[Daian]

HELP!My computer is infected!it is working really really slow and does strange things like making a beeping sound while i m working on it(without a break) closing programs without a decent warning and doing things i don t ask for.I downloaded the trial version of Bitdefender(latest edition)-result of scan:critical warning at pc security,network security and identity control&requires attention at parental control.I also downloaded the trial version of Spyware doctor5.Result of scan-3 threats- spyware known bad sites,spyware.rogue_antispyware and adware.winfixer.the SD doesn t allow me to remove the threats without purchasing the full version.i have windows xp home edition.this is the Logfile of HijackThis v1.99.1
Scan saved at 16:55:47, on 08.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\DIANA\Desktop\HT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[Essexboy]

Hi there Daian lets see if I can help First off I would suggest you uninstall the trial versions of Bitdefender and Spyware Doctor as they may get in my way

To start .....

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

NEXT

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\hporclnr.exe
  
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  
• Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

FINALLY FOR NOW

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Logs required : OTMoveit, Combofix and a new Hijackthis log

[Essexboy]

thanks a lot for ur help&i hope this is the right place for posting my reply(my brain is encountering some virus symptomes too lately)here are my new hijackthis log and the combofix log:

Logfile of HijackThis v1.99.1
Scan saved at 12:20:26, on 09.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\DIANA\Desktop\HT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

R3 MOSUMAC;USB-Ethernet Driver;C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 12:06:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-09 12:07:32
.
--- E O F ---
thanks again!

[Essexboy]

Hi there Daian I am missing all of the combofix scan - could you repost it please

[Daian]

ComboFix 07-12-09.1 - DIANA 2007-12-09 18:31:40.2 - NTFSx86
Running from: C:\Documents and Settings\DIANA\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-07 20:08 . 2007-12-09 11:32 121 --a------ C:\WINDOWS\bdagent.INI
2007-12-07 19:56 . 2007-12-09 11:40 <DIR> d-------- C:\Program Files\BitDefender
2007-12-07 00:31 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-07 00:02 . 2007-12-09 11:39 <DIR> d-------- C:\Documents and Settings\DIANA\Application Data\PC Tools
2007-12-06 23:38 . 2007-12-09 11:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-06 23:38 . 2007-12-07 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-02 16:09 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-02 16:09 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-02 16:09 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-11-25 20:57 . 2003-03-11 11:04 266,240 --a------ C:\WINDOWS\system32\hpdj3500
2007-11-25 20:57 . 2003-10-17 16:31 138,577 --a------ C:\WINDOWS\hpdj3500.hi1
2007-11-25 20:57 . 2003-10-17 16:31 7,309 --a------ C:\WINDOWS\hpdj3500.bu1
2007-11-25 20:11 . 2007-11-25 20:11 <DIR> d-------- C:\Documents and Settings\DIANA\Application Data\HP
2007-11-21 16:23 . 2007-11-21 16:23 0 --a------ C:\OrbPVR.db
2007-11-21 15:47 . 2007-11-21 15:47 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-21 15:47 . 2007-11-24 16:12 16 --a------ C:\WINDOWS\system32\coh.cache
2007-11-21 15:16 . 2007-12-06 22:37 <DIR> d-------- C:\Program Files\Symantec
2007-11-21 15:16 . 2007-12-06 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-21 15:15 . 2007-12-06 22:39 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-11 11:48 . 2007-11-11 11:48 <DIR> d-------- C:\Xpc
2007-11-11 10:56 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-11 10:56 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-11 10:56 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-11 10:55 . 2007-11-11 10:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-11 10:53 . 2007-11-11 10:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-11 10:53 . 2007-11-11 10:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 19:42 --------- d-----w C:\Program Files\Ahead
2007-12-07 19:02 --------- d-----w C:\Program Files\MSN Messenger
2007-12-07 19:01 --------- d-----w C:\Program Files\Winamp
2007-12-06 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-11-25 18:57 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-11 07:59 --------- d-----w C:\Program Files\DivX
2007-10-31 22:06 --------- d-----w C:\Documents and Settings\DIANA\Application Data\Winamp
2007-10-22 15:52 --------- d-----w C:\Documents and Settings\DIANA\Application Data\Yahoo!
2007-10-14 08:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 07:57 3,294,208 ----a-w C:\StrongDC.exe
2007-10-13 22:12 --------- d-----w C:\Program Files\Bit Lord 1.1
2007-10-13 22:02 --------- d-----w C:\Program Files\Winamp Remote
2007-10-13 10:20 --------- d-----w C:\Program Files\Winamp Toolbar
2007-10-13 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-10-13 10:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-12 21:38 --------- d-----w C:\Program Files\Google
2007-10-12 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-12 14:28 --------- d-----w C:\Program Files\Yahoo!
2007-10-12 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-12 09:36 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-10-10 20:04 --------- d-----w C:\Program Files\HP
2007-10-10 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-10-10 17:16 --------- d--h--w C:\Program Files\Agilent-HP
2007-10-10 17:14 --------- d-----w C:\Documents and Settings\Lucia\Application Data\HP
2004-08-21 08:30 56 --sh--r C:\WINDOWS\system32\F81B67F41C.sys
2004-08-21 08:30 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
...back with the combofix scan after the slight problem with the reply...sry&thanks!

[Essexboy]

Thank you Daian - so to work

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\hpdj3500
C:\WINDOWS\hpdj3500.hi1
C:\WINDOWS\hpdj3500.bu1
C:\WINDOWS\system32\F81B67F41C.sys


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Could you look in this folder and copy the name of one or more .exe files or if you know what programme it is related to could you tell me C:\Xpc

FINALLY

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Close ALL OTHER PROGRAMS.
  
• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  
• Under Additional Scans click the checkboxes in front of the following items to select them:
  Reg - BotCheck
  
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

How is your computer now - is it behaving itself

[Daian]

WinPFind3 logfile created on: 09.12.2007 20:00:26
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\DIANA\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

255,48 Mb Total Physical Memory | 86,02 Mb Available Physical Memory | 33,67% Memory free
618,30 Mb Paging File | 406,76 Mb Available in Paging File | 65,79% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 2,75 Gb Free Space | 28,20% Space Free
Drive D: | 47,49 Gb Total Space | 47,43 Gb Free Space | 99,86% Space Free
Drive E: | 129,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free
F: Drive not present or media not loaded

Computer Name: TRIF-LUCIA
Current User Name: DIANA
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 03.09.2006 01:36:34 | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5014 | Size = 335872 bytes | Modified Date = 05.06.2003 11:35:00 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 14.10.2007 10:06:56 | Attr = ]
hp1005mc.exe -> %System32%\spool\drivers\w32x86\3\HP1005MC.EXE -> Software 2000 Limited [Ver = 4.0.0.34 | Size = 69632 bytes | Modified Date = 13.09.2006 15:25:00 | Attr = ]
hporclnr.exe -> %SystemDrive%\_OTMoveIt\MovedFiles\WINDOWS\hporclnr.exe -> [Ver = | Size = 104960 bytes | Modified Date = 11.08.2006 17:02:04 | Attr = R ]
monitor.exe -> %ProgramFiles%\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe -> Ulead Systems, Inc. [Ver = 8.0.0.0 | Size = 45056 bytes | Modified Date = 18.11.2003 16:20:46 | Attr = ]
orb.exe -> %ProgramFiles%\Winamp Remote\bin\Orb.exe -> Orb Networks, Inc. [Ver = 1, 2007, 731, 1315 | Size = 73728 bytes | Modified Date = 02.08.2007 03:02:12 | Attr = ]
orbtray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe -> Orb Networks [Ver = 2, 2007, 1007, 1530 | Size = 360448 bytes | Modified Date = 08.10.2007 02:18:50 | Attr = ]
orderreminder.exe -> %ProgramFiles%\Hewlett-Packard\OrderReminder\OrderReminder.exe -> Hewlett-Packard [Ver = 2, 1, 1, 29 | Size = 98304 bytes | Modified Date = 22.12.2005 06:00:24 | Attr = R ]
pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 28.11.2007 19:51:12 | Attr = ]
pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 28.11.2007 19:51:12 | Attr = ]
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 08.06.2007 16:59:38 | Attr = ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 36352 bytes | Modified Date = 10.10.2007 07:28:32 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21.11.2007 09:19:46 | Attr = ]
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30.08.2007 16:43:18 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %System32%\ati2evxx.exe -> [Ver = | Size = 282624 bytes | Modified Date = 03.06.2003 04:30:20 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0011 | Size = 114688 bytes | Modified Date = 05.06.2003 11:35:00 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 03.09.2006 01:36:34 | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04.08.2004 09:56:48 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 12.10.2007 15:48:50 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 03.09.2006 01:36:34 | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 28.11.2007 19:51:12 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10.10.2007 19:51:56 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5014 | Size = 335872 bytes | Modified Date = 05.06.2003 11:35:00 | Attr = ]
BitDefender Antiphishing Helper -> %ProgramFiles%\BitDefender\BitDefender 2008\IEShow.exe -> File not found
HP OrderReminder Cleaner -> %SystemDrive%\_OTMoveIt\MovedFiles\WINDOWS\hporclnr.exe -> [Ver = | Size = 104960 bytes | Modified Date = 11.08.2006 17:02:04 | Attr = R ]
OrderReminder -> %ProgramFiles%\Hewlett-Packard\OrderReminder\OrderReminder.exe -> Hewlett-Packard [Ver = 2, 1, 1, 29 | Size = 98304 bytes | Modified Date = 22.12.2005 06:00:24 | Attr = R ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 28.11.2007 19:51:12 | Attr = ]
Ulead AutoDetector -> %ProgramFiles%\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe -> Ulead Systems, Inc. [Ver = 8.0.0.0 | Size = 45056 bytes | Modified Date = 18.11.2003 16:20:46 | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 36352 bytes | Modified Date = 10.10.2007 07:28:32 | Attr = ]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 08.06.2007 16:59:38 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MsnMsgr -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe -> File not found
Orb -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe -> Orb Networks [Ver = 2, 2007, 1007, 1530 | Size = 360448 bytes | Modified Date = 08.10.2007 02:18:50 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 14.10.2007 10:06:56 | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30.08.2007 16:43:18 | Attr = ]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 08.06.2007 16:59:38 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 05.09.2007 23:48:58 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 05.09.2007 23:48:58 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 22:08:42 | Attr = ]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} [HKLM] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar BHO] -> AOL LLC [Ver = 5.1.6.2 | Size = 1135968 bytes | Modified Date = 04.10.2007 22:06:22 | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 31.10.2006 22:33:52 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19.01.2007 22:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 14.10.2007 10:06:56 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19.01.2007 22:55:32 | Attr = R ]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [HKLM] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC [Ver = 5.1.6.2 | Size = 1135968 bytes | Modified Date = 04.10.2007 22:06:22 | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 05.09.2007 23:48:58 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19.01.2007 22:55:32 | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19.01.2007 22:55:32 | Attr = R ]
WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKLM] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC [Ver = 5.1.6.2 | Size = 1135968 bytes | Modified Date = 04.10.2007 22:06:22 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 05.09.2007 23:48:58 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Winamp Toolbar Search -> %AllUsersAppData%\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6B6B801C-6D2A-4B05-A7DE-32F9C64481A2} -> (HighSpeed USB-Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000055-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.micros...cs/i386/fhg.CAB ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> Installation Support - CodeBase = C:\Program Files\Yahoo!\Common\Yinsthelper.dll ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -> Yahoo! Toolbar - CodeBase = http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> #%Ñp˜åÅà 5̪=Šbfe5ad35
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> ?PI82˜P’ç ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> ìV*oFÊ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> ÅâÒ
è»Qì§c7_ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> \AϬëÈ
->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> €oã”øyÄ
->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1721 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{6B6B801C-6D2A-4B05-A7DE-32F9C64481A2} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\System32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

[Files/Folders - Created Within 30 days]
OrbPVR.db -> %SystemDrive%\OrbPVR.db -> [Ver = | Size = 0 bytes | Created Date = 21.11.2007 16:23:48 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 09.12.2007 12:04:05 | Attr = ]
Xpc -> %SystemDrive%\Xpc -> [Folder | Created Date = 11.11.2007 11:48:45 | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 09.12.2007 11:53:14 | Attr = ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 11.11.2007 10:56:51 | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 11.11.2007 21:42:18 | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 11.11.2007 21:41:37 | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 11.11.2007 21:42:07 | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 15.11.2007 07:58:18 | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 11.11.2007 10:56:29 | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 11.11.2007 10:54:17 | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 11.11.2007 10:55:26 | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 11.11.2007 10:53:32 | Attr = H ]
bdagent.INI -> %SystemRoot%\bdagent.INI -> [Ver = | Size = 121 bytes | Created Date = 07.12.2007 20:08:02 | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 141824 bytes | Created Date = 09.12.2007 12:03:24 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 09.12.2007 12:06:47 | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 09.12.2007 12:03:24 | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 21.11.2007 15:47:26 | Attr = H ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 09.12.2007 18:34:05 | Attr = ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Created Date = 21.11.2007 15:47:49 | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 11.11.2007 10:53:42 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 09.12.2007 12:03:24 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 09.12.2007 12:03:24 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 09.12.2007 12:03:24 | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 09.12.2007 12:03:24 | Attr = ]
apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 11.11.2007 10:56:34 | Attr = ]
apph_sp.sdb -> %System32%\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 11.11.2007 10:56:34 | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 11.11.2007 10:56:34 | Attr = ]
COH_Mon.cat -> %System32%\drivers\COH_Mon.cat -> [Ver = | Size = 10592 bytes | Created Date = 02.12.2007 16:09:13 | Attr = R ]
COH_Mon.inf -> %System32%\drivers\COH_Mon.inf -> [Ver = | Size = 705 bytes | Created Date = 02.12.2007 16:09:13 | Attr = R ]
COH_Mon.sys -> %System32%\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,2,3 | Size = 22112 bytes | Created Date = 02.12.2007 16:09:13 | Attr = R ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 11.11.2007 10:53:42 | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 11.11.2007 10:53:52 | Attr = H ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 09.12.2007 11:32:12 | Attr = HS]
KAV -> %SystemDrive%\KAV -> [Folder | Modified Date = 06.12.2007 22:31:52 | Attr = ]
OrbPVR.db -> %SystemDrive%\OrbPVR.db -> [Ver = | Size = 0 bytes | Modified Date = 21.11.2007 16:23:50 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 09.12.2007 11:39:24 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 09.12.2007 18:33:00 | Attr = ]
Settings -> %SystemDrive%\Settings -> [Folder | Modified Date = 09.12.2007 12:51:58 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 09.12.2007 19:53:46 | Attr = ]
Xpc -> %SystemDrive%\Xpc -> [Folder | Modified Date = 11.11.2007 11:48:46 | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 09.12.2007 11:53:16 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 15.11.2007 07:58:00 | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 11.11.2007 10:56:54 | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 11.11.2007 21:42:20 | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 11.11.2007 21:41:40 | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 11.11.2007 21:42:08 | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 15.11.2007 07:58:22 | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 11.11.2007 10:56:30 | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 11.11.2007 10:54:22 | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 11.11.2007 10:55:30 | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 11.11.2007 10:53:34 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 11.11.2007 10:59:50 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 01.12.2007 22:48:02 | Attr = R S]
bdagent.INI -> %SystemRoot%\bdagent.INI -> [Ver = | Size = 121 bytes | Modified Date = 09.12.2007 11:32:52 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 09.12.2007 18:39:20 | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 141824 bytes | Modified Date = 08.12.2007 03:32:46 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 15.11.2007 22:37:24 | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 09.12.2007 12:06:48 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 11.11.2007 10:55:32 | Attr = ]
hpdj3500.his -> %SystemRoot%\hpdj3500.his -> [Ver = | Size = 26728 bytes | Modified Date = 25.11.2007 20:58:06 | Attr = ]
hpdj3500.ini -> %SystemRoot%\hpdj3500.ini -> [Ver = | Size = 4417 bytes | Modified Date = 25.11.2007 20:58:06 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 11.11.2007 21:42:22 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 07.12.2007 21:02:50 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 09.12.2007 11:33:22 | Attr = HS]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 21.11.2007 15:47:28 | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 09.12.2007 19:57:48 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 01.12.2007 22:48:40 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 09.12.2007 18:33:04 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 09.12.2007 19:53:46 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 06.12.2007 22:34:02 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 09.12.2007 18:39:42 | Attr = ]
ulead32.ini -> %SystemRoot%\ulead32.ini -> [Ver = | Size = 26 bytes | Modified Date = 07.12.2007 19:58:44 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 671 bytes | Modified Date = 11.11.2007 10:56:02 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 07.12.2007 19:58:12 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 11.11.2007 10:54:52 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 09.12.2007 18:39:22 | Attr = H ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 11.11.2007 10:56:20 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 06.12.2007 22:44:26 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 09.12.2007 10:47:10 | Attr = ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 24.11.2007 16:12:18 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 15.11.2007 07:58:44 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 09.12.2007 18:31:56 | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 11.11.2007 10:53:44 | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 11.11.2007 10:56:20 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 52764 bytes | Modified Date = 07.12.2007 00:34:28 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 380350 bytes | Modified Date = 07.12.2007 00:34:28 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 439552 bytes | Modified Date = 07.12.2007 00:34:28 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 04.12.2007 01:00:44 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 06.12.2007 15:59:24 | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 11.11.2007 10:54:42 | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 11.11.2007 10:53:54 | Attr = H ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 29.08.2002 14:00:00 | Attr = ]
FSG! , -> %System32%\divxdec.ax -> DivXNetworks, Inc. [Ver = 5.1.1.1031 | Size = 236544 bytes | Modified Date = 10.12.2003 15:36:10 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22.07.2007 18:39:28 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 04.12.2007 01:00:44 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 29.08.2002 14:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 29.08.2002 14:00:00 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04.08.2004 07:41:38 | Attr = ]

< End of report >

[Daian]

hello Essexboy!the C:\Xpc folder u asked about is the StrongDC++2.3 program I downloaded from the net..these are 3 .exe files I found related to it:STRONGDC.EXE-08B50B5D.pf,STRONGDC.EXE-1BAFDO14.pf,STRONGDC.EXE-3545E9E4.pf.My computer is behaving better-it isn t making that horrible sound anymore and is working much better(I`ve also deleted some files like cookies and music to encourage it)HOWEVER it askes me very often to block programs like StrongDC,messenger and so on.I reply "ask me later"(the most comfortable answer).And one more thing!at the moment I haven t got any antivirus program as I uninstalled it...thaaaaaanks for all ur help!

[Essexboy]

Hi Daian our first priority is to get you secure before anything else comes your way

Quote

HOWEVER it askes me very often to block programs like StrongDC,messenger and so on.

Is this your firewall ?

First to completely clear Norton Download the Norton Removal Tool

Next I will let you download the Antivirus I use if you don't like it you can change it later

Click HERE and download avast! 4 Home Edition to your desktop.

TO BEGIN

Go offline and run the Norton uninstall tool that you downloaded, a reboot will be needed

THEN

Locate asweng.exe that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose

• Scan all local disks
  
• scan archive files
  
• click on Schedule

On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

NOW TO CONTINUE THE CLEAN

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote

[Processes - Non-Microsoft Only]
YY -> hporclnr.exe -> %SystemDrive%\_OTMoveIt\MovedFiles\WINDOWS\hporclnr.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> HP OrderReminder Cleaner -> %SystemDrive%\_OTMoveIt\MovedFiles\WINDOWS\hporclnr.exe
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {381FFDE8-2394-4f90-B10D-FC6124A40F8C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Files/Folders - Modified Within 30 days]
NY -> hpdj3500.his -> %SystemRoot%\hpdj3500.his
NY -> hpdj3500.ini -> %SystemRoot%\hpdj3500.ini
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Logs required are : Winpfind report, Avast boot scan log (found in C:\Program Files\Alwil Software\Avast4\DATA\log\aswboot.log ) and a new Hijackthis log

[Daian]

CmdLine - quick
aswBoot.exe /A:"*" /L:"English" /archives /KBD:2
CmdLine end
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
NtAllocateVirtualMemory - stack
NtGetContextThread - NtCurrentThread
NtCreateThread - KbThread
CreateKbThread end
NtInitializeRegistry
KbThread start
ReadRegistry
DATA=C:\Program Files\Alwil Software\Avast4\DATA
PROG=C:\Program Files\Alwil Software\Avast4
BUILD=1098
Microsoft Windows XP Service Pack 2
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
cmnbInit
SetFolders
SetFolders end
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"*" /L:"English" /archives /KBD:2
CmdLine end
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,
6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,
2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,
4C,00,3A,00,22,00,45,00,6E,00,67,00,6C,00,69,00,
73,00,68,00,22,00,20,00,2F,00,61,00,72,00,63,00,
68,00,69,00,76,00,65,00,73,00,20,00,2F,00,4B,00,
42,00,44,00,3A,00,32,00,00,00,00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
NtSetEvent(g_hInitEvent) - 1
FreeMemory: 190636032
aswintegInitialize
InitKeyboard
g_dwKbdNum: 2
s_dwKbdClassCnt: 2
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
GetKey
avworkInitialize
FreeMemory: 158986240
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanReal(MBR0)
avfilesScanReal C:\
avfilesScanReal D:\
avworkClose
aswintegClose
TerminateKbThread
GetKey end
CloseKeyboard
CloseKeyboard end
KbThread stop
CKbBuffer::~CKbBuffer
CKbBuffer::~CKbBuffer end
aswEnginDllMain(DLL_PROCESS_DETACH)
cmnbFree
FreeResources
CloseReport
CloseLog

Logfile of HijackThis v1.99.1
Scan saved at 19:57:27, on 10.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DIANA\Desktop\HT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

hello essexboy!i couldn t copy/paste the information u gave me in WinPFind3U!the program was not responding!i tried restarting the computer-nothing,after that i tried deleting it and re-downloading it(no sense in that,isn`t there?!)...my firewall is continuesly poping me up with the desire to block Orb,Messenger etc. &it started with that sinistre beeping sound again!!!

[Essexboy]

Quote

?!)...my firewall is continuesly poping me up with the desire to block Orb,Messenger etc. &it started with that sinistre beeping sound again!!!

Hi Daian the question is do you want to allow Orb to access the internet, if so allow it to connect and tell you firewall to allow it always. Ref Winpfind I will take the files out another way

When does this beeping occur, is it random or when you run certain programmes ?

At the moment I still can not see a great deal

We will now do a deep search of your processes and files

Download avz4en.zip from here

Save it to your desktop and unzip it to a folder on your desktop.

• Start AVZ.
  
  
• Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
  
• Click on the “Execute selected scripts”.
  
• Automatic scanning, healing and system check will be executed.
  
• A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  
• It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  
• All applications will work properly after the system restart.

When restarted

• Start AVZ.
  
  
• Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  
• Click on the "Execute selected scripts".
  
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

[Daian]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1251">
<META http-equiv="nocache">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
</HEAD>
<script language="JavaScript">
function add_scr_line (s, InsMode) {
var szStr, szOldStr;
var InsPoz;
szStr = document.forms.ScriptForm.CureScript.value;
szOldStr = szStr;
if (!(szStr.length > 5))
szStr = "begin\nend.";
if (szStr.substr(0, 5).toLowerCase() != "begin")
szStr = "begin\n" + szStr;
InsPoz = szStr.lastIndexOf("end.");
if (InsPoz < 5) {
szStr = szStr + "\nend.";
InsPoz = szStr.length-4;
}
if (InsMode == 1)
InsPoz = 5;
if (!(szStr.indexOf(s) >= 5)) {
var szStr1, szStr2;
szStr1 = szStr.substr(0, InsPoz);
szStr2 = szStr.substr(InsPoz);
if (InsMode == 0)
szStr2 = "\n" + szStr2;
else
szStr1 = szStr1 + "\n";
szStr = szStr1 + s + szStr2;
}
if (szStr != szOldStr)
document.forms.ScriptForm.CureScript.value = szStr;
}
function add_f_line (s) {
var szStr;
szStr = document.forms.FilesForm.FileList.value;
if (szStr.length > 0)
szStr = szStr + "\n";
if (szStr.indexOf(s) == -1)
document.forms.FilesForm.FileList.value = szStr + s;
}
function add_scr_d (s) {
add_scr_line(" DeleteFile('"+s+"');", 0);
}
function add_scr_db (s) {
add_scr_line(" BC_DeleteFile('"+s+"');", 0);
}
function add_scr_k (s) {
add_scr_line(" QuarantineFile('"+s+"','');",1);
add_f_line(s);
}
</script>
<BODY bgColor=#ffdfb7>
<H1 align=center>Results of system investigation</H1>
<p align=center>AVZ 4.25 <a href="http://z-oleg.com/secur/avz/" target=_blank>http://z-oleg.com/secur/avz/</a></p>
<H2 align=center>List of processes</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor=#0000FF><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>PID<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Copyright<TD align=center><b><font color=White>MD5<TD align=center><b><font color=White>Information
<TR bgColor=#ffc06d><TD><a name="proc_1620"></a>c:\progra~1\alwils~1\avast4\ashdisp.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\progra~1\\alwils~1\\avast4\\ashdisp.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\progra~1\\alwils~1\\avast4\\ashdisp.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\progra~1\\alwils~1\\avast4\\ashdisp.exe")'>BC delete</a><TD>1620<TD>avast! service GUI component<TD>Copyright © 2007 ALWIL Software<TD>??<TD>77.37 KB, rsAh,<br>created: 10.12.2007 17:16:28,<br>modified: 04.12.2007 15:00:23<br>Command line: <BR>"C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
<TR bgColor=#ffc06d><TD><a name="proc_1968"></a>c:\program files\alwil software\avast4\ashmaisv.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ashmaisv.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ashmaisv.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ashmaisv.exe")'>BC delete</a><TD>1968<TD>avast! e-Mail Scanner Service<TD>Copyright © 2007 ALWIL Software<TD>??<TD>241.37 KB, rsAh,<br>created: 10.12.2007 17:16:28,<br>modified: 04.12.2007 14:59:53<br>Command line: <BR>"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
<TR bgColor=#ffc06d><TD><a name="proc_1272"></a>c:\program files\alwil software\avast4\ashserv.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ashserv.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ashserv.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ashserv.exe")'>BC delete</a><TD>1272<TD>avast! antivirus service<TD>Copyright © 2007 ALWIL Software<TD>??<TD>137.37 KB, rsAh,<br>created: 10.12.2007 17:16:28,<br>modified: 04.12.2007 15:00:16<br>Command line: <BR>"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
<TR bgColor=#ffc06d><TD><a name="proc_1988"></a>c:\program files\alwil software\avast4\ashwebsv.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ashwebsv.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ashwebsv.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ashwebsv.exe")'>BC delete</a><TD>1988<TD>avast! Web Scanner<TD>Copyright © 2007 ALWIL Software<TD>??<TD>337.37 KB, rsAh,<br>created: 10.12.2007 17:16:28,<br>modified: 04.12.2007 14:59:01<br>Command line: <BR>"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
<TR bgColor=#ffc06d><TD><a name="proc_1200"></a>c:\program files\alwil software\avast4\aswupdsv.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\aswupdsv.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\aswupdsv.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\aswupdsv.exe")'>BC delete</a><TD>1200<TD>avast! Antivirus updating service<TD>Copyright © 2007 ALWIL Software<TD>??<TD>16.87 KB, rsAh,<br>created: 10.12.2007 17:16:28,<br>modified: 04.12.2007 16:36:33<br>Command line: <BR>"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
<TR bgColor=#ffc06d><TD><a name="proc_332"></a>c:\program files\ati technologies\ati control panel\atiptaxx.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\ati technologies\\ati control panel\\atiptaxx.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\ati technologies\\ati control panel\\atiptaxx.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\ati technologies\\ati control panel\\atiptaxx.exe")'>BC delete</a><TD>332<TD>ATI Desktop Control Panel<TD>Copyright © 1998-2002 ATI Technologies Inc.<TD>??<TD>328.00 KB, rsAh,<br>created: 09.10.2003 13:51:37,<br>modified: 05.06.2003 11:35:00<br>Command line: <BR>"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
<TR bgColor=#00CC66><TD><a name="proc_1108"></a>c:\documents and settings\diana\desktop\avz4en\avz4en\avz.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\documents and settings\\diana\\desktop\\avz4en\\avz4en\\avz.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\documents and settings\\diana\\desktop\\avz4en\\avz4en\\avz.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\documents and settings\\diana\\desktop\\avz4en\\avz4en\\avz.exe")'>BC delete</a><TD>1108<TD>AVZ Antiviral Toolkit<TD>AVZ Antiviral Toolkit<TD>??<TD>696.00 KB, rsAh,<br>created: 17.04.2007 14:58:46,<br>modified: 11.12.2007 15:13:33<br>Command line: <BR>"C:\Documents and Settings\DIANA\Desktop\avz4en\avz4en\avz.exe"
<TR bgColor=#00CC66><TD><a name="proc_1712"></a>c:\windows\explorer.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\windows\\explorer.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\windows\\explorer.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\windows\\explorer.exe")'>BC delete</a><TD>1712<TD>Windows Explorer<TD>© Microsoft Corporation. All rights reserved.<TD>??<TD>1009.00 KB, rsAh,<br>created: 29.08.2002 14:00:00,<br>modified: 13.06.2007 12:23:07<br>Command line: <BR>C:\WINDOWS\Explorer.EXE
<TR bgColor=#ffc06d><TD><a name="proc_2068"></a>c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\google\\googletoolbarnotifier\\googletoolbarnotifier.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\google\\googletoolbarnotifier\\googletoolbarnotifier.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\google\\googletoolbarnotifier\\googletoolbarnotifier.exe")'>BC delete</a><TD>2068<TD>GoogleToolbarNotifier<TD>Copyright © 2005-2007<TD>??<TD>67.24 KB, rsAh,<br>created: 14.10.2007 10:06:55,<br>modified: 14.10.2007 10:06:55<br>Command line: <BR>"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
<TR bgColor=#00CC66><TD><a name="proc_2904"></a>c:\program files\internet explorer\iexplore.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\internet explorer\\iexplore.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\internet explorer\\iexplore.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\internet explorer\\iexplore.exe")'>BC delete</a><TD>2904<TD>Internet Explorer<TD>© Microsoft Corporation. All rights reserved.<TD>??<TD>91.00 KB, rsAh,<br>created: 09.10.2003 13:36:52,<br>modified: 04.08.2004 09:56:50<br>Command line: <BR>"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
<TR bgColor=#00CC66><TD><a name="proc_3900"></a>c:\program files\internet explorer\iexplore.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\internet explorer\\iexplore.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\internet explorer\\iexplore.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\internet explorer\\iexplore.exe")'>BC delete</a><TD>3900<TD>Internet Explorer<TD>© Microsoft Corporation. All rights reserved.<TD>??<TD>91.00 KB, rsAh,<br>created: 09.10.2003 13:36:52,<br>modified: 04.08.2004 09:56:50<br>Command line: <BR>"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
<TR bgColor=#ffc06d><TD><a name="proc_476"></a>c:\program files\ulead systems\ulead photo explorer 8.0 se basic\monitor.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\ulead systems\\ulead photo explorer 8.0 se basic\\monitor.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\ulead systems\\ulead photo explorer 8.0 se basic\\monitor.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\ulead systems\\ulead photo explorer 8.0 se basic\\monitor.exe")'>BC delete</a><TD>476<TD>MONITOR<TD>Copyright c1992-2001. Ulead Systems, Inc. All rights reserved.<TD>??<TD>44.00 KB, rsah,<br>created: 01.04.2007 14:00:41,<br>modified: 18.11.2003 16:20:46<br>Command line: <BR>"C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"
<TR bgColor=#ffc06d><TD><a name="proc_2440"></a>c:\program files\winamp remote\bin\orb.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\winamp remote\\bin\\orb.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\winamp remote\\bin\\orb.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\winamp remote\\bin\\orb.exe")'>BC delete</a><TD>2440<TD>Orb Application<TD>Copyright © 2004<TD>??<TD>72.00 KB, rsAh,<br>created: 02.08.2007 03:02:12,<br>modified: 02.08.2007 03:02:12<br>Command line: <BR>"C:\Program Files\Winamp Remote\bin\Orb.exe"
<TR bgColor=#ffc06d><TD><a name="proc_2152"></a>c:\program files\winamp remote\bin\orbtray.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\winamp remote\\bin\\orbtray.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\winamp remote\\bin\\orbtray.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\winamp remote\\bin\\orbtray.exe")'>BC delete</a><TD>2152<TD>Orb<TD>Copyright © 2002-2007<TD>??<TD>352.00 KB, rsAh,<br>created: 08.10.2007 02:18:50,<br>modified: 08.10.2007 02:18:50<br>Command line: <BR>"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
<TR bgColor=#ffc06d><TD><a name="proc_488"></a>c:\program files\hewlett-packard\orderreminder\orderreminder.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\hewlett-packard\\orderreminder\\orderreminder.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\hewlett-packard\\orderreminder\\orderreminder.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\hewlett-packard\\orderreminder\\orderreminder.exe")'>BC delete</a><TD>488<TD>HP Cartridge Order Reminder<TD>© 2004 Copyright Hewlett-Packard Development Company, L.P.<TD>??<TD>96.00 KB, RsAh,<br>created: 10.10.2007 19:20:32,<br>modified: 22.12.2005 06:00:24<br>Command line: <BR>"C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe"
<TR bgColor=#ffc06d><TD><a name="proc_1504"></a>c:\program files\yahoo!\search protection\searchprotection.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\yahoo!\\search protection\\searchprotection.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\yahoo!\\search protection\\searchprotection.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\yahoo!\\search protection\\searchprotection.exe")'>BC delete</a><TD>1504<TD>Yahoo! Application<TD>Yahoo! Copyright © 2006-2007<TD>??<TD>218.99 KB, rsAh,<br>created: 08.06.2007 16:59:38,<br>modified: 08.06.2007 16:59:38<br>Command line: <BR>"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
<TR bgColor=#ffc06d><TD><a name="proc_496"></a>c:\program files\winamp\winampa.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\winamp\\winampa.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\winamp\\winampa.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\winamp\\winampa.exe")'>BC delete</a><TD>496<TD>&nbsp;<TD>&nbsp;<TD>??<TD>35.50 KB, rsAh,<br>created: 10.10.2007 07:28:32,<br>modified: 10.10.2007 07:28:32<br>Command line: <BR>"C:\Program Files\Winamp\winampa.exe"
<TR bgColor=#ffc06d><TD><a name="proc_2264"></a>c:\program files\yahoo!\messenger\yahoomessenger.exe<br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe")'>BC delete</a><TD>2264<TD>Yahoo! Messenger<TD>© 1998-2007 Yahoo! Inc. All rights reserved.<TD>??<TD>4561.23 KB, rsAh,<br>created: 22.10.2007 17:46:05,<br>modified: 30.08.2007 16:43:18<br>Command line: <BR>"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
<TR bgColor=#00CC66><TD colspan=6>Detected:35, recognized as trusted 21
</TABLE>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor=#0000FF><TD align=center><b><font color=White>Module name<TD align=center><b><font color=White>Handle<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Copyright<TD align=center><b><font color=White>MD5<TD align=center><b><font color=White>Used by processes
<TR bgColor=#ffc06d><TD><a href="" title="35.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:55:24">C:\Program Files\Alwil Software\Avast4\AhResMai.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\AhResMai.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\AhResMai.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\AhResMai.dll")'>BC delete</a><TD>1698168832<TD>avast! e-Mail Scanner AAVM Provider Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="32.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:56:24">C:\Program Files\Alwil Software\Avast4\ahResMes.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ahResMes.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ahResMes.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ahResMes.dll")'>BC delete</a><TD>1703411712<TD>avast!4 Messenger scanner AAVM Provider Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="31.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:55:37">C:\Program Files\Alwil Software\Avast4\AhResNS.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\AhResNS.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\AhResNS.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\AhResNS.dll")'>BC delete</a><TD>1704460288<TD>avast!4 Network Shield AAVM Provider Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="29.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 15:00:07">C:\Program Files\Alwil Software\Avast4\AhResOut.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\AhResOut.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\AhResOut.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\AhResOut.dll")'>BC delete</a><TD>1697120256<TD>avast! MS Outlook/Exchange AAVM Provider Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="32.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:56:12">C:\Program Files\Alwil Software\Avast4\ahResP2P.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ahResP2P.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ahResP2P.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ahResP2P.dll")'>BC delete</a><TD>1703673856<TD>avast!4 P2P Shield AAVM Provider Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="42.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 15:01:10">C:\Program Files\Alwil Software\Avast4\AhResStd.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\AhResStd.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\AhResStd.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\AhResStd.dll")'>BC delete</a><TD>1696071680<TD>avast! Standard Shield AAVM Provider Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="52.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:55:08">C:\Program Files\Alwil Software\Avast4\AhResWS.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\AhResWS.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\AhResWS.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\AhResWS.dll")'>BC delete</a><TD>1704984576<TD>avast! HTTP Scanner AAVM Provider Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="64.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:57:57">c:\program files\alwil software\avast4\ahruimai.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ahruimai.dll")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ahruimai.dll")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ahruimai.dll")'>BC delete</a><TD>1698693120<TD>avast! e-Mail Scanner provider GUI<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>
<TR bgColor=#ffc06d><TD><a href="" title="36.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:56:21">c:\program files\alwil software\avast4\ahruimes.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ahruimes.dll")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ahruimes.dll")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ahruimes.dll")'>BC delete</a><TD>1703936000<TD>avast!4 Messenger scanner AAVM Provider GUI Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>
<TR bgColor=#ffc06d><TD><a href="" title="36.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:55:34">c:\program files\alwil software\avast4\ahruins.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ahruins.dll")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ahruins.dll")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ahruins.dll")'>BC delete</a><TD>1704722432<TD>avast!4 Network Shield AAVM Provider GUI Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>
<TR bgColor=#ffc06d><TD><a href="" title="88.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:58:23">c:\program files\alwil software\avast4\ahruiout.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ahruiout.dll")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ahruiout.dll")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ahruiout.dll")'>BC delete</a><TD>1697644544<TD>avast! MS Outlook/Exchange AAVM Provider GUI Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>
<TR bgColor=#ffc06d><TD><a href="" title="21.50 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:56:10">c:\program files\alwil software\avast4\ahruip2p.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ahruip2p.dll")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ahruip2p.dll")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ahruip2p.dll")'>BC delete</a><TD>1704198144<TD>avast!4 P2P Shield AAVM Provider GUI Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>
<TR bgColor=#ffc06d><TD><a href="" title="56.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 15:01:06">c:\program files\alwil software\avast4\ahruistd.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ahruistd.dll")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ahruistd.dll")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ahruistd.dll")'>BC delete</a><TD>1696595968<TD>avast! Standard Shield AAVM Provider GUI Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>
<TR bgColor=#ffc06d><TD><a href="" title="48.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:57:37">c:\program files\alwil software\avast4\ahruiws.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("c:\\program files\\alwil software\\avast4\\ahruiws.dll")'>Quarantine</a>, <a href='java script:add_scr_d("c:\\program files\\alwil software\\avast4\\ahruiws.dll")'>Delete</a>, <a href='java script:add_scr_db("c:\\program files\\alwil software\\avast4\\ahruiws.dll")'>BC delete</a><TD>1705246720<TD>Avast! WWW Scanner AAVM Provider GUI Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>
<TR bgColor=#ffc06d><TD><a href="" title="216.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:47:51">C:\Program Files\Alwil Software\Avast4\ashBase.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ashBase.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ashBase.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ashBase.dll")'>BC delete</a><TD>1682964480<TD>Basic Functionality Module<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>
<TR bgColor=#ffc06d><TD><a href="" title="241.37 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:59:53">C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe")'>BC delete</a><TD>4194304<TD>avast! e-Mail Scanner Service<TD>Copyright © 2007 ALWIL Software<TD>??<TD><a href="#proc_1968">1968</a>
<TR bgColor=#ffc06d><TD><a href="" title="137.37 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 15:00:16">C:\Program Files\Alwil Software\Avast4\ashServ.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe")'>BC delete</a><TD>4194304<TD>avast! antivirus service<TD>Copyright © 2007 ALWIL Software<TD>??<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="228.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:48:53">C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ashSSqlt.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ashSSqlt.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ashSSqlt.dll")'>BC delete</a><TD>1686634496<TD>avast! Sqlt Storage Module<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="108.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:48:12">C:\Program Files\Alwil Software\Avast4\ashTask.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ashTask.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ashTask.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ashTask.dll")'>BC delete</a><TD>1686110208<TD>Task Handling Module<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>
<TR bgColor=#ffc06d><TD><a href="" title="300.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:50:40">C:\Program Files\Alwil Software\Avast4\ashUInt.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ashUInt.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ashUInt.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ashUInt.dll")'>BC delete</a><TD>1689255936<TD>avast! User Interface Common Module<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>
<TR bgColor=#ffc06d><TD><a href="" title="337.37 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:59:01">C:\Program Files\Alwil Software\Avast4\ashWebSv.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe")'>BC delete</a><TD>4194304<TD>avast! Web Scanner<TD>Copyright © 2007 ALWIL Software<TD>??<TD><a href="#proc_1988">1988</a>
<TR bgColor=#ffc06d><TD><a href="" title="116.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:59:41">C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\ashWsFtr.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\ashWsFtr.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\ashWsFtr.dll")'>BC delete</a><TD>1747976192<TD>avast! Web Shield Filter Module<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1988">1988</a>
<TR bgColor=#ffc06d><TD><a href="" title="644.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:35:47">C:\Program Files\Alwil Software\Avast4\aswAux.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswAux.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswAux.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswAux.dll")'>BC delete</a><TD>1683488768<TD>avast! Auxiliary Library<TD>&nbsp;<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>
<TR bgColor=#ffc06d><TD><a href="" title="128.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:33:01">C:\Program Files\Alwil Software\Avast4\aswCmnB.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnB.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnB.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnB.dll")'>BC delete</a><TD>1678245888<TD>High level portable functions<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>, <a href="#proc_1200">1200</a>
<TR bgColor=#ffc06d><TD><a href="" title="68.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:32:54">C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnOS.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnOS.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnOS.dll")'>BC delete</a><TD>1677721600<TD>Antivirus HW dependent library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>, <a href="#proc_1200">1200</a>
<TR bgColor=#ffc06d><TD><a href="" title="180.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:33:16">C:\Program Files\Alwil Software\Avast4\aswCmnS.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnS.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnS.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswCmnS.dll")'>BC delete</a><TD>1678770176<TD>Common non-portable functions<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>, <a href="#proc_1200">1200</a>
<TR bgColor=#ffc06d><TD><a href="" title="1176.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:47:35">C:\Program Files\Alwil Software\Avast4\aswEngin.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswEngin.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswEngin.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswEngin.dll")'>BC delete</a><TD>1680343040<TD>High level antivirus engine<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>
<TR bgColor=#ffc06d><TD><a href="" title="4.50 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:36:28">C:\Program Files\Alwil Software\Avast4\aswIdle.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswIdle.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswIdle.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswIdle.dll")'>BC delete</a><TD>1688207360<TD>avast! Idle Hook Library<TD>&nbsp;<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="22.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:47:10">C:\Program Files\Alwil Software\Avast4\aswInteg.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswInteg.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswInteg.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswInteg.dll")'>BC delete</a><TD>1681915904<TD>Integrity checking implementation<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1272">1272</a>
<TR bgColor=#ffc06d><TD><a href="" title="80.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:46:47">C:\Program Files\Alwil Software\Avast4\aswScan.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswScan.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswScan.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswScan.dll")'>BC delete</a><TD>1679818752<TD>Low level antivirus engine<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>
<TR bgColor=#ffc06d><TD><a href="" title="16.87 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:36:33">C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe")'>BC delete</a><TD>4194304<TD>avast! Antivirus updating service<TD>Copyright © 2007 ALWIL Software<TD>??<TD><a href="#proc_1200">1200</a>
<TR bgColor=#ffc06d><TD><a href="" title="60.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:32:32">C:\Program Files\Alwil Software\Avast4\English\Base.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\English\\Base.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\English\\Base.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\English\\Base.dll")'>BC delete</a><TD>1711800320<TD>avast! English Basic Module<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>, <a href="#proc_1968">1968</a>, <a href="#proc_1272">1272</a>, <a href="#proc_1988">1988</a>
<TR bgColor=#ffc06d><TD><a href="" title="2460.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:32:37">C:\Program Files\Alwil Software\Avast4\English\Lang.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\English\\Lang.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\English\\Lang.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\English\\Lang.dll")'>BC delete</a><TD>1712324608<TD>avast! Main English Module<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1620">1620</a>, <a href="#proc_1968">1968</a>
<TR bgColor=#ffc06d><TD><a href="" title="56.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:32:27">C:\Program Files\Alwil Software\Avast4\English\langmai.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\English\\langmai.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\English\\langmai.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\English\\langmai.dll")'>BC delete</a><TD>1716518912<TD>English language DLL for avast! e-Mail Scanner<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#proc_1968">1968</a>
<TR bgColor=#ffc06d><TD><a href="" title="896.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 16:45:19">C:\Program Files\Alwil Software\Avast4\XT1922.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Alwil Software\\Avast4\\XT1922.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Alwil Software\\Avast4\\XT1922.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Alwil Software\\Avast4\\XT1922.dll")'>BC delete</a><TD>1690828800<TD>Xtreme Toolkit Library DLL<TD>©1998-2003 Codejock Software, All Rights Reserved.<TD>--<TD><a href="#proc_1968">1968</a>
<TR bgColor=#ffc06d><TD><a href="" title="228.00 KB, rsAh, created: 09.10.2003 13:51:37, modified: 05.06.2003 11:35:00">C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atipdsxx.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atipdsxx.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atipdsxx.dll")'>BC delete</a><TD>9633792<TD>ATI Desktop Control Panel<TD>Copyright © 1998-2002 ATI Technologies Inc.<TD>--<TD><a href="#proc_332">332</a>
<TR bgColor=#ffc06d><TD><a href="" title="72.00 KB, rsAh, created: 09.10.2003 13:51:37, modified: 05.06.2003 11:35:00">C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atipdxxx.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atipdxxx.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atipdxxx.dll")'>BC delete</a><TD>10027008<TD>ATI Desktop Control Panel<TD>Copyright © 1998-2002 ATI Technologies Inc.<TD>--<TD><a href="#proc_332">332</a>
<TR bgColor=#ffc06d><TD><a href="" title="328.00 KB, rsAh, created: 09.10.2003 13:51:37, modified: 05.06.2003 11:35:00">C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe")'>BC delete</a><TD>4194304<TD>ATI Desktop Control Panel<TD>Copyright © 1998-2002 ATI Technologies Inc.<TD>??<TD><a href="#proc_332">332</a>
<TR bgColor=#ffc06d><TD><a href="" title="128.00 KB, rsAh, created: 09.10.2003 13:51:37, modified: 05.06.2003 11:35:00">C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\PROGRAM FILES\\ATI TECHNOLOGIES\\ATI CONTROL PANEL\\ATRPUIXX.ENU")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\PROGRAM FILES\\ATI TECHNOLOGIES\\ATI CONTROL PANEL\\ATRPUIXX.ENU")'>Delete</a>, <a href='java script:add_scr_db("C:\\PROGRAM FILES\\ATI TECHNOLOGIES\\ATI CONTROL PANEL\\ATRPUIXX.ENU")'>BC delete</a><TD>268435456<TD>ATI Desktop Control Panel<TD>Copyright © 1998-2002 ATI Technologies Inc.<TD>--<TD><a href="#proc_332">332</a>
<TR bgColor=#ffc06d><TD><a href="" title="60.63 KB, rsAh, created: 22.10.2006 22:08:42, modified: 22.10.2006 22:08:42">C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll")'>BC delete</a><TD>11730944<TD>Adobe PDF Helper for Internet Explorer<TD>Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.<TD>--<TD><a href="#proc_1712">1712</a>
<TR bgColor=#ffc06d><TD><a href="" title="364.00 KB, rsAh, created: 10.05.2007 21:54:08, modified: 10.05.2007 21:54:08">C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.dll")'>BC delete</a><TD>268435456<TD>PDF Shell Extension<TD>Copyright 2000-2007 Adobe Systems, Inc.<TD>--<TD><a href="#proc_1712">1712</a>
<TR bgColor=#ffc06d><TD><a href="" title="168.93 KB, rsAh, created: 14.10.2007 10:06:55, modified: 14.10.2007 10:06:55">C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Google\\GoogleTool

[Daian]

barNotifier\\2.0.301.7164\\swg.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Google\\GoogleToolbarNotifier\\2.0.301.7164\\swg.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Google\\GoogleToolbarNotifier\\2.0.301.7164\\swg.dll")'>BC delete</a><TD>10616832<TD>GoogleToolbarNotifier<TD>Copyright © 2005-2007<TD>--<TD><a href="#proc_2068">2068</a>, <a href="#proc_2904">2904</a>, <a href="#proc_3900">3900</a>
<TR bgColor=#ffc06d><TD><a href="" title="67.24 KB, rsAh, created: 14.10.2007 10:06:55, modified: 14.10.2007 10:06:55">C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe")'>BC delete</a><TD>4194304<TD>GoogleToolbarNotifier<TD>Copyright © 2005-2007<TD>??<TD><a href="#proc_2068">2068</a>
<TR bgColor=#ffc06d><TD><a href="" title="96.00 KB, RsAh, created: 10.10.2007 19:20:32, modified: 22.12.2005 06:00:24">C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe")'>BC delete</a><TD>4194304<TD>HP Cartridge Order Reminder<TD>© 2004 Copyright Hewlett-Packard Development Company, L.P.<TD>??<TD><a href="#proc_488">488</a>
<TR bgColor=#ffc06d><TD><a href="" title="44.00 KB, rsah, created: 01.04.2007 14:00:41, modified: 18.11.2003 16:20:46">C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe")'>BC delete</a><TD>4194304<TD>MONITOR<TD>Copyright c1992-2001. Ulead Systems, Inc. All rights reserved.<TD>??<TD><a href="#proc_476">476</a>
<TR bgColor=#ffc06d><TD><a href="" title="120.00 KB, rsah, created: 01.04.2007 14:00:29, modified: 01.11.2002 11:54:14">C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\u32Comm.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\u32Comm.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\u32Comm.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\u32Comm.dll")'>BC delete</a><TD>1242562560<TD>Error Handle<TD>Copyright ?992-2001. Ulead Systems, Inc. All rights reserved.<TD>--<TD><a href="#proc_476">476</a>
<TR bgColor=#ffc06d><TD><a href="" title="116.00 KB, rsAh, created: 03.07.2007 03:06:18, modified: 03.07.2007 03:06:18">C:\Program Files\Winamp Remote\bin\Cab.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\Cab.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\Cab.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\Cab.dll")'>BC delete</a><TD>1720713216<TD>Cab Module<TD>Copyright 2001<TD>--<TD><a href="#proc_2440">2440</a>, <a href="#proc_2152">2152</a>
<TR bgColor=#ffc06d><TD><a href="" title="392.00 KB, rsAh, created: 08.10.2007 02:18:50, modified: 08.10.2007 02:18:50">C:\Program Files\Winamp Remote\bin\CabClient.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\CabClient.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\CabClient.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\CabClient.dll")'>BC delete</a><TD>20250624<TD>Orb Client<TD>Copyright © 2004<TD>--<TD><a href="#proc_2152">2152</a>
<TR bgColor=#ffc06d><TD><a href="" title="60.00 KB, rsAh, created: 13.03.2007 20:18:12, modified: 13.03.2007 20:18:12">C:\Program Files\Winamp Remote\bin\CabDirectory.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\CabDirectory.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\CabDirectory.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\CabDirectory.dll")'>BC delete</a><TD>1703936000<TD>Cab Directory<TD>Copyright © 2005<TD>--<TD><a href="#proc_2152">2152</a>
<TR bgColor=#ffc06d><TD><a href="" title="276.00 KB, rsAh, created: 10.02.2007 00:24:06, modified: 10.02.2007 00:24:06">C:\Program Files\Winamp Remote\bin\id3lib.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\id3lib.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\id3lib.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\id3lib.dll")'>BC delete</a><TD>14417920<TD>ID3lib Dynamic Link Library<TD>Copyright © 2002 Thijmen Klok<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="308.00 KB, rsAh, created: 06.10.2007 06:34:50, modified: 06.10.2007 06:34:50">C:\Program Files\Winamp Remote\bin\LangRes.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\LangRes.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\LangRes.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\LangRes.dll")'>BC delete</a><TD>49283072<TD>Orb LangRes Dynamic Link Library<TD>Copyright © 2004-2007 Orb Networks, Inc. All Rights Reserved.<TD>--<TD><a href="#proc_2440">2440</a>, <a href="#proc_2152">2152</a>
<TR bgColor=#ffc06d><TD><a href="" title="1008.00 KB, rsAh, created: 23.03.2007 03:21:44, modified: 23.03.2007 03:21:44">C:\Program Files\Winamp Remote\bin\LIBEAY32.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\LIBEAY32.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\LIBEAY32.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\LIBEAY32.dll")'>BC delete</a><TD>13303808<TD>OpenSSL Shared Library<TD>Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.<TD>--<TD><a href="#proc_2440">2440</a>, <a href="#proc_2152">2152</a>
<TR bgColor=#ffc06d><TD><a href="" title="56.00 KB, rsAh, created: 07.07.2006 20:41:38, modified: 07.07.2006 20:41:38">C:\Program Files\Winamp Remote\bin\ogg.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\ogg.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\ogg.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\ogg.dll")'>BC delete</a><TD>14811136<TD>&nbsp;<TD>&nbsp;<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="72.00 KB, rsAh, created: 02.08.2007 03:02:12, modified: 02.08.2007 03:02:12">C:\Program Files\Winamp Remote\bin\Orb.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\Orb.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\Orb.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\Orb.exe")'>BC delete</a><TD>4194304<TD>Orb Application<TD>Copyright © 2004<TD>??<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="412.00 KB, rsAh, created: 01.09.2007 02:05:50, modified: 01.09.2007 02:05:50">C:\Program Files\Winamp Remote\bin\OrbContacts.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbContacts.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbContacts.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbContacts.dll")'>BC delete</a><TD>16777216<TD>Orb Networks Contact add-on<TD>Copyright © Orb Networks 2005<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="316.00 KB, rsAh, created: 04.10.2007 04:39:16, modified: 04.10.2007 04:39:16">C:\Program Files\Winamp Remote\bin\OrbDMS.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbDMS.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbDMS.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbDMS.dll")'>BC delete</a><TD>17367040<TD>UPnP AV Media Server<TD>Copyright © 2006<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="292.00 KB, rsAh, created: 21.09.2007 04:02:36, modified: 21.09.2007 04:02:36">C:\Program Files\Winamp Remote\bin\OrbImageProcessing.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbImageProcessing.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbImageProcessing.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbImageProcessing.dll")'>BC delete</a><TD>1368391680<TD>Orb Image Processing Server<TD>Copyright © 2004<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="292.00 KB, rsAh, created: 31.05.2007 03:53:56, modified: 31.05.2007 03:53:56">C:\Program Files\Winamp Remote\bin\OrbIR.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbIR.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbIR.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbIR.dll")'>BC delete</a><TD>1435500544<TD>OrbIR Application<TD>Copyright © 2005<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="1976.00 KB, rsAh, created: 05.10.2007 02:12:48, modified: 05.10.2007 02:12:48">C:\Program Files\Winamp Remote\bin\OrbMedia.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbMedia.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbMedia.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbMedia.dll")'>BC delete</a><TD>268435456<TD>OrbMedia Application<TD>Copyright © 2006<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="604.00 KB, rsAh, created: 21.09.2007 04:02:40, modified: 21.09.2007 04:02:40">C:\Program Files\Winamp Remote\bin\OrbPVR.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbPVR.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbPVR.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbPVR.dll")'>BC delete</a><TD>1351614464<TD>OrbPVR<TD>Copyright © 2004, 2005<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="272.00 KB, rsAh, created: 21.09.2007 04:02:40, modified: 21.09.2007 04:02:40">C:\Program Files\Winamp Remote\bin\OrbRequestProxy.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbRequestProxy.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbRequestProxy.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbRequestProxy.dll")'>BC delete</a><TD>1385168896<TD>OrbRequestProxy<TD>Copyright © 2004<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="228.00 KB, rsAh, created: 04.10.2007 04:39:18, modified: 04.10.2007 04:39:18">C:\Program Files\Winamp Remote\bin\OrbRTSPServer.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbRTSPServer.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbRTSPServer.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbRTSPServer.dll")'>BC delete</a><TD>49610752<TD>rtspServer<TD>Copyright © 2004-2005<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="172.00 KB, rsAh, created: 26.06.2007 03:13:12, modified: 26.06.2007 03:13:12">C:\Program Files\Winamp Remote\bin\OrbStats.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbStats.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbStats.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbStats.dll")'>BC delete</a><TD>49872896<TD>OrbStats Application<TD>Copyright © 2005-2007<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="464.00 KB, rsAh, created: 06.10.2007 06:34:50, modified: 06.10.2007 06:34:50">C:\Program Files\Winamp Remote\bin\OrbStreamer.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbStreamer.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbStreamer.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbStreamer.dll")'>BC delete</a><TD>1418723328<TD>OrbStreamer Application<TD>Orb Networks © 2005<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="352.00 KB, rsAh, created: 08.10.2007 02:18:50, modified: 08.10.2007 02:18:50">C:\Program Files\Winamp Remote\bin\OrbTray.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe")'>BC delete</a><TD>4194304<TD>Orb<TD>Copyright © 2002-2007<TD>??<TD><a href="#proc_2152">2152</a>
<TR bgColor=#ffc06d><TD><a href="" title="300.00 KB, rsAh, created: 02.10.2007 04:07:06, modified: 02.10.2007 04:07:06">C:\Program Files\Winamp Remote\bin\OrbTVXML.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbTVXML.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbTVXML.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbTVXML.dll")'>BC delete</a><TD>55574528<TD>OrbTvXml<TD>Copyright © 2004<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="476.00 KB, rsAh, created: 27.09.2007 03:05:38, modified: 27.09.2007 03:05:38">C:\Program Files\Winamp Remote\bin\OrbWebServer.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\OrbWebServer.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\OrbWebServer.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\OrbWebServer.dll")'>BC delete</a><TD>55967744<TD>MiWebDownloader MFC Application<TD>Copyright © 2003<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="352.00 KB, rsAh, created: 01.08.2007 03:11:54, modified: 01.08.2007 03:11:54">C:\Program Files\Winamp Remote\bin\sqlite3.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\sqlite3.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\sqlite3.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\sqlite3.dll")'>BC delete</a><TD>12845056<TD>sqlite3 Library<TD>Copyright © 2006<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="196.00 KB, rsAh, created: 23.03.2007 03:21:44, modified: 23.03.2007 03:21:44">C:\Program Files\Winamp Remote\bin\SSLEAY32.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\SSLEAY32.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\SSLEAY32.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\SSLEAY32.dll")'>BC delete</a><TD>21889024<TD>OpenSSL Shared Library<TD>Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.<TD>--<TD><a href="#proc_2152">2152</a>
<TR bgColor=#ffc06d><TD><a href="" title="56.00 KB, rsAh, created: 29.11.2005 02:25:44, modified: 29.11.2005 02:25:44">C:\Program Files\Winamp Remote\bin\TVGrabber.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\TVGrabber.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\TVGrabber.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\TVGrabber.dll")'>BC delete</a><TD>40828928<TD>EmptyGra Dynamic Link Library<TD>Copyright © 2005<TD>--<TD><a href="#proc_2440">2440</a>
<TR bgColor=#ffc06d><TD><a href="" title="58.50 KB, rsAh, created: 20.07.2005 20:48:10, modified: 20.07.2005 20:48:10">C:\Program Files\Winamp Remote\bin\ZLIB1.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Remote\\bin\\ZLIB1.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Remote\\bin\\ZLIB1.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Remote\\bin\\ZLIB1.dll")'>BC delete</a><TD>27262976<TD>zlib data compression library<TD>© 1995-2004 Jean-loup Gailly & Mark Adler<TD>--<TD><a href="#proc_2152">2152</a>
<TR bgColor=#ffc06d><TD><a href="" title="1109.34 KB, rsAh, created: 04.10.2007 22:06:20, modified: 04.10.2007 22:06:20">C:\Program Files\Winamp Toolbar\winamptb.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Toolbar\\winamptb.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Toolbar\\winamptb.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Toolbar\\winamptb.dll")'>BC delete</a><TD>40632320<TD>Winamp IE Toolbar Dynamic Link Library<TD>© 2007 AOL LLC. All rights reserved.<TD>--<TD><a href="#proc_2904">2904</a>, <a href="#proc_3900">3900</a>
<TR bgColor=#ffc06d><TD><a href="" title="236.00 KB, rsAh, created: 10.03.2006 21:44:25, modified: 10.03.2006 21:44:25">C:\Program Files\Winamp Toolbar\xprt5.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp Toolbar\\xprt5.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp Toolbar\\xprt5.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp Toolbar\\xprt5.dll")'>BC delete</a><TD>1073741824<TD>XPRT Runtime Library<TD>Copyright © 1998-2006 America Online, Inc.<TD>--<TD><a href="#proc_2904">2904</a>, <a href="#proc_3900">3900</a>
<TR bgColor=#ffc06d><TD><a href="" title="35.50 KB, rsAh, created: 10.10.2007 07:28:32, modified: 10.10.2007 07:28:32">C:\Program Files\Winamp\winampa.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Winamp\\winampa.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Winamp\\winampa.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Winamp\\winampa.exe")'>BC delete</a><TD>4194304<TD>&nbsp;<TD>&nbsp;<TD>??<TD><a href="#proc_496">496</a>
<TR bgColor=#ffc06d><TD><a href="" title="193.49 KB, rsAh, created: 31.10.2006 22:33:52, modified: 31.10.2006 22:33:52">C:\Program Files\Yahoo!\Common\yiesrvc.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Common\\yiesrvc.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Common\\yiesrvc.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Common\\yiesrvc.dll")'>BC delete</a><TD>1647312896<TD>Yahoo! IE Services<TD>Copyright © 2005-2006 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2904">2904</a>, <a href="#proc_3900">3900</a>
<TR bgColor=#ffc06d><TD><a href="" title="117.49 KB, rsAh, created: 28.07.2006 18:36:28, modified: 28.07.2006 18:36:28">C:\Program Files\Yahoo!\Common\YIeTagBm.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Common\\YIeTagBm.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Common\\YIeTagBm.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Common\\YIeTagBm.dll")'>BC delete</a><TD>1646264320<TD>IE Shortcuts<TD>Copyright © 2005 Yahoo! Inc.<TD>--<TD><a href="#proc_2904">2904</a>, <a href="#proc_3900">3900</a>
<TR bgColor=#ffc06d><TD><a href="" title="43.50 KB, rsAh, created: 22.10.2007 17:45:37, modified: 30.08.2007 15:17:42">C:\Program Files\Yahoo!\Messenger\D32-FW.DLL</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\D32-FW.DLL")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\D32-FW.DLL")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\D32-FW.DLL")'>BC delete</a><TD>30539776<TD>FW DLL<TD>Copyright © 1991 - 1998 by Distinct Corporation<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="160.00 KB, rsAh, created: 22.10.2007 17:45:29, modified: 30.08.2007 16:43:14">C:\Program Files\Yahoo!\Messenger\ft60.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\ft60.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\ft60.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\ft60.dll")'>BC delete</a><TD>1612709888<TD>File Transfer Module<TD>© 2003-07 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="532.00 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 15:21:08">C:\Program Files\Yahoo!\Messenger\GIPSVoiceEngineDLL.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\GIPSVoiceEngineDLL.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\GIPSVoiceEngineDLL.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\GIPSVoiceEngineDLL.dll")'>BC delete</a><TD>268435456<TD>Global IP Sound VoiceEngine <TD>© 2005 Global IP Sound Inc. All right reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="216.00 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 15:21:10">C:\Program Files\Yahoo!\Messenger\id3lib.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\id3lib.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\id3lib.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\id3lib.dll")'>BC delete</a><TD>3342336<TD>ID3lib Dynamic Link Library<TD>Copyright © 2002 Thijmen Klok<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="6.00 KB, rsAh, created: 22.10.2007 17:45:38, modified: 30.08.2007 16:43:14">C:\Program Files\Yahoo!\Messenger\idle.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\idle.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\idle.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\idle.dll")'>BC delete</a><TD>1613758464<TD>Idle Module<TD>© 1998-2007 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_4028">4028</a>, <a href="#proc_1712">1712</a>, <a href="#proc_2904">2904</a>, <a href="#proc_3900">3900</a>, <a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="456.00 KB, rsAh, created: 22.10.2007 17:45:29, modified: 30.08.2007 16:43:14">C:\Program Files\Yahoo!\Messenger\MyYahoo.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\MyYahoo.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\MyYahoo.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\MyYahoo.dll")'>BC delete</a><TD>1610612736<TD>MyYahoo Module<TD>© 1998-2007 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="156.00 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 15:20:46">C:\Program Files\Yahoo!\Messenger\nspr4.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\nspr4.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\nspr4.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\nspr4.dll")'>BC delete</a><TD>805306368<TD>NSPR Library<TD>Copyright © 1996-2000 Netscape Communications Corporation<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="488.00 KB, rsAh, created: 22.10.2007 17:45:35, modified: 30.08.2007 15:21:04">C:\Program Files\Yahoo!\Messenger\P2PCE.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\P2PCE.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\P2PCE.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\P2PCE.dll")'>BC delete</a><TD>80805888<TD>P2PCE<TD>Copyright Yahoo! © 2006<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="47.50 KB, rsAh, created: 22.10.2007 17:45:39, modified: 30.08.2007 15:17:42">C:\Program Files\Yahoo!\Messenger\pcre.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\pcre.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\pcre.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\pcre.dll")'>BC delete</a><TD>1709965312<TD>Pcre: Perl-compatible regular-expression library<TD>© 2001 University of Cambridge<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="1404.00 KB, rsAh, created: 22.10.2007 17:46:05, modified: 30.08.2007 16:43:14">C:\Program Files\Yahoo!\Messenger\res_msgr.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\res_msgr.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\res_msgr.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\res_msgr.dll")'>BC delete</a><TD>1694498816<TD>Resource Module<TD>© 1998-2007 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="18.00 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\rvads.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\rvads.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\rvads.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\rvads.dll")'>BC delete</a><TD>80740352<TD>RADVISION Abstract Data Structures DLL<TD>Copyright © RADVISION 1996-2002<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="48.50 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\rvcommon.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\rvcommon.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\rvcommon.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\rvcommon.dll")'>BC delete</a><TD>1696595968<TD>RADVISION Common Core DLL<TD>Copyright © RADVISION 1996-2004<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="110.50 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\rvsdp.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\rvsdp.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\rvsdp.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\rvsdp.dll")'>BC delete</a><TD>1697644544<TD>RADVISION SDP DLL<TD>Copyright © RADVISION 1996-2002<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="481.50 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\rvsip.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\rvsip.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\rvsip.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\rvsip.dll")'>BC delete</a><TD>1698693120<TD>RADVISION SIP Protocol Stack DLL<TD>Copyright © RADVISION 1996-2002<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="52.00 KB, rsAh, created: 22.10.2007 17:45:40, modified: 30.08.2007 15:17:42">C:\Program Files\Yahoo!\Messenger\xmlparse.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\xmlparse.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\xmlparse.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\xmlparse.dll")'>BC delete</a><TD>536870912<TD>&nbsp;<TD>&nbsp;<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="80.00 KB, rsAh, created: 22.10.2007 17:45:40, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\xmltok.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\xmltok.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\xmltok.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\xmltok.dll")'>BC delete</a><TD>1728053248<TD>&nbsp;<TD>&nbsp;<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="4561.23 KB, rsAh, created: 22.10.2007 17:46:05, modified: 30.08.2007 16:43:18">C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe")'>BC delete</a><TD>4194304<TD>Yahoo! Messenger<TD>© 1998-2007 Yahoo! Inc. All rights reserved.<TD>??<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="364.00 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\yaudiomgr.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\yaudiomgr.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\yaudiomgr.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\yaudiomgr.dll")'>BC delete</a><TD>1745879040<TD>YAudioMgr Module<TD>© 2005-07 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="1260.00 KB, rsAh, created: 22.10.2007 17:45:35, modified: 30.08.2007 15:21:06">C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\YCPFoundation.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\YCPFoundation.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\YCPFoundation.dll")'>BC delete</a><TD>8978432<TD>YCPFoundation<TD>Copyright Yahoo! © 2006<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="252.00 KB, rsAh, created: 22.10.2007 17:45:30, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\YImage.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\YImage.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\YImage.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\YImage.dll")'>BC delete</a><TD>1747976192<TD>YImage Module<TD>© 2004-07 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="40.50 KB, rsAh, created: 22.10.2007 17:45:35, modified: 30.08.2007 15:21:06">C:\Program Files\Yahoo!\Messenger\YIniDom.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\YIniDom.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\YIniDom.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\YIniDom.dll")'>BC delete</a><TD>3604480<TD>YIniDom<TD>Copyright Yahoo! © 2006<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="29.50 KB, rsAh, created: 22.10.2007 17:45:39, modified: 30.08.2007 16:43:14">C:\Program Files\Yahoo!\Messenger\YML.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\YML.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\YML.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\YML.dll")'>BC delete</a><TD>1749024768<TD>YML Module<TD>© 2003-07 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="39.50 KB, rsAh, created: 22.10.2007 17:45:53, modified: 30.08.2007 16:43:14">C:\Program Files\Yahoo!\Messenger\ypagerps.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\ypagerps.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\ypagerps.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\ypagerps.dll")'>BC delete</a><TD>52953088<TD>YPagerPS Module (COM Interface)<TD>© 1998-2006 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2904">2904</a>, <a href="#proc_3900">3900</a>, <a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="740.00 KB, rsAh, created: 22.10.2007 17:45:35, modified: 30.08.2007 15:21:06">C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\YPluginRegistry.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\YPluginRegistry.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\YPluginRegistry.dll")'>BC delete</a><TD>10289152<TD>YPluginRegistry<TD>Copyright Yahoo! © 2006<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="196.00 KB, rsAh, created: 22.10.2007 17:46:04, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\yv_res.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\yv_res.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\yv_res.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\yv_res.dll")'>BC delete</a><TD>1750073344<TD>Voice Resources Module<TD>© 2005-07 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="1632.00 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\yvoicesm.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\yvoicesm.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\yvoicesm.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\yvoicesm.dll")'>BC delete</a><TD>85852160<TD>YVoiceSM Module<TD>© 2005-06 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="760.00 KB, rsAh, created: 22.10.2007 17:45:34, modified: 30.08.2007 16:43:20">C:\Program Files\Yahoo!\Messenger\yvoiceui.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Messenger\\yvoiceui.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Messenger\\yvoiceui.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Messenger\\yvoiceui.dll")'>BC delete</a><TD>1752170496<TD>YVoiceUI Module<TD>© 2005-07 Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="374.73 KB, rsAh, created: 30.07.2007 18:26:38, modified: 30.07.2007 18:26:38">C:\Program Files\Yahoo!\Search Protection\fdload.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Search Protection\\fdload.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Search Protection\\fdload.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Search Protection\\fdload.dll")'>BC delete</a><TD>268435456<TD>fdLoad Dynamic Link Library<TD>Yahoo! Copyright © 2006-2007<TD>--<TD><a href="#proc_1504">1504</a>
<TR bgColor=#ffc06d><TD><a href="" title="218.99 KB, rsAh, created: 08.06.2007 16:59:38, modified: 08.06.2007 16:59:38">C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe")'>BC delete</a><TD>4194304<TD>Yahoo! Application<TD>Yahoo! Copyright © 2006-2007<TD>??<TD><a href="#proc_1504">1504</a>
<TR bgColor=#ffc06d><TD><a href="" title="153.49 KB, rsAh, created: 12.10.2007 16:27:39, modified: 30.08.2007 15:17:48">C:\Program Files\Yahoo!\Shared\YAlertCenter.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Shared\\YAlertCenter.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Shared\\YAlertCenter.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Shared\\YAlertCenter.dll")'>BC delete</a><TD>27525120<TD>Yahoo! Alert Center<TD>© Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="474.58 KB, rsAh, created: 12.10.2007 16:27:39, modified: 30.08.2007 15:17:48">C:\Program Files\Yahoo!\Shared\YbSkin2.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\Program Files\\Yahoo!\\Shared\\YbSkin2.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\Program Files\\Yahoo!\\Shared\\YbSkin2.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\Program Files\\Yahoo!\\Shared\\YbSkin2.dll")'>BC delete</a><TD>1667235840<TD>Yahoo! Skinning Object<TD>© Yahoo! Inc. All rights reserved.<TD>--<TD><a href="#proc_2264">2264</a>
<TR bgColor=#ffc06d><TD><a href="" title="20.00 KB, rsAh, created: 10.12.2007 17:16:28, modified: 04.12.2007 14:54:34">C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll</a><br><font size=-2>Script: <a href='java script:add_scr_k("C:\\PROGRA~1\\ALWILS~1\\Avast4\\AavmRpch.dll")'>Quarantine</a>, <a href='java script:add_scr_d("C:\\PROGRA~1\\ALWILS~1\\Avast4\\AavmRpch.dll")'>Delete</a>, <a href='java script:add_scr_db("C:\\PROGRA~1\\ALWILS~1\\Avast4\\AavmRpch.dll")'>BC delete</a><TD>1695547392<TD>avast! AAVM Remote Procedure Call Library<TD>Copyright © 2007 ALWIL Software<TD>--<TD><a href="#pr

[Daian]

SORRY!I m sure i m not extracting the zip folder right!they are enormous and in the way i m doing it they would fit in about 10 post it would be slightly idiot to do this-can u pls tell me how to do it?sorry Essexboy..

[Essexboy]

No problems

When you are posting if you look at the bottom right of the posting window you will see a Browse.. button with a green upload button to the right.

Select the browse button and it will open a window showing your computer. Locate and select the zip file then press the upload button the zip file will be uploaded repeat for the second zip file.

Once that is done above the upload button is a drop down box called Manage current attachments, drop that down and you will see a file with a green plus on it click that for both and you are done

Any further problems just shout