk -> C:\Documents and Settings\Owner\Application Data\SanDisk -> [2009/04/07 18:34:39 | 000,000,000 | ---D | M]
SecondLife -> C:\Documents and Settings\Owner\Application Data\SecondLife -> [2007/07/28 19:03:13 | 000,000,000 | ---D | M]
SecondLife(2) -> C:\Documents and Settings\Owner\Application Data\SecondLife(2) -> [2005/07/12 03:24:20 | 000,000,000 | ---D | M]
Shareaza -> C:\Documents and Settings\Owner\Application Data\Shareaza -> [2008/02/17 16:37:29 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\Owner\Application Data\Stardock -> [2008/08/19 19:18:59 | 000,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\Owner\Application Data\Thunderbird -> [2009/12/15 19:48:38 | 000,000,000 | ---D | M]
Trillian -> C:\Documents and Settings\Owner\Application Data\Trillian -> [2009/01/10 04:01:34 | 000,000,000 | ---D | M]
Uniblue -> C:\Documents and Settings\Owner\Application Data\Uniblue -> [2008/12/10 22:08:15 | 000,000,000 | ---D | M]
ViStart -> C:\Documents and Settings\Owner\Application Data\ViStart -> [2007/12/01 23:22:54 | 000,000,000 | ---D | M]
Windows Desktop Search -> C:\Documents and Settings\Owner\Application Data\Windows Desktop Search -> [2008/07/25 05:45:23 | 000,000,000 | ---D | M]
Windows Live Writer -> C:\Documents and Settings\Owner\Application Data\Windows Live Writer -> [2009/04/01 09:19:23 | 000,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\Owner\Application Data\Windows Search -> [2008/07/29 06:15:42 | 000,000,000 | ---D | M]
Witty -> C:\Documents and Settings\Owner\Application Data\Witty -> [2009/06/27 07:29:06 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\SusanCheetah\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\SusanCheetah\Application Data\InterVideo -> [2005/07/12 03:24:53 | 000,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\SusanCheetah\Application Data\Thunderbird -> [2004/09/30 17:04:05 | 000,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\SusanCheetah\Application Data\Windows Search -> [2010/02/16 05:42:21 | 000,000,000 | ---D | M]
Ad-Aware Update (Daily 1).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 1).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 2).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 2).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 3).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 3).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 4).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 4).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINNT\Tasks\Ad-Aware Update (Weekly).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< %ProgramFiles%\Movie Maker\*.dll >
wmm2ae.dll -> C:\Program Files\Movie Maker\wmm2ae.dll -> [2008/04/13 19:12:09 | 000,167,936 | ---- | M] (Microsoft Corporation)
wmm2eres.dll -> C:\Program Files\Movie Maker\wmm2eres.dll -> [2008/04/13 19:12:09 | 000,004,096 | ---- | M] (Microsoft Corporation)
wmm2ext.dll -> C:\Program Files\Movie Maker\wmm2ext.dll -> [2008/04/13 19:12:09 | 000,007,680 | ---- | M] (Microsoft Corporation)
wmm2filt.dll -> C:\Program Files\Movie Maker\wmm2filt.dll -> [2008/04/13 19:12:09 | 000,402,432 | ---- | M] (Microsoft Corporation)
wmm2fxa.dll -> C:\Program Files\Movie Maker\wmm2fxa.dll -> [2008/04/13 19:12:09 | 000,502,272 | ---- | M] (Microsoft Corporation)
wmm2fxb.dll -> C:\Program Files\Movie Maker\wmm2fxb.dll -> [2008/04/13 19:12:09 | 000,325,632 | ---- | M] (Microsoft Corporation)
wmm2res.dll -> C:\Program Files\Movie Maker\wmm2res.dll -> [2008/04/13 19:12:09 | 004,256,768 | ---- | M] (Microsoft Corporation)
wmm2res2.dll -> C:\Program Files\Movie Maker\wmm2res2.dll -> [2008/04/13 19:12:09 | 000,005,632 | ---- | M] (Microsoft Corporation)
wmmfilt.dll -> C:\Program Files\Movie Maker\wmmfilt.dll -> [2002/08/29 07:00:00 | 000,110,648 | ---- | M] (Microsoft Corporation)
wmmres.dll -> C:\Program Files\Movie Maker\wmmres.dll -> [2002/08/29 07:00:00 | 000,319,542 | ---- | M] (Microsoft Corporation)
wmmutil.dll -> C:\Program Files\Movie Maker\wmmutil.dll -> [2002/08/29 07:00:00 | 000,163,897 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: ALLUSERSAPPDATA
< %SYSTEMROOT%\*.tmp >
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
< %PROGRAMFILES%\Internet Explorer\*.dll >
custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2006/11/07 21:03:36 | 000,033,792 | ---- | M] (Microsoft Corporation)
hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2009/03/08 03:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation)
iecompat.dll -> C:\Program Files\Internet Explorer\iecompat.dll -> [2009/10/01 23:44:07 | 000,092,160 | ---- | M] (Microsoft Corporation)
iedvtool.dll -> C:\Program Files\Internet Explorer\iedvtool.dll -> [2009/03/08 03:35:32 | 000,742,912 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2009/12/21 14:14:03 | 000,246,272 | ---- | M] (Microsoft Corporation)
jsdbgui.dll -> C:\Program Files\Internet Explorer\jsdbgui.dll -> [2009/03/08 03:35:02 | 000,521,216 | ---- | M] (Microsoft Corporation)
jsdebuggeride.dll -> C:\Program Files\Internet Explorer\jsdebuggeride.dll -> [2009/03/08 03:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation)
JSProfilerCore.dll -> C:\Program Files\Internet Explorer\JSProfilerCore.dll -> [2009/03/08 03:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation)
jsprofilerui.dll -> C:\Program Files\Internet Explorer\jsprofilerui.dll -> [2009/03/08 03:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation)
pdm.dll -> C:\Program Files\Internet Explorer\pdm.dll -> [2009/01/07 17:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation)
sqmapi.dll -> C:\Program Files\Internet Explorer\sqmapi.dll -> [2009/01/07 17:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation)
xpshims.dll -> C:\Program Files\Internet Explorer\xpshims.dll -> [2009/12/21 14:14:05 | 000,012,800 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: DriveLetter
< %systemroot%\system32\*.dll /lockedfiles >
13 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp ->
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS /md5 /s >
AGP440.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\ERDNT\cache\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\ServicePackFiles\i386\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\system32\dllcache\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\system32\drivers\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINNT\$NtServicePackUninstall$\agp440.sys -> [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS /md5 /s >
atapi.sys : .cab file -> C:\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINNT\system32\ReinstallBackups�06\DriverFiles\i386\atapi.sys -> [2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\ERDNT\cache\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\system32\dllcache\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\system32\drivers\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINNT\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
< %systemdrive%\EVENTLOG.DLL /md5 /s >
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\ERDNT\cache\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\system32\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINNT\$NtServicePackUninstall$\eventlog.dll -> [2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation)
EventLog.dll : MD5=CAD468899536326818AE00BF0A750F9C -> C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll -> [2004/12/13 10:37:30 | 000,028,791 | ---- | M] ()
< %systemdrive%\IASTOR.SYS /md5 /s >
iaStor.sys : MD5=18E3972D9632485D80D609D4674F9D83 -> C:\OEMDRVRS\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
iaStor.sys : MD5=18E3972D9632485D80D609D4674F9D83 -> C:\WINNT\system32\drivers\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
< %systemdrive%\NETLOGON.DLL /md5 /s >
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\ERDNT\cache\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\system32\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINNT\$NtServicePackUninstall$\netlogon.dll -> [2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SCECLI.DLL /md5 /s >
scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINNT\$NtServicePackUninstall$\scecli.dll -> [2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\ERDNT\cache\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\system32\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
13 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp ->
< %systemroot%\Tasks\*.job /lockedfiles >
< c:\$recycle.bin\*.* /s >
Restore point Set: OTS Restore Point (68719476736)

[Alternate Data Streams]
@Alternate Data Stream - 479 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 88 bytes -> C:\WINNT\sndvol32.exe:SummaryInformation
< End of report >

~~~~~~~~~~
VirScan

VirSCAN.org Scanned Report :
Scanned time : 2010/03/04 07:00:01 (CST)
Scanner results: Scanners did not find malware!
File Name : brunin03.dll
File Size : 147456 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 46ae67007ed872050db3ba9615283eb5
SHA1 : 07ef57b1c06da4e28800af6a90ee815b28ebdb49
Online report : http://virscan.org/r...db91830323.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100304053904 2010-03-04 6.22 -
AhnLab V3 2010.03.04.00 2010.03.04 2010-03-04 1.03 -
AntiVir 8.2.1.180 7.10.4.192 2010-03-03 0.31 -
Antiy 2.0.18 20100302.3946376 2010-03-02 0.02 -
Arcavir 2009 201003031711 2010-03-03 0.05 -
Authentium 5.1.1 201003031107 2010-03-03 1.51 -
AVAST! 4.7.4 100303-0 2010-03-03 0.01 -
AVG 8.5.720 271.1.1/2720 2010-03-03 0.25 -
BitDefender 7.81008.5367913 7.30613 2010-03-04 5.60 -
ClamAV 0.95.3 10507 2010-03-04 0.04 -
Comodo 3.13.579 4136 2010-03-03 0.93 -
CP Secure 1.3.0.5 2010.03.04 2010-03-04 0.09 -
Dr.Web 5.0.1.12222 2010.03.04 2010-03-04 5.81 -
F-Prot 4.4.4.56 20100303 2010-03-03 1.53 -
F-Secure 7.02.73807 2010.03.03.13 2010-03-03 10.40 -
Fortinet 11.546- 11.546 2010-03-03 0.21 -
GData 19.10730/19.795 20100303 2010-03-03 6.57 -
ViRobot 20100303 2010.03.03 2010-03-03 0.47 -
Ikarus T3.1.01.80 2010.03.03.75324 2010-03-03 4.93 -
JiangMin 13.0.900 2010.03.03 2010-03-03 4.92 -
Kaspersky 5.5.10 2010.03.03 2010-03-03 0.17 -
KingSoft 2009.2.5.15 2010.3.3.19 2010-03-03 0.59 -
McAfee 5.3.00 5909 2010-03-03 3.63 -
Microsoft 1.5502 2010.03.03 2010-03-03 6.78 -
Norman 6.01.09 6.01.00 2010-02-10 4.02 -
Panda 9.05.01 2010.03.03 2010-03-03 1.88 -
Trend Micro 9.120-1004 6.889.00 2010-03-03 0.03 -
Quick Heal 10.00 2010.03.03 2010-03-03 1.40 -
Rising 20.0 22.37.02.04 2010-03-03 1.07 -
Sophos 3.04.1 4.50 2010-03-04 3.61 -
Sunbelt 3.9.2406.2 5742 2010-03-03 3.00 -
Symantec 1.3.0.24 20100303.005 2010-03-03 0.05 -
nProtect 20100302.01 7621007 2010-03-02 4.49 -
The Hacker 6.5.1.7 v00220 2010-03-03 0.38 -
VBA32 3.12.12.2 20100301.2254 2010-03-01 2.71 -
VirusBuster 4.5.11.10 10.121.1/2014475 2010-03-04 2.42 -

~~~~~~~~~~
DrWeb

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Moved.;
4b03edab.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b03edab.qua;Probably Trojan.Packed.Based;;
4b03edab.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4b28d602.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b28d602.qua;Probably Trojan.Packed.Based;;
4b28d602.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4b56db28.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b56db28.qua;Probably Trojan.Packed.Based;;
4b56db28.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4bb5f5b1.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4bb5f5b1.qua;Probably Trojan.Packed.Based;;
4bb5f5b1.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
A0113675.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.;
A0113676.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.;
A0120496.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.;
A0120497.EXE.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.NewDotNet;Moved.;
NNWDAB638.EXE.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.NewDotNet;Moved.;
VVSNInst.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.;
CouponPrinter.exe\data012;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data013;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data015;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data016;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe;C:\Documents and Settings\SusanCheetah\My Documents;Container contains infected objects;Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;Moved.;
mirc.exe;C:\Program Files\mIRC\backup;Program.mIRC.617;Moved.;
_desktop.ini;C:\WINNT\Resources\Themes\VistaCG127\material;Win32.HLLW.Gavir.ini;Deleted.;
_desktop.ini;C:\WINNT\Resources\Themes\VistaCG127\material\basic;Win32.HLLW.Gavir.ini;Deleted.;

~~~~~~~~~~
Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, March 6, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, March 05, 2010 03:03:49
Records in database: 3693272
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
H:\

Scan statistics:
Objects scanned: 95975
Threats found: 4
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 07:24:56


File name / Threat / Threats count
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0113675.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0113676.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0120496.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0120497.EXE.bac_a03392 Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mirc___0.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\NNWDAB638.EXE.bac_a03392 Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\VVSNInst.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1151\A0273437.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1151\A0273438.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

Selected area has been scanned.

#11 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 06 March 2010 - 09:57 AM

Hey,

How is your computer doing?
Lavasoft Volunteer Security Advisor




#12 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 06 March 2010 - 10:09 AM

Hey,

How is your computer doing?


I haven't tried to run the Ad-Aware yet, paranoid that it might lock up on me again. But other than the scans taking quite some time to perform (its about 8 years old), it hasn't complained too much. I'm gonna try to restore some of the items the scans have flagged (like mIRC) once I find out why Ad-Aware is locking up.

#13 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 08 March 2010 - 05:24 AM

Hey Avanguard,

Your logs look clean. I think Ad Aware problem is not likely to have been caused by malware. Are there any more issues you would like to raise before I post the prevention speech? :(
Lavasoft Volunteer Security Advisor




#14 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 09 March 2010 - 02:12 AM

Hey Avanguard,

Your logs look clean. I think Ad Aware problem is not likely to have been caused by malware. Are there any more issues you would like to raise before I post the prevention speech? ;)


If the logs are clean, then why do you suppose Ad-Aware keeps locking up when I try to view its detection report? Should I go through the headache of re-downloading it, uninstalling again, and reinstalling? Is there a surefire way to get it to work like it is supposed to as opposed to locking up?

Though downloading it will be a headache either way. The internet connection has been very unstable since last december. It diconnected me 15 times just trying to post this reply.

#15 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 09 March 2010 - 02:48 PM

Hey Avanguard,

mIRC is a P2P program that can bring about security risks due to its file-sharing capability, it's highly recommended that you uninstall them and don't install them again. It could be the very source of viruses on your computer.

Unfortunately, I could not see anything in your log that could have caused the AdAware to freeze, and I doubt it is caused by virus block. As you have said, your computer is 8 years old, it's very likely that the RAM (random access memory) size or your computer's functionality is what causes the slow scanning time. As for the freezing problem you'll have to contact AdAware directly to sort out the problem as I am not familiar with the inner workings of this software. Regarding the internet connection, please contact your ISP and they will provide the necessary help to sort out the problem. It could be a modem problem, which will be beyond my expertise.

Anyway, I'll post the cleaning speech and prevention speech now since your logs are clean. ;)

Cleanup

1) Update Adobe Reader

Please uninstall the current version of Adobe you have and go here to install the latest version.

2) Disable "Show Hidden Files and Folders" Option
  • Go to Start>Control Panel and go under Appearances and Themes
  • Click on Folder Options and go under View tab
  • Ensure that "Show hidden files and folders" is NOT ticked and click Apply
3) Remove Tools With OTC

Please download OTC.
  • Save it to your desktop.
  • Double Click on OTC.exe, a window will appear.
  • Please press the CleanUp! Button.
  • You may be asked to reboot, click "Yes".
4) Uninstall ComboFix
  • Click START then RUN
  • Now type ComboFix /uninstall in the runbox and click OK. Note the space between the x and the /, it needs to be there.
    Posted Image
5) Re-enable Avira Antivir
  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background.
  • Right-click on the icon and check the option AntiVir Guard enable.
  • Restart your computer.
6) Run TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
7) Reset System Restore Points

You should Create a New Restore Point to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore.
Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.
Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • If the shortcut is missing you can also click on START > RUN > and type in %SystemRoot%\system32\restore\rstrui.exe and click OK
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
  • Give the new Restore Point a name, then click "Create".
  • The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use the Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr.exe
  • Select the drive where Windows is installed and click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
  • On the Disk Cleanup tab, if the System Restore: Obsolete Data Stores entry is available remove them also.
  • These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.

Posted Image Posted Image

Additional information
Microsoft KB article: How to turn off and turn on System Restore in Windows XP
Bert Kinney's site: All about Windows System Restore


Prevention Speech

Below are some recommendations to protect your computer against malware infections.

1) Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

2) To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

Complementary programs (does not conflict with any software that offers real time protection)

* SpywareBlaster- Prevents malicious Active-X controls from installing in the first place and reducing your chances of infection of spyware.
* IE-SpyAd- Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites which actually installs malicious codes onto your system. (Tutorial available here)
* MVPS Hosts file- Replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Firewalls

You should also have a good firewall. Here are 4 free ones available for personal use (please turn OFF your Windows firewall after installing ONE of the following):

* Sygate Personal Firewall
* Kerio Personal Firewall
* ZoneAlarm
* Comodo Firewall Pro

It is critical to have only ONE firewall, ONE anti virus and ONE anti-spyware resident protection running to protect your system and to keep them updated. Take note that not ALL programs offer real time protection, for a list of programs that DO offer real time protection, look here

3) Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
4) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

5) Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Please post back telling me if there are any further problems. If everything is working properly, I will mark this as Resolved.
Lavasoft Volunteer Security Advisor




#16 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 16 March 2010 - 02:33 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !
Lavasoft Volunteer Security Advisor




#17 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 20 March 2010 - 06:17 PM

Topic re-opened at the request of Member ;) He's got a slow connection and has some trouble getting back in but he had some questions for you, Lt
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#18 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 21 March 2010 - 02:59 AM

Thank you. I'll keep it brief. :)

I tried the firewalls, particularly Zone Alarm. I found out that firewalls don't play nice with my ISP's connection software client. It in fact makes it near impossible to connect to the internet. My ISP's tech support line said to just disable it.

I've updated adobe reader, added in SpywareBlaster, and already use FireFox (since version 0.8).

Ad-Aware insists there's now at least 62 detections when it does a smart scan but it still hangs and locks up when it tries to display them. So unfortunately I don't have a clue what to do anymore. But I did put some of the suggestions in this thread to use.

#19 Ltangelic

Ltangelic

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 211 posts

Posted 02 April 2010 - 01:03 PM

I am really sorry for the delay, somehow my email notification has not worked as it should. Do you still need help?
Lavasoft Volunteer Security Advisor




#20 Avanguard

Avanguard

    Member

  • Members
  • PipPip
  • 23 posts

Posted 03 April 2010 - 08:07 PM

I am really sorry for the delay, somehow my email notification has not worked as it should. Do you still need help?


That's okay, mine doesn't tell me either, so I have to check for replies directly.

Anyway, do you think an older version of Ad-Aware would help, since the current version keeps flaking out on me? Such as reverting to Ad-Aware 2007/2008?

And would anyone happen to know of a firewall that plays nice with AOL ISP client off-shoots (Netscape Connect)?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users