BWarriner

Members
  • Content Count

    66
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by BWarriner

  1. Ok, thanks. On a side note, when you goto Lavasoft's main page here: https://www.adaware.com, then Click on "Community" > "Forum", it just reroutes back to the main page with this URL: https://www.adaware.com/community?mkey1=DIRECT&https://forum.adaware.com . This has been happening in both Microsoft Edge and IE for the past several weeks. I have to google search for Lavasoft Adaware Forum to get the correct URL: https://forum.adaware.com/
  2. Thanks for the tips. I uninstalled AdAware, rebooted, then I downloaded and ran your Lavasoft AdAware Removal Tool: https://www.adaware.com/removal-tool, after restarting, I happened to check "Show which icons to appear on the taskbar" and I see 2 instances of AdAwareTray.exe that still appear as icons even after uninstalling Adaware and running the removal tool (which I anticipate may have been a side effect of my problem.) I did a online search and found both a Microsoft discussion that involves a manual removal/reset process: https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/uninstalled-items-are-still-showing-in-under-start/7c9b7ca8-18d2-4d43-bda0-4b9ba4b16587 And a separate forum discussion on tenforums.com that includes a .bat file that automates the Icon cache reset process: https://www.tenforums.com/tutorials/5662-reset-notification-area-icons-windows-10-a.html This cleared the 2 instances of AdAwareTray.exe that were appearing. I reinstalled a clean version of AdAware (Version 12.10.142.0), however, the icon still does not appear to display anything when hovering over it with your mouse. Maybe it's not supposed to?
  3. Some months ago, I let my OCD get the best of me and attempted to correctly respell the Adaware startup menu folder and taskbar icon to include the capitol "A" at the beginning (vs. the adaware folder/icon that appears now) In doing so, I believe I corrupted the taskbar icon so now when you hover over it with your mouse, it doesn't display any name at all. I uninstalled/reinstalled Adaware, eventually leaving the startup menu folder to just "adaware" (and its subfolders to "adaware antivirus" and "adaware antivirus support", however, even after a clean installation, the taskbar tray icon simply doesn't reflect any name when hovering over it (say vs. Norton 360 that displays "Norton 360" when hovering over it.) I was wondering if there is a way to fix this? Currently using Adaware Antivirus Free version 12.10.142.0 However, this issue persisted in the past couple of versions as well. Thanks.
  4. Upon rebooting my computer today (Windows 7 Pro), I received an error message from BitDefender Threat Scanner, "A problem has occurred in BitDefender Threat Scanner. A file containing erro information has been created at C:\Windows\TEMP\8040f9f7-70e0-469a-90a3-4c125905613c\Bit Defender Threat Scanner.dmp. You are strongly encouraged to send the file to the developers of the application for further investigation of the error." This occurs at both reboot as well as if I attempt to manually start Adaware Antivirus. Any suggestions?
  5. Thanks for the information and no worries. This Dimension XPS 2nd generation desktop is really old (12+ years) but it still works just fine (albeit, very slowly), unfortunately, I am not able to upgrade to Windows 7 cleanly without having to scour Dell for additional drivers, etc which is also one of the reasons I never updated AdAware on it either since I have heard that the newer versions conflict with Norton more critically than previous versions did. system is really old, and have been saving up for a new one before installing. I will delete the Upgrade Advisor and download directly from Microsoft. Thanks for your support and assistance.
  6. Still running Adaware 9.6.0 and it flags the CNet Windows 7 Upgrade Advisor.exe as a possible Trjoan. Please let me know if this is a False Positive? Thanks. Scan_2014-08-30-12-31-17.log cnet2_Windows7UpgradeAdvisorSetup_exe.zip
  7. Thanks, CecilaB for those links. It's good to know that Lavasoft has moved to a full-featured product. When my Norton360 license expires, I will most likely remove Norton360 and purchase the full version of AdAware 10 and run just the one program. I have to admit, the times in the past that I have had issues, I've found Lavasoft's support forums' Moderator suggestions and resolution team have always resolved my issues second to none. I can't say that about Norton at all.
  8. Glad I found this thread. I had waited on AdAware 10 for several months before installing it, I did a clean uninstall of AdAware 9, went to install 10, and can't get past the 'Please uninstall Norton 360 to continue' prompt. AdAware 9 worked well in conjunction with Norton 360 (although, over the last couple of months, I would receive error shut down messages for AdAware 9 that I believe were conflicting with Norton 360) but both apps still appeared to work together most of the times. Hopefully, the good folks at Lavasoft will figure out how to get AdAware 10 to work simultaneously with Norton products in the future.
  9. The problem now is that I am unable to remove, edit. modify the GUI listing under the Quarantine tab. Whatever I attempt to do to remove the listing doesn't work, it just reverts back to 'Do Nothing'. I thought it had fixed itself once I rebooted, but it simply reappeared under the Quarantine tab. How do I remove this listing from the GUI?
  10. Ok, next question. I want to restore this instance back to the original Norton 360 location. Everytime I click on restore from the Quarantine tab in Ad-Aware, all it does is display 'Do Nothing' immediately afterwards. If I click on 'Custom' it adds the instance to the Ignore List. I am unable to remove or restore this instance at all from Ad-Aware. Removing the file from C:Documents and Settings > Application Data > Lavasoft > Quarantine folder doesn't affect the listing, nor does removing C:Documents and Settings > Application Data > Lavasoft > Logs text file do anything to change what appears in the Quarantine GUI. Any advice?
  11. Based on your guide for posting False Positives, the download instructions for XP state to navigate to: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine which is what I zipped above already. The location that the potential FP was quarantined from within the Norton folder is unaccesible to me at all. I receive an "Access is Denied" message. Should I be looking for this file somewhere else? I did a physical search for "e2f37708.tmp" and found nothing on the C drive. I would like to add, it occured to me that about a week or so ago, Norton 360 stopped a trojan while browsing the internet via Sandboxie. Since this is the first time I have run across malware while sandboxed, how does that instance interact with Norton 360? I believe that once I close Sandboxie the malware is removed, or because Norton 360 caught it, it sill makes a record within it's own files possibly?
  12. Currently residing in the Quarantine of Adaware, please let me know if this is a false positive. Based on what Adaware is telling me, will it automatically delete upon reboot?
  13. akcan, can you please create a separate thread for your issue so I can get a more expedited response for mine?
  14. The latest build (11614?) caught this .exe which I believe is part of the ERUNT backup registry tool. Skipped items: Description: c:\windows\erdnt\4-5-2011\erdnt.exe Family Name: FraudTool.Win32.AVSoft (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 89afdd29832aa923926bdd4b5f5243d5
  15. Scanned tonight and found this in restore point: Skipped items: Description: c:\system volume information\_restore{7a6f618d-78bf-4e7a-b2b6-97391d98afc5}\rp88\a0011353.exe Family Name: FraudTool.Win32.AVSoft (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 89afdd29832aa923926bdd4b5f5243d5 Scan and cleaning complete: Finished correctly after 15995 seconds I suspect it is a false positive, but please clarify. Thanks.
  16. [quote name='CeciliaB' post='128846' date='Aug 15 2011, 06:51 AM']Hi BWarriner, I can't see any malicious files in your logs and I don't believe that you have downloaded anything bad.[/quote] Ok, thanks for checking.
  17. OTL Extras logfile created on: 8/13/2011 11:55:33 AM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\xxxxxx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 75.60% Memory free 5.09 Gb Paging File | 4.36 Gb Available in Paging File | 85.55% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 435.18 Gb Free Space | 93.44% Space Free | Partition Type: NTFS Drive H: | 465.75 Gb Total Space | 194.83 Gb Free Space | 41.83% Space Free | Partition Type: NTFS Computer Name: D4G6V31 | User Name: xxxxxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color="#E56717"]========== Extra Registry (SafeList) ==========[/color] [color="#E56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color="#E56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#E56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color="#E56717"]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color="#E56717"]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) [color="#E56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Roxio 2010\Venue\Venue.exe" = C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue -- (Sonic Solutions) "C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(tm) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) [color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{01287DE9-6EEB-488D-99C7-FE3C707A87AC}" = BIAS SoundSoap SE 2.2 "{0C114B7C-9696-4392-9062-C4C0F7249DCB}" = hp deskjet 9600 series "{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert "{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(tm) 6 Update 26 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support "{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content "{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer "{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB "{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack "{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8 "{9ED6519B-324A-4C66-98EE-E3F54281BA78}" = Atlantis "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy "{CEC384BB-09FA-4940-91C0-4DE29402A827}" = hpg8270QFolder "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D56C7EAB-BEE6-4D51-86CF-419FFC07FF11}_is1" = iolo technologies' Search and Recover "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}" = MediaFACE II "{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = Dell TrueMobile 2300 Wireless Broadband Router Control Utility "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2 "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10 "ATI Display Driver" = ATI Display Driver "Audio Editor Pro_is1" = Audio Editor Pro 2.97 "BCM V.92 56K Modem" = BCM V.92 56K Modem "ERUNT_is1" = ERUNT 1.1j "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HPOCR" = HP OCR Software 9.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{9ED6519B-324A-4C66-98EE-E3F54281BA78}" = Dell Movie Studio Diagnostics "LightZone 3.7" = LightZone 3.7 "LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "N360" = Norton 360 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 12.0" = RealPlayer "Roxio PhotoShow" = Roxio PhotoShow "Sandboxie" = Sandboxie 3.56 (32-bit) "Tweak UI 2.10" = Tweak UI "ULTIMATER" = Microsoft Office Ultimate 2007 "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color="#E56717"]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "Winamp Detect" = Winamp Detector Plug-in [color="#E56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 7/18/2011 6:45:34 PM | Computer Name = D4G6V31 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 7/22/2011 6:14:25 PM | Computer Name = D4G6V31 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 7/24/2011 2:20:40 PM | Computer Name = D4G6V31 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/25/2011 8:06:03 PM | Computer Name = D4G6V31 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 7/29/2011 1:26:38 PM | Computer Name = D4G6V31 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 8/1/2011 6:53:13 PM | Computer Name = D4G6V31 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 8/5/2011 5:26:23 PM | Computer Name = D4G6V31 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 8/8/2011 6:00:11 PM | Computer Name = D4G6V31 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 8/9/2011 7:31:06 PM | Computer Name = D4G6V31 | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 8/12/2011 6:26:19 PM | Computer Name = D4G6V31 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = [ OSession Events ] Error - 5/17/2010 2:22:11 AM | Computer Name = D4G6V31 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1509 seconds with 780 seconds of active time. This session ended with a crash. Error - 5/19/2010 12:30:25 AM | Computer Name = D4G6V31 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 602 seconds with 300 seconds of active time. This session ended with a crash. Error - 5/20/2010 11:24:24 PM | Computer Name = D4G6V31 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 991 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 8/10/2011 3:40:37 PM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdate) service failed to start due to the following error: %%3 Error - 8/10/2011 3:40:37 PM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect. Error - 8/11/2011 10:29:04 AM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdate) service failed to start due to the following error: %%3 Error - 8/11/2011 10:29:04 AM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect. Error - 8/12/2011 6:23:04 PM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdate) service failed to start due to the following error: %%3 Error - 8/12/2011 6:23:04 PM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect. Error - 8/12/2011 8:15:01 PM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7034 Description = The Sandboxie Service service terminated unexpectedly. It has done this 1 time(s). Error - 8/12/2011 8:15:14 PM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 8/13/2011 12:14:50 PM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdate) service failed to start due to the following error: %%3 Error - 8/13/2011 12:14:50 PM | Computer Name = D4G6V31 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect. < End of report >
  18. OTL logfile created on: 8/13/2011 11:55:33 AM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\xxxxxx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 75.60% Memory free 5.09 Gb Paging File | 4.36 Gb Available in Paging File | 85.55% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 435.18 Gb Free Space | 93.44% Space Free | Partition Type: NTFS Drive H: | 465.75 Gb Total Space | 194.83 Gb Free Space | 41.83% Space Free | Partition Type: NTFS Computer Name: D4G6V31 | User Name: xxxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\xxxxxxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Sandboxie\SandboxieRpcSs.exe (SANDBOXIE L.T.D) PRC - C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (SANDBOXIE L.T.D) PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\xxxxxxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\asoehook.dll (Symantec Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation) MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation) [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - (HidServ) -- File not found SRV - (gupdate) Google Update Service (gupdate) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation) SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe () SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe () SRV - (RoxWatch12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions) SRV - (RoxMediaDB12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions) SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.) SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe () SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.) SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) [color="#E56717"]========== Driver Services (SafeList) ==========[/color] DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110813.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110813.002\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110812.030\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110723.001\BHDrvx86.sys (Symantec Corporation) DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360501000.01D\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360501000.01D\SRTSPX.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360501000.01D\SYMTDI.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360501000.01D\SYMEFA.SYS (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360501000.01D\SYMDS.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360501000.01D\Ironx86.SYS (Symantec Corporation) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SaibVd32) -- C:\WINDOWS\system32\drivers\SaibVd32.sys (Sonic Solutions) DRV - (SahdIa32) -- C:\WINDOWS\System32\Drivers\SahdIa32.sys (Sonic Solutions) DRV - (SaibIa32) -- C:\WINDOWS\System32\Drivers\SaibIa32.sys (Sonic Solutions) DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.) DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.) DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.) DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd) DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd) DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd) DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd) DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén)) DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.) DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\ctsblfx.dll (Creative Technology Ltd) DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\ctaudfx.dll (Creative Technology Ltd) DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\commonfx.dll (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (EMATCORE) -- C:\WINDOWS\system32\drivers\AtlsVid.sys (Dell Computer Corporation) DRV - (AtlsAud) -- C:\WINDOWS\system32\drivers\AtlsAud.sys (Dell Computer Corporation) DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/09 13:19:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/07/07 09:39:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_0_8 [2011/08/13 11:14:19 | 000,000,000 | ---D | M] [2010/05/18 17:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xxxxxx\Application Data\Mozilla\Extensions [2010/05/18 17:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xxxxxx\Application Data\Mozilla\Extensions\[email protected] O1 HOSTS File: ([2010/05/15 10:33:04 | 000,607,013 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 ads.active.com O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 127.0.0.1 cms.ad2click.nl O1 - Hosts: 127.0.0.1 ads.ad2games.com O1 - Hosts: 127.0.0.1 content.ad20.net O1 - Hosts: 16040 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - Startup: C:\Documents and Settings\xxxxxx\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites) O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"]http://download.macromedia.com/pub/shockwa...director/sw.cab[/url] (Shockwave ActiveX Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [url="http://www.evite.com/html/imageUpload/ImageUploader5.cab"]http://www.evite.com/html/imageUpload/ImageUploader5.cab[/url] (Image Uploader Control) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} [url="https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab"]https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab[/url] (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Dell.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Dell.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/05/14 07:54:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/08/13 11:54:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xxxxxx\Desktop\OTL.exe [2011/08/09 17:36:09 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2011/08/09 17:35:46 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2011/08/08 17:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie [2011/07/17 17:40:44 | 000,289,280 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe [2011/07/17 17:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\WINDOWS [2011/07/15 00:38:46 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2010/05/17 19:46:28 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [color="#E56717"]========== Files - Modified Within 30 Days ==========[/color] [2011/08/13 11:54:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxxx\Desktop\OTL.exe [2011/08/13 11:29:48 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-764733703-725345543-1003.job [2011/08/13 11:29:48 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-764733703-725345543-1003.job [2011/08/13 11:27:12 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\xxxxxx\Desktop\Outlook 2007.lnk [2011/08/13 11:24:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/08/13 11:14:56 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/08/13 11:14:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/08/13 11:13:59 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/08/13 11:13:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/08/12 23:51:46 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx [2011/08/12 23:51:46 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx [2011/08/12 23:51:46 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx [2011/08/12 23:51:46 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx [2011/08/12 23:51:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011/08/12 23:51:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011/08/12 23:51:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat [2011/08/12 23:51:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat [2011/08/12 17:26:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/08/12 17:26:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/08/09 17:56:54 | 000,484,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/08/09 17:56:54 | 000,080,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/08/09 17:54:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/08/09 17:53:55 | 002,004,220 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2011/08/08 17:39:01 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2011/08/08 17:37:51 | 000,002,302 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2011/08/08 17:25:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Desktop\Sandboxed Web Browser.lnk [2011/07/30 11:34:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Desktop\Word 2007.lnk [2011/07/25 19:23:14 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Desktop\Excel 2007.lnk [2011/07/25 10:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2011/07/15 00:38:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2011/08/08 17:37:51 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Desktop\Sandboxed Web Browser.lnk [2011/04/23 01:17:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/23 01:17:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/15 18:57:44 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/17 20:00:51 | 000,027,404 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Local Settings\Application Data\rx_audio.Cache [2010/12/05 11:50:39 | 000,142,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/07/25 21:43:01 | 000,052,220 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/06/13 11:10:01 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI [2010/05/28 15:04:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI [2010/05/28 14:47:20 | 000,127,786 | ---- | C] () -- C:\WINDOWS\hpgins23.dat [2010/05/28 14:47:20 | 000,000,280 | ---- | C] () -- C:\WINDOWS\hpgmdl23.dat [2010/05/21 22:16:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2010/05/19 00:17:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll [2010/05/17 22:40:05 | 000,716,976 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Local Settings\Application Data\rx_image32.Cache [2010/05/17 20:28:26 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat [2010/05/17 20:28:26 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat [2010/05/17 20:15:42 | 000,000,260 | ---- | C] () -- C:\WINDOWS\ARFolder.INI [2010/05/17 19:48:22 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2010/05/17 19:48:18 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2010/05/17 19:47:33 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini [2010/05/17 19:47:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2010/05/17 19:47:10 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2010/05/17 19:47:02 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2010/05/17 19:47:01 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat [2010/05/17 19:47:01 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT [2010/05/17 19:47:01 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2010/05/17 19:46:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2010/05/17 19:46:48 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2010/05/17 19:46:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE [2010/05/17 19:46:45 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2010/05/17 19:46:45 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2010/05/17 19:46:22 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000002.dat [2010/05/17 19:46:03 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat [2010/05/17 01:01:28 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2010/05/17 01:01:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\edtExt.dll [2010/05/16 12:15:47 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/05/15 10:50:04 | 000,002,302 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010/05/14 22:01:16 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL [2010/05/14 22:01:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2010/05/14 21:26:29 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Local Settings\Application Data\fusioncache.dat [2010/05/14 20:02:26 | 000,000,142 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2010/05/14 20:02:25 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2010/05/14 19:50:57 | 000,102,400 | R--- | C] () -- C:\WINDOWS\scrub2k.exe [2010/05/14 19:50:57 | 000,000,126 | R--- | C] () -- C:\WINDOWS\hpw9600k.ini [2010/05/14 19:50:01 | 000,014,136 | ---- | C] () -- C:\WINDOWS\hpdj9600.ini [2010/05/14 19:17:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2010/05/14 19:06:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010/05/14 19:05:12 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2010/05/14 08:46:01 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat [2010/05/14 08:44:55 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2010/05/14 08:27:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010/05/14 07:58:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/05/14 07:52:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/05/14 02:36:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/05/14 02:35:09 | 000,261,432 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/02/10 23:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010/02/10 23:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/04/23 17:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll [2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe [2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat [2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe [2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll [2003/07/16 11:48:28 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003/07/16 11:48:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003/07/16 11:35:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/07/16 11:35:06 | 000,484,092 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003/07/16 11:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/07/16 11:35:03 | 000,080,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003/07/16 11:33:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/07/16 11:28:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/07/16 11:28:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/07/16 11:21:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/07/16 11:20:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [color="#E56717"]========== LOP Check ==========[/color] [2010/05/17 21:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow [2010/05/19 00:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/05/17 21:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets [2010/05/17 21:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2011/05/14 00:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/05/17 21:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2010/05/18 18:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/07/16 18:17:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} [2010/12/13 13:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Application Data\Amazon [2010/11/06 00:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/05/17 21:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Application Data\GetRightToGo [2010/06/11 21:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Application Data\ICAClient [2010/05/17 21:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Application Data\Simple Star [2011/05/09 21:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Application Data\Tific [2010/05/16 18:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Application Data\Windows Search [2011/08/13 11:14:56 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [color="#E56717"]========== Purity Check ==========[/color] [color="#E56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFA09BFC < End of report >
  19. I recently fell for a data mining/spamming technique while using Craigslist for the first time to sell some old furniture (Disappointed that in all the reading on Craigslist's website about what cons to avoid, they did not mention this scam) but essentially, the data miner/spammer poses as an interested buyer, but deliberately leaves a phone number with no area code so that when you call and can't reach anyone, you reply back to the spammers email requesting additional clarification, then you subsequently begin receiving spam on that email address...) Ironically, I have only received 1 spam to date (this occured about 2-3 weeks ago, and the spammer actually included the original subject line reply from my Craigslist post) and the spam was attempting to get me to click on a link for a "Free iPad", which they had masked the link URL in the email. Since I was Sandboxed at the time of reading the email, I clicked on the link to see what would happen. While Sandboxed, I watched the URL address change several times, before the site finally loaded, however, before I could proceed on their site another popup box appeared with a 'no spam' logo on it (not sure if it was a trying to determine if I was a real person or a bot), but required that I had to click on it to proceed into their site. At this time, I simply closed the browser and terminated it in Sandboxie. Now my computer has always run a little slow since I installed MVPS Hosts and I run Sandboxie, and I do not appear to have any obvious infections (Ad-Aware nor Norton 360 has caught anything) but my question would be should I be alarmed or concerned that I may have inadvertently downloaded something from their website, or, have I just verified to the spammer that I am in fact a live person at that email address by simply clicking on their link?
  20. Ad-Aware version: 9.0.0 Extended engine: 3 Extended engine version: 3.1.2770 I believe this is a false-positive, but can you confirm please?
  21. I've noticed the last 5-8 times of running a full system scan (approximately once a week on Fridays), when the report is generated upon completion, it states that ~35447 objects were scanned (much fewere the the ~300k objects scanned before in the past.) I've actually ran Ad-Aware 'Full Scan' and watched the counter pass 35447 then leave and when I view the scan report upon completion, it always reports that it only scanned ~35447 objects. Is this something specific to Ad-Aware 8.2, is there a bug, or it is normal, or do you think my system is infected? While my system is generally slow (has been ever since I updated to Windows XP Pro SP3) I don't believe my system is infected and I've run Symantec Norton as well as Malwarebytes with no issues. I'm running a 3.0ghz P4, Windows XP Pro SP3, IE8, and Ad-Aware 8.2.