System check (O16:DPF:CR64Loader)

T

Tom.K

Member
Alpha Testers Translator
Logfile of HijackThis v1.99.1
Scan saved at 16:12:12, on 30.9.2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXCFPPLS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ICQ\NDETECT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/fset.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://moj.hinet.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by HThinet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
F1 - win.ini: run=lxcfppls.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [C-Media Mixer] %Mixerparam%
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\SYSTEM\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://moj.hinet.hr/
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

And

{288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object)
DPF name:
CLSID name: CR64Loader Object
Installer:
Codebase: http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
description:
classification: Confirmed as malware
known filename: retro64_loader.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLOADED PROGRAM FILES\
Long name: miniclipGameLoader.dll
Short name: MINICL~1.DLL
Date (created): 25.12.2004 20:06:50
Date (last access): 24.9.2006
Date (last write): 25.12.2004 20:07:08
Filesize: 132752
Attributes: archive
MD5: EEC385FDC67596BB90F7D150A6B6A0F2
CRC32: 83750889
Version: 1.0.0.1

Some Unknown files:
movexe.exe
MSOWS409.DLL
tmpcpyis.bat
tmpdelis.bat
mbuff.sys
ekfpixaudio.dll
ekfpixexif.dll
ekfpixguid.dll
ekfpixio130.dll
ekfpixjpeg.dll
ekfpixpsets.dll
roboex32.dll
RUNDLL.EXE
SIntf16.dll
Tpackrem.bat
tmp053BB.FOT(tmp*****.FOT)
12520437.CPX
12520850.CPX

Topic here:
http://forums.spybot.info/showthread.php?p=44700#post44700
 
Last edited by a moderator:
I believe thats a false possitive
Codebase: http://www.miniclip.com/bestfriends/...GameLoader.dll
description:
classification: Confirmed as malware
known filename: retro64_loader.dll

In other words if the file was actualy retro64_loader.dll then it would be a baddie


But those 016 even when lagitamate can be fixed
Optional fix's >
Start Hijackthis and place a check next to these items If there.
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/...GameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

====================================
Hit fix checked and close Hijackthis.

You have both trend and Nod32 installed ?

You can submit any suspect files at virus total
http://www.virustotal.com/flash/index_en.html
Let us know what was found

"Internet Explorer v5.50 SP1"
Why havent you update Internet explorer ?
 
If you noticed,IOMON98 is not in process list.
I`ve deleted Trend-PC cillin 98 directory.
Now I can`t uninstall Trend.
The DPF:
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
Is not a Downloader.PopCap.b.
And O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Why I must delete it?
I`ve not updated.
I`m too much scared about update.
So,these entries are safe to remove them?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/...GameLoader.dll
Or...not.
Thanks,but my suspected file list is too big :eek: !
And,I`m sorry about mess.
 
I`ve sended only movexe.exe and it was nothing found.
Has somebody mixed my mail?:fear:
 
Why did you delete trend rather than uninstall ?

I would re-install it reboot the pc then uninstall

Why not submit rather than email virus total, i have no idea the problem your seeing.

If your not going to update windows and IE there is realy no sence in continuing here
 
Email is now ok.
I`ve sended only movexe.exe to VirusTotal and the result is:Not infected.
I`will not remove these entries:
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
and
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
I`will remove these:
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/...GameLoader.dll

The IOMON98 it was active,but I`ve wasn`t know how to remove it.(This is happened when I was have 6-7 years)
Can I check advanced settings In hijackthis and can I post a new log (when i get when I can remove entries:
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/...GameLoader.dll)
?
If you noticed,I`ve created new thread: http://forums.spybot.info/showthread.php?p=45385
Now,I`m offline.:fear:
 
I`m still waiting for a answer:
Can I remove these entries:
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - Startup: PowerReg Scheduler V3.exe = C:\WINDOWS\Start Menu\Startup\PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe = C:\WINDOWS\Start Menu\Startup\PowerReg Scheduler.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll

New:
Some program changes Entry:
Non-Changed entry:
Located: HK_LM:Run, LXCFCATS
command: rundll32 C:\WINDOWS\SYSTEM\LXCFtime.dll,_RunDLLEntry@16
file:
Changed entry:
Located: HK_LM:Run, LXCFCATS
command: rundll32 âöżw\LXCFtime.dll,_RunDLLEntry@16
file:
Ad-Watch Logfile, exported on 2.10.2006
===============================================
2.10.2006 19:25:04 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:LXCFCATS
Data:rundll32 C:\WINDOWS\SYSTEM\LXCFtime.dll,_RunDLLEntry@16
New Data:rundll32 âöżw\LXCFtime.dll,_RunDLLEntry@16
Action Taken:Blocked
===============================================
 
Yes those items can be fixed (i already suggested that) plus you can fix the Office startup, office doesnt need to start with windows and after fixing Its 04 run you can still start it manualy when needed.

LXCFtime.dll is lagitamat, you should alow it, im not entirely sure what program it belongs to but it is not malware/spyware/bot
 
Here is my new HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 19:13:57, on 8.10.2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\SYSTEM
Hosts file: C:\WINDOWS\hosts
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\LXCFPPLS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/fset.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://moj.hinet.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by HThinet
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
F1 - win.ini: run=lxcfppls.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (filesize 853672 bytes, MD5 250D787A5712D7768DDC133B3E477759)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX (filesize 844048 bytes, MD5 C8DDFF02594C4A0C4C7C60DF8981E256)
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun (filesize 126976 bytes, MD5 548AE8C51870EC245DAC589B9BF271FC)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeC:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s (filesize 24848 bytes, MD5 37556315E7DADD5EE414B5A438B7843D)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (filesize 24576 bytes, MD5 208C3F7142C109F3055CB07C95AF0F2E)
O4 - HKLM\..\Run: [C-Media Mixer] %Mixerparam%
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe (filesize 71168 bytes, MD5 450D0BA4AA1785ECA34F0D7EA7D5C1BB)
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe (filesize 39424 bytes, MD5 7894315BC8DB1E62256CC097162F49FB)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (filesize 897024 bytes, MD5 96BED20AF6A6245704E92AE405FA8236)
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN (filesize 818688 bytes, MD5 0A351E742807981F8905D7B09AB36C2E)
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\SYSTEM\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (filesize 24576 bytes, MD5 208C3F7142C109F3055CB07C95AF0F2E)
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeC:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe" (filesize 405504 bytes, MD5 BBD82538F33A8935C5694E9956B463D1)
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exeC:\Program Files\ICQ\NDetect.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (filesize 65588 bytes, MD5 F15DDC9505E8B4471F0A138A3FC56C54)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (filesize 672016 bytes, MD5 F9BF77871ADEA4CB4148C5C0A58BAECA)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (filesize 672016 bytes, MD5 F9BF77871ADEA4CB4148C5C0A58BAECA)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll (filesize 1146128 bytes, MD5 3080210CDBF65F2AA01EF589A33F1E7F)
O14 - IERESET.INF: START_PAGE_URL=http://moj.hinet.hr/

O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} (no name) - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38774.4547337963
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
http://acs.pandasoftware.com/activescan/as5free/asinst.cab

I`ve added these entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} (no name) - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38774.4547337963
And sorry If I`m do something wrong.
Entry
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
Is a known online scan.
I`ve tried to scan but when shows like:Updating files...
It doesn`t loads (updates).
And Tip:
Go to My Computer>Control Panel>Internet Options>Security>Trusted sites.
Go to Custom Level... and set all things to Disable or High Safety.
Note:Do not make this if you have some pages which you are added.
And what should i do when is my computer full of junk?
 
Online scans can be problemactic especialy if your on dialup. i have problems at mcafee to occasionaly, just either go back later or try a differant online scan.

Why are you afraid to go update windows and IE ?

"And what should i do when is my computer full of junk?"
more details are needed, i dont understand you.
 
I will uninstall panda.
I`don`t like update.
How I can be sure which update is WGA (Windows Geuine Advantage Tool)
If I update IE 5,what will be happen?
I˙ve take a look to my computer and found some things
C:\_RESTORE\TEMP\A0#######.CPY (#-numbers)
Size:396 MB!?
C:\WINDOWS\TEMP\
can I remove all files in that folder?
 
Temp is cleaned.
Can I clean this Temp:
C:\_RESTORE\TEMP ?
It contains:
A#######.cpy files (#-Number).
I`want report warning about Divx Codec.
Where I need to post?
If I go update IE 5,what can be bad?
Like,stuck.
My hard disk is still full.
How I can remove 1.4 GB (2,3 GB) on my computer?
Can I post suspected list and NOD32 log?
 
Hi

That is windows system restore, you can clear it using windows tools

For Windows ME
Right-click the My Computer icon on the Desktop and click Properties.
Click the Performance tab.
Click the File System button.
Click the Troubleshooting tab.
Select Disable System Restore.
Click Apply > Close > Close.
When prompted to restart, click Yes.
Next go back and Re-enable System Restore
by unchecking Disable System Restore

When it is turned back on it will autoimaticly make a restore point,
which by the way you can use if in the off chance there are problems after
all the updates.

You can post that nod32 log if you like sure.
 
Ok.
Here is NOD32 log (translated from Croatian to English):
Date: 7.10.2006 Time: 12:18:14
Scanned disks, folders and files: C:
C:\_RESTORE\TEMP\A0403462.CPY »GZ - archive is damaged
C:\WINDOWS\WIN386.SWP - cannot open (file is locked) [4]
C:\WINDOWS\OPTIONS\INSTALL\DRIVER5.CAB »CAB »gm16.dls - next archive unit is not found
C:\WINDOWS\OPTIONS\INSTALL\NET3.CAB »CAB »nwlsproc.nw4 - next archive unit is not found
C:\WINDOWS\OPTIONS\INSTALL\WIN_8.CAB »CAB »enc3.bmp - next archive unit is not found
C:\WINDOWS\Application Data\Identities\{35864DE8-D1C7-46FB-8028-2D53B3141F55}\Microsoft\Outlook Express\Igre,slike i programi.dbx »DBX »sends: "Zeljko Matanovic" <zmatanovic@net.hr> receives: radmila.zivkovic@lura.hr, with subject Fwd: Fwd: FW: zelja date Wed, 17 May 2006 14:34:07 +0200 »MIME » - bug in reading archive
C:\WINDOWS\Temporary Internet Files\Content.IE5\0PM30PIN\Comic_Icons_3[1].bip »ZIP »Comic Icons 3.icl - archive is damaged
C:\WINDOWS\Temporary Internet Files\Content.IE5\0PM30PIN\index[3].html »GZ »index[3].html - archive is damaged
C:\WINDOWS\Temporary Internet Files\Content.IE5\QN5D39JQ\dropheads12071738[1].jar »ZIP »a/a/a.class - archive is damaged
C:\WINDOWS\Temporary Internet Files\Content.IE5\CD3IPEBF\CJ9X33LE[1].exe »ZIP »lexbces.ex_ - archive is damaged
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\kawaiicons[1].bip »ZIP »kawaiicons.icl - archive is damaged
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\wordfall[1].cab »CAB »sexy\res\ResLoader.class - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\wordfall[1].cab »CAB »sexy\res\SoundThread.class - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\wordfall[1].cab »CAB »sexy\util\AsyncJSCall.class - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\wordfall[1].cab »CAB »sexy\util\MD5.class - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\wordfall[1].cab »CAB »sexy\util\MTRand.class - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\wordfall[1].cab »CAB »sexy\util\XMLElement.class - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\wordfall[1].cab »CAB »sexy\util\XMLParam.class - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\wordfall[1].cab »CAB »sexy\util\XMLParser.class - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\astropopsounds[1].cab »CAB »sounds\streamed\laser.ogg - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\astropopsounds[1].cab »CAB »sounds\streamed\star_explode.ogg - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\astropopsounds[1].cab »CAB »sounds\streamed\v_gameover.ogg - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\B9JZLV5I\astropopsounds[1].cab »CAB »sounds\streamed\warp3.ogg - archive is damaged - file cannot be extracted.
C:\WINDOWS\Temporary Internet Files\Content.IE5\RXHO8MAG\waves9[1].zip »ZIP »waves9.txt - archive is damaged
C:\WINDOWS\Temporary Internet Files\Content.IE5\RXHO8MAG\LlumBlau[1].bip »ZIP »LlumBlau.icl - archive is damaged
C:\WINDOWS\Temporary Internet Files\Content.IE5\PUQI5U8N\gargul-studio[1] »GZ »gargul-studio[1] - archive is damaged
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip »ZIP »RELATED.HTM - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip »ZIP »nsupd9x.inf - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom1.zip »ZIP »NSupd9x.inf - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom1.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink1.zip »ZIP »flexactv.dll - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink1.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink.zip »ZIP »sbRecovery.reg - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink2.zip »ZIP »VcpDLL.dll - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink2.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink3.zip »ZIP »TSAd.dll - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink3.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/TSADBOT.EXE - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/BORX/korisnik/jtech/Pending.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/BORX/korisnik/jtech/Pending.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/BORX/korisnik/jtech/Done.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/BORX/korisnik/jtech/Done.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/BORX/korisnik/jtech/Pending1.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/BORX/korisnik/jtech/Pending1.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/BORX/korisnik/jtech/Done1.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/BORX/korisnik/jtech/Done1.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/da015951/korisnik/Pending.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/da015951/korisnik/Pending.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/da015951/korisnik/Done.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/da015951/korisnik/Done.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/da015951/korisnik/Pending1.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/da015951/korisnik/Pending1.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/da015951/korisnik/Done1.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Profiles/da015951/korisnik/Done1.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/444/rc - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/444/01010001.004 - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/445/rc - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/445/01010001.004 - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/446/rc - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/446/01010001.004 - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/447/rc - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/447/01010001.004 - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/448/rc - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/448/01010001.004 - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/449/rc - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/449/01010001.004 - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/451/rc - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Ads/451/01010001.004 - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Users/korisnik/Sched.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Users/korisnik/Sched.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Users/korisnik/Sched1.cdb - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »AdGateway/Users/korisnik/Sched1.idx - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink4.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink5.zip »ZIP »TSAd.dll - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink5.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink6.zip »ZIP »AdGateway/TSADBOT.EXE - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink6.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink7.zip »ZIP »TSAd.dll - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink7.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink8.zip »ZIP »AdGateway/TSADBOT.EXE - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConducentTimeSink8.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip »ZIP »sbRecovery.reg - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip »ZIP »sbRecovery.ini - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessageMates.zip »ZIP »sbRecovery.reg - bug - file is protected with password
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessageMates.zip »ZIP »sbRecovery.ini - bug - file is protected with password
 
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »arrow1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »arrow2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bck1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bck2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt11.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt12.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt13.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt21.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt22.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt23.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt31.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt32.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt33.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt41.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt42.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt43.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt51.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt52.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt53.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt61.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt62.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »checkbox1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »checkbox2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »checkbox3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »checkbox4.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »default.skn - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »defbtn1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »defbtn2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »defbtn3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph4.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph5.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph6.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph7.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »main.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »preview.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »sprite1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »tab1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »tab2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »arrow1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »arrow2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »awgrad1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »awgrad2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bck1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bck2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt11.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt12.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt13.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt21.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt22.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt23.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt31.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt32.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt33.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt41.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt42.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt43.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt51.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt52.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt53.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt61.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »bt62.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »checkbox1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »checkbox2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »checkbox3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »checkbox4.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »defbtn1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »defbtn2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »defbtn3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »glyph1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »glyph2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »glyph3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »glyph4.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »glyph5.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »glyph6.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »glyph7.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »greyskin.skn - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »main.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »preview.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »sprite1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »tab1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\GreySkin.ask »ZIP »tab2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »arrow1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »arrow2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »awgrad1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »awgrad2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bck1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bck2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt11.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt12.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt13.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt21.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt22.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt23.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt31.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt32.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt33.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt41.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt42.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt43.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt51.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt52.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt53.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt61.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »bt62.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »checkbox1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »checkbox2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »checkbox3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »checkbox4.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »defbtn1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »defbtn2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »defbtn3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »glyph1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »glyph2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »glyph3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »glyph4.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »glyph5.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »glyph6.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »glyph7.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »main.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »preview.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »sprite1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »tab1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »tab2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\TestSkin.ask »ZIP »testskin.skn - bug - file is protected with password
 
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »arrow1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »arrow2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »awgrad1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »awgrad2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bck1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bck2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt11.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt12.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt13.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt21.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt22.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt23.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt31.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt32.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt33.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt41.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt42.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt43.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt51.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt52.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt53.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt61.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »bt62.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »checkbox1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »checkbox2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »checkbox3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »checkbox4.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »defbtn1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »defbtn2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »defbtn3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »glyph1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »glyph2.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »glyph3.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »glyph4.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »glyph5.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »glyph6.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »glyph7.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »main.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »mediumblue.skn - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »preview.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »sprite1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »tab1.bmp - bug - file is protected with password
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MediumBlueSkin.ask »ZIP »tab2.bmp - bug - file is protected with password
Number of scanned files: 130675
Number of found infections: 0
End time: 13:35:07 Total time scan: 4613 sec (01:16:53)
Note:
[4] File cannot open. Other program or system is using that file.
If I disable restore,does is there possible re-installing Windows?
 
Nothing to be concerned with in that nod32 log
"If I disable restore,does is there possible re-installing Windows?"
Not sure i understand, but once and awhile its a good idea to disable it reboot then re-enable system restore.
 
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.
 
You must log in or register to reply here.
Back
Top