Business Application[INACTIVE]


Recommended Posts

I'm having trouble downloading a software. I keep getting different errors such as data base upgrade failed. then it says microsoft mshtml.dll.registration failed, then when I tried to autorun it I got the error a device attached to the system is not functioning. c:\documentsandsettings \owner\desktop\ICSv7.21(E)\setup.exe. Can anyone see if you can help me? I think with all the fooling around that I've done wiht this computer, that I've deleted something vital that is necessary. I've already tried it in safe mode with the same results. I'v e even had my desktop taken over by the Softwares technicians and they can't see why it won't download. But I've downloaded it at the office, and even made copies that work on other computers.

Logfile of HijackThis v1.99.1

Scan saved at 6:41:17 AM, on 10/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\iscsiexe.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\anti spyware\hijackthis_sfx\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe

O4 - HKCU\..\Run: [Total Uninstall Agent] "C:\Program Files\Total Uninstall 4\TuAgent.exe"

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://entaireglobal.webex.com/client/T25L...ing/ieatgpc.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Edited by kdr108
Link to post
Share on other sites

Hello and Welcome to Best Techie. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Step 1

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Step 2

From your logs, I see multiple Anti Spyware applications running. Please make sure to only have one AntiSpyware program running with Real-Time protection on. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti spyware products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

Step 3

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

Spyware Doctor

Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it:

To deactivate Spyware Doctor's OnGuard Tools

1. From within Spyware Doctor, click the "OnGuard" button on the left side.

2. Uncheck "Activate OnGuard".

You can re enable it once your system is clean.

Step 4

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Link to post
Share on other sites

Thank you so much for looking at my log. I was beginnig to think it was a lost cause. I'll get in touch with the banks, and I think that I turned off all of my scanners to stop the false positives. I am going to post my runthis .bat log in a new hijack this post. Talk to you later for further instructions.

Link to post
Share on other sites

I had to put my firewall on allow all to post this. Is that normal?

7/10/2007 7:43:33 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:35 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:37 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:38 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:54 AM Denied value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!

7/10/2007 7:43:54 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:55 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:56 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:57 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:58 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:59 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:00 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:01 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:04 AM Allowed value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!

7/10/2007 7:44:04 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:05 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:06 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:07 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:08 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:09 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:10 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:11 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:12 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:13 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:14 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:16 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:17 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:18 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:19 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:20 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:21 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:22 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:23 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:24 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:25 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:26 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:27 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

9/20/2007 1:41:08 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!

9/20/2007 1:42:13 AM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!

9/20/2007 1:42:20 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"") added in System Startup global entry!

9/20/2007 1:42:25 AM Denied (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") added in Browser Helper Object!

9/20/2007 1:51:46 AM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") added in Browser Helper Object!

9/20/2007 1:51:51 AM Allowed (based on user whitelist) value "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!

9/20/2007 1:52:16 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"") changed in System Startup global entry!

9/20/2007 2:23:38 AM Allowed (based on user decision) value "{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}" (new data: "") added in ActiveX Distribution Unit!

9/20/2007 8:20:34 AM Allowed (based on user decision) value "{215B8138-A3CF-44C5-803F-8226143CFC0A}" (new data: "") added in ActiveX Distribution Unit!

9/20/2007 10:39:22 AM Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!

9/21/2007 12:48:41 AM Allowed (based on user decision) value "SmcService" (new data: "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui") added in System Startup global entry!

9/21/2007 1:07:43 AM Allowed (based on user decision) value "BugsDestroyer" (new data: "") deleted in System Startup global entry!

9/23/2007 11:56:57 AM Allowed (based on user decision) value "Adobe Photo Downloader" (new data: ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"") added in System Startup global entry!

9/23/2007 12:01:01 PM Denied (based on user decision) value "getPlusUninstall_dll" (new data: "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall") added in System Startup global entry!

9/24/2007 5:52:00 AM Denied (based on user decision) value "gmcgxstpu" (new data: "c:\windows\system32\gmcgxstpu.exe gmcgxstpu") added in System Startup global entry!

9/24/2007 5:52:15 AM Denied (based on user decision) value "gmcgxstpu" (new data: "c:\windows\system32\gmcgxstpu.exe gmcgxstpu") added in System Startup global entry!

9/26/2007 3:04:53 AM Allowed (based on user decision) value "navilog1" (new data: "C:\Program Files\Navilog1\navilog1.bat") added in System Startup global entry!

9/26/2007 3:17:21 AM Allowed (based on user decision) value "navilog1" (new data: "") deleted in System Startup global entry!

2007-09-26 03:27:54 Allowed (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!

2007-09-26 03:28:00 Allowed (based on user decision) value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!

2007-09-26 03:28:11 Allowed (based on user decision) value "load" (new data: "") deleted in NT startup!

2007-09-26 03:28:23 Allowed (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!

2007-09-26 03:28:32 Allowed (based on user decision) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!

9/26/2007 4:14:35 AM Allowed (based on user decision) value "ccleaner" (new data: ""C:\Program Files\CCleaner\ccleaner.exe" /AUTO") added in System Startup user entry!

9/26/2007 4:49:07 AM Allowed (based on user decision) value "!SASWinLogon" (new data: "") added in Winlogon Notifiers!

9/26/2007 4:51:05 AM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe") added in System Startup user entry!

9/26/2007 4:57:51 AM Allowed (based on user decision) value "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" (new data: "") deleted in Browser Helper Object!

9/26/2007 4:57:55 AM Allowed (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!

9/26/2007 4:57:58 AM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") deleted in Browser Helper Object!

9/27/2007 1:40:46 AM Allowed (based on user decision) value "ccleaner" (new data: "") deleted in System Startup user entry!

9/27/2007 8:08:03 AM Allowed (based on user decision) value "Local Page" (new data: "C:\WINDOWS\System32\blank.htm") changed in Browser page!

9/28/2007 10:16:04 AM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "") deleted in System Startup user entry!

9/28/2007 11:59:45 AM Allowed (based on user decision) value "Shockwave Updater" (new data: "C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0") added in System Startup user entry!

9/28/2007 1:48:16 PM Allowed (based on user decision) value "Shockwave Updater" (new data: "") deleted in System Startup user entry!

10/1/2007 7:11:23 AM Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!

10/1/2007 7:13:39 AM Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

10/1/2007 7:56:21 AM Allowed (based on user decision) value "Uniblue RegistryBooster 2" (new data: "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S") added in System Startup user entry!

10/1/2007 3:33:40 PM Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!

10/1/2007 3:33:52 PM Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

10/1/2007 3:42:41 PM Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!

10/1/2007 3:43:26 PM Allowed (based on user decision) value "BrandClearStubs" (new data: "RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{8E5EE7D3-F705-48A0-A5AD-65B91B7E3FD7}") added in System Startup global entry!

10/1/2007 3:43:35 PM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

10/1/2007 3:46:15 PM Allowed (based on user decision) value "BrandClearStubs" (new data: "") deleted in System Startup global entry!

10/1/2007 3:49:29 PM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!

10/1/2007 3:49:59 PM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

10/2/2007 12:28:08 AM Allowed (based on user decision) value "Adobe Photo Downloader" (new data: "") deleted in System Startup global entry!

10/2/2007 7:30:01 AM Allowed (based on user decision) value "{493ACF15-5CD9-4474-82A6-91670C3DD66E}" (new data: "") added in ActiveX Distribution Unit!

10/3/2007 7:04:17 PM Allowed (based on user decision) value "asrupdate.exe" (new data: "") deleted in System Startup user entry!

10/3/2007 7:04:17 PM Allowed (based on user whitelist) value "load" (new data: "") added in NT startup!

Edited by kdr108
Link to post
Share on other sites

7/10/2007 2:48:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:37 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:38 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:39 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:40 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:41 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:42 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:43 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:44 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:45 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:46 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:47 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:48 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:49 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:50 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:51 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:52 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:53 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:54 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:55 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:56 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:57 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:58 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:48:59 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:00 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:01 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:02 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:03 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:04 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:05 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:06 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:07 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:08 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:09 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:10 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:11 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:12 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:13 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:14 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:15 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:16 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:17 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:18 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:19 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:20 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:21 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:22 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:23 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:24 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:25 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:26 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:27 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:28 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:29 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:30 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:31 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:32 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:34 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:35 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:37 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:38 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:39 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:40 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:41 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:42 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:43 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:44 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:45 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:46 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:47 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:48 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:49 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:50 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:51 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:52 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:53 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:54 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:55 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:56 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:57 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:58 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:49:59 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:00 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:01 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:02 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:03 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:04 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:05 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:06 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:07 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:08 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:09 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:10 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:11 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:12 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:13 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:14 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:15 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:16 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:17 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:18 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:19 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:20 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:21 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:22 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:23 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:24 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:25 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:26 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:27 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:28 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:29 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:30 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:31 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:32 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:33 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:34 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:35 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:37 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:38 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:39 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:40 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:41 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:42 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:43 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:44 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:45 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:47 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:48 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:49 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:50 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:51 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:52 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:53 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:54 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:55 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:56 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:57 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:58 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:50:59 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:00 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:01 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:02 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:03 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:04 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:05 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:06 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:07 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:08 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:09 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:10 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:11 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:12 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:13 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:14 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:15 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:16 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:17 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:18 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:19 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:20 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:21 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:22 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:23 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:24 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:25 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:26 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:27 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:28 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:29 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:30 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:31 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:33 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:34 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:35 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:37 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:38 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:39 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:40 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:41 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:42 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:43 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:44 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:45 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:46 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:47 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:48 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:49 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:50 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:51 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:52 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:53 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:54 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:55 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:56 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:57 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:58 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:51:59 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:00 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:01 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:02 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:03 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:04 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:05 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:06 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:07 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:08 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:09 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:11 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:12 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:13 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:14 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:15 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:16 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:17 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:18 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:19 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:20 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:21 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:22 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:23 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:24 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:25 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:26 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:27 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:28 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:29 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:30 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:31 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:32 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:33 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:34 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:35 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:37 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:38 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:39 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:40 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:41 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 2:52:42 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:29 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:34 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:39 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:40 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:41 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:42 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:43 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:44 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:45 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:46 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:47 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:48 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:49 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:50 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:51 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:52 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:53 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:54 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:55 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:56 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:58 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:41:59 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:00 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:01 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:02 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:03 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:04 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:05 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:06 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:07 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:08 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:09 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:10 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:11 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:12 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:13 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:15 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:16 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:17 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:18 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:19 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:20 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:21 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:22 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:23 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:24 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:25 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:26 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:27 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:28 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:29 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:30 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:31 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:32 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:33 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:34 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:35 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:37 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:38 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:39 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:40 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:41 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:42 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:46 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:47 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:48 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:49 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:50 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:52 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:53 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:54 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:55 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:56 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:57 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:58 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:42:59 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:01 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:02 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:03 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:04 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:05 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:06 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:07 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:08 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:09 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:11 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:12 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:13 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:14 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:19 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:22 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:24 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:25 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:26 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:27 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:28 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:29 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:30 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:31 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:32 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:33 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:35 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:36 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:37 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:38 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:54 AM Denied value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!

7/10/2007 7:43:54 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:55 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:56 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:57 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:58 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:43:59 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:00 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:01 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:04 AM Allowed value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!

7/10/2007 7:44:04 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:05 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:06 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:07 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:08 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:09 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:10 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:11 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:12 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:13 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:14 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:16 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:17 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:18 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:19 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:20 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:21 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:22 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:23 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:24 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:25 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:26 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

7/10/2007 7:44:27 AM Denied value "xabsceiabd" (new data: "") deleted in System Startup global entry!

9/20/2007 1:41:08 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!

9/20/2007 1:42:13 AM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!

9/20/2007 1:42:20 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"") added in System Startup global entry!

9/20/2007 1:42:25 AM Denied (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") added in Browser Helper Object!

9/20/2007 1:51:46 AM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") added in Browser Helper Object!

9/20/2007 1:51:51 AM Allowed (based on user whitelist) value "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!

9/20/2007 1:52:16 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"") changed in System Startup global entry!

9/20/2007 2:23:38 AM Allowed (based on user decision) value "{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}" (new data: "") added in ActiveX Distribution Unit!

9/20/2007 8:20:34 AM Allowed (based on user decision) value "{215B8138-A3CF-44C5-803F-8226143CFC0A}" (new data: "") added in ActiveX Distribution Unit!

9/20/2007 10:39:22 AM Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!

9/21/2007 12:48:41 AM Allowed (based on user decision) value "SmcService" (new data: "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui") added in System Startup global entry!

9/21/2007 1:07:43 AM Allowed (based on user decision) value "BugsDestroyer" (new data: "") deleted in System Startup global entry!

9/23/2007 11:56:57 AM Allowed (based on user decision) value "Adobe Photo Downloader" (new data: ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"") added in System Startup global entry!

9/23/2007 12:01:01 PM Denied (based on user decision) value "getPlusUninstall_dll" (new data: "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall") added in System Startup global entry!

9/24/2007 5:52:00 AM Denied (based on user decision) value "gmcgxstpu" (new data: "c:\windows\system32\gmcgxstpu.exe gmcgxstpu") added in System Startup global entry!

9/24/2007 5:52:15 AM Denied (based on user decision) value "gmcgxstpu" (new data: "c:\windows\system32\gmcgxstpu.exe gmcgxstpu") added in System Startup global entry!

9/26/2007 3:04:53 AM Allowed (based on user decision) value "navilog1" (new data: "C:\Program Files\Navilog1\navilog1.bat") added in System Startup global entry!

9/26/2007 3:17:21 AM Allowed (based on user decision) value "navilog1" (new data: "") deleted in System Startup global entry!

2007-09-26 03:27:54 Allowed (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!

2007-09-26 03:28:00 Allowed (based on user decision) value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!

2007-09-26 03:28:11 Allowed (based on user decision) value "load" (new data: "") deleted in NT startup!

2007-09-26 03:28:23 Allowed (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!

2007-09-26 03:28:32 Allowed (based on user decision) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!

9/26/2007 4:14:35 AM Allowed (based on user decision) value "ccleaner" (new data: ""C:\Program Files\CCleaner\ccleaner.exe" /AUTO") added in System Startup user entry!

9/26/2007 4:49:07 AM Allowed (based on user decision) value "!SASWinLogon" (new data: "") added in Winlogon Notifiers!

9/26/2007 4:51:05 AM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe") added in System Startup user entry!

9/26/2007 4:57:51 AM Allowed (based on user decision) value "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" (new data: "") deleted in Browser Helper Object!

9/26/2007 4:57:55 AM Allowed (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!

9/26/2007 4:57:58 AM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") deleted in Browser Helper Object!

9/27/2007 1:40:46 AM Allowed (based on user decision) value "ccleaner" (new data: "") deleted in System Startup user entry!

9/27/2007 8:08:03 AM Allowed (based on user decision) value "Local Page" (new data: "C:\WINDOWS\System32\blank.htm") changed in Browser page!

9/28/2007 10:16:04 AM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "") deleted in System Startup user entry!

9/28/2007 11:59:45 AM Allowed (based on user decision) value "Shockwave Updater" (new data: "C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0") added in System Startup user entry!

9/28/2007 1:48:16 PM Allowed (based on user decision) value "Shockwave Updater" (new data: "") deleted in System Startup user entry!

10/1/2007 7:11:23 AM Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!

10/1/2007 7:13:39 AM Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

10/1/2007 7:56:21 AM Allowed (based on user decision) value "Uniblue RegistryBooster 2" (new data: "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S") added in System Startup user entry!

10/1/2007 3:33:40 PM Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!

10/1/2007 3:33:52 PM Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

10/1/2007 3:42:41 PM Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!

10/1/2007 3:43:26 PM Allowed (based on user decision) value "BrandClearStubs" (new data: "RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{8E5EE7D3-F705-48A0-A5AD-65B91B7E3FD7}") added in System Startup global entry!

10/1/2007 3:43:35 PM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

10/1/2007 3:46:15 PM Allowed (based on user decision) value "BrandClearStubs" (new data: "") deleted in System Startup global entry!

10/1/2007 3:49:29 PM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!

10/1/2007 3:49:59 PM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

10/2/2007 12:28:08 AM Allowed (based on user decision) value "Adobe Photo Downloader" (new data: "") deleted in System Startup global entry!

10/2/2007 7:30:01 AM Allowed (based on user decision) value "{493ACF15-5CD9-4474-82A6-91670C3DD66E}" (new data: "") added in ActiveX Distribution Unit!

10/3/2007 7:04:17 PM Allowed (based on user decision) value "asrupdate.exe" (new data: "") deleted in System Startup user entry!

10/3/2007 7:04:17 PM Allowed (based on user whitelist) value "load" (new data: "") added in NT startup!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:53:55 AM, on 10/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\iscsiexe.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Owner\Desktop\anti spyware\HiJackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Total Uninstall Agent] "C:\Program Files\Total Uninstall 4\TuAgent.exe"

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} (InstallShield Setup Player V12) - https://www.nationallife.com/saa/ICSolution...Disk1/setup.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://entaireglobal.webex.com/client/T25L...ing/ieatgpc.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O24 - Desktop Component 0: (no name) - http://static.snapfish.com/dm5/hr/template..._photo_topL.gif

--

End of file - 6018 bytes

Link to post
Share on other sites

Hello kdr108,

I had to put my firewall on allow all to post this. Is that normal?

Not really.

* Click here to download HJTsetup.exe

  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Link to post
Share on other sites

The first log is from the run this.bat, its the report.txt, from the SDFix

Here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:13:29 AM, on 10/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\iscsiexe.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\anti spyware\HiJackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Total Uninstall Agent] "C:\Program Files\Total Uninstall 4\TuAgent.exe"

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} (InstallShield Setup Player V12) - https://www.nationallife.com/saa/ICSolution...Disk1/setup.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://entaireglobal.webex.com/client/T25L...ing/ieatgpc.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O24 - Desktop Component 0: (no name) - http://static.snapfish.com/dm5/hr/template..._photo_topL.gif

--

End of file - 5984 bytes

Edited by kdr108
Link to post
Share on other sites

Hello again,

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} (InstallShield Setup Player V12) - https://www.nationallife.com/saa/ICSolution...Disk1/setup.exe

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Link to post
Share on other sites

thank you so much for the time and effort you are putting into helping me.

here is my f-secure report

Scanning Report

Tuesday, October 09, 2007 21:46:56 - 00:01:57

Computer name: YOUR-F9F278A0D6

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\ D:\

Result: 4 malware found

Tracking Cookie (spyware)

* System (Disinfected)

* System

* System

* System

Statistics

Scanned:

* Files: 35733

* System: 4622

* Not scanned: 7

Actions:

* Disinfected: 1

* Renamed: 0

* Deleted: 0

* None: 3

* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options

Scanning engines:

* F-Secure AVP: 7.0.171, 2007-10-10

* F-Secure Blacklight: 1.0.64

* F-Secure Draco: 1.0.35, 0618-150-72

* F-Secure Libra: 2.4.2, 2007-10-07

* F-Secure Orion: 1.2.37, 2007-10-10

* F-Secure Pegasus: 1.19.0, 2007-09-02

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Link to post
Share on other sites

Nice job your log looks clean !

How is it running ?

Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

  • Click Start, Settings, Control Panel
  • Double-click the System icon
  • Click the Performance tab, File System, Troubleshooting tab
  • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  • Then uncheck "Turn off System Restore" which will create a new System Restore point
  • Click OK

I highly recommend downloading the following programs, to keep malware of your computer to begin with.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.

DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.

**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little action-smiley-036.gifHow did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :)

Link to post
Share on other sites
Nice job your log looks clean !

How is it running ?

Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

  • Click Start, Settings, Control Panel
  • Double-click the System icon
  • Click the Performance tab, File System, Troubleshooting tab
  • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  • Then uncheck "Turn off System Restore" which will create a new System Restore point
  • Click OK

I highly recommend downloading the following programs, to keep malware of your computer to begin with.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.

DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.

**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little action-smiley-036.gifHow did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :)

Hello monsterreneg,

I want to thank you very much for your care, But, I still can't download the software. It gives me this message microsoft mshtml.dll.registration failed, and when I closed it down for hanging, it gave me a new message, amtui windows application with a red circle with an x in it. Is there any way that you can help me to download this software, I need it for my work!!!! :wacko:

Link to post
Share on other sites

Hello again,

Please download Dial-a-fix from HERE and unzip it to your desktop.

  • Double click the Dial-a-fix.exe
  • Place a check next to Explorer/IE/OE/shell/WMP DLLs
  • Then hit GO
  • Once the program finishes you may exit out if it.

Now let me know if you can download files.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.