View Full Version : Need help with error 1058
Heatheremmadaddy1000
2008-06-17, 04:35
I keep getting this error 1058 about windows update. I have tried everything I have found about it, so now I will post my HJT log here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:54 PM, on 06/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [44aa3468] rundll32.exe "C:\WINDOWS\system32\tgvleahn.dll",b
O4 - HKLM\..\Run: [BM479907f4] Rundll32.exe "C:\WINDOWS\system32\kturqwjx.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130106900953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
--
End of file - 8584 bytes
I am hoping someone can help me.
pskelley
2008-06-17, 15:39
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This can be a tough infection to remove so do not expect fast or easy.
1) Take care of this problem first!!
You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
C:\PROGRA~1\Grisoft\AVG7 <<< 7 is also out of date.
C:\Program Files\Alwil Software\Avast4\
Uninstall one of those, if you keep AVG, you need to update it right away:
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
2) This is likely a very bad trojan:
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
May be this: http://www.bleepingcomputer.com/startups/algs.exe-10289.html
http://www.google.com/search?hl=en&q=algs.exe+&btnG=Google+Search
http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99&tabid=2
The worm then allows a remote attacker to perform some of the following actions on the compromised computer:
Download, and execute files
Manipulate file system
Gather system information
Update or uninstall the bot
Terminate running processes
Steal passwords
Start socket server
Measure connection speed
Conduct port scans
Copy itself to network shares
I want you to know I spent a lot of time researching this item to be sure, see this:
http://mirrors.castlecops.com/O23.html <<< scan of the item return nothing.
Windows Image Acquisition
While Windows Image Acquisition appears to be a valid process, see this:
http://www.google.com/search?hl=en&q=Windows+Image+Acquisition+&btnG=Google+Search
From the information I find I must make you aware this is likely a trojan. If you know something different about the service:
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
Please make me aware.
Because of the information I am finding, I believe you should have this information:
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
Besides that you also had a Vundo infection.
Let us know what you have decided to do in your next post.
Thanks
Heatheremmadaddy1000
2008-06-17, 16:51
Thanks for the info. I have decided to get rid of the avast antivirus, it is gone now. I am also going to let you help me get rid of the trojan with out reformatting if you can. I dont have any important info on that machine as it is on the other one i have.
Pleae help
Thanks
pskelley
2008-06-17, 17:03
Thanks for the feedback and I will do all I can to accomplish that. What I need from you is to remove the extra AV, if you are keeping AVG (I run it myself) then update to the new verion, that version has been out of date since 5/31/2008. Once you download and install the new version, get the latest updates and then run a complete system scan. Quarantine (virus vault) what AVG 8 find. You should be able to save that report, post it for me to view along with a new HijackThis log. I caution you to stay offline with this computer except when you need to be on to troubleshoot until we get you cleaned up, which is going to take a while.
Thanks...Phil
Heatheremmadaddy1000
2008-06-17, 18:44
I will do that when I get home from work today, thanks for trying to help. I will post the logs later when I get home and do that.
Heatheremmadaddy1000
2008-06-18, 03:15
Well AVG wont install on my machine it keeps giving me this error.
Local machine: installation failed
Installation:
Error: Action failed for registry value HKLM\SOFTWARE\Classes\AvgDiagFile\DefaultIcon:: creating registry value....
Error 0x80070005
Here is my HJT log file as of now.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:22 PM, on 06/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [44aa3468] rundll32.exe "C:\WINDOWS\system32\jgrpuaos.dll",b
O4 - HKLM\..\Run: [BM479907f4] Rundll32.exe "C:\WINDOWS\system32\kturqwjx.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130106900953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
--
End of file - 7761 bytes
pskelley
2008-06-18, 03:29
Who does this computer belong to? I am wondering why you are running with an expired antivirus program anyway? AVG has been sending notices for weeks and it has been expired since 5/31/2008?
Let's try to remove some of the junk first, since you do not have an up to date antivirus program, keep this computer offline except when you are working on the problem.
Remove any old copies of combofix before you proceed.
Thanks to sUBs and anyone else who helped with this fix.
It is important that it is saved directly to your Desktop
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the combofix log and a new HJT log.
Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Thanks
I am down for the night at this point, and will not respond again before AM EST.
Heatheremmadaddy1000
2008-06-18, 04:05
This computer has been having problems for a while now and AVG updates everyday and then restarts the machine, and then the update is not applied.
The computer is mine own and I have had it for several years now, and now it is my wifes.
My combofix log is as follows:
ComboFix 08-06-16.5 - User 2008-06-17 17:45:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.388 [GMT -7:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\windows
C:\Program Files\outlook
C:\RECYCLER\desktop.ini
C:\WINDOWS\BM479907f4.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\BdeMnnnn.ini
C:\WINDOWS\system32\BdeMnnnn.ini2
C:\WINDOWS\system32\bknjylsd.dll
C:\WINDOWS\system32\dgijncec.dll
C:\WINDOWS\system32\gruqaxce.ini
C:\WINDOWS\system32\hjmdndlg.ini
C:\WINDOWS\system32\jgrpuaos.dll
C:\WINDOWS\system32\jnrajufs.dll
C:\WINDOWS\system32\kesyhrpt.ini
C:\WINDOWS\system32\khfFWmnN.dll
C:\WINDOWS\system32\kjgnkbdb.dll
C:\WINDOWS\system32\kturqwjx.dll
C:\WINDOWS\system32\kvxjtxoi.dll
C:\WINDOWS\system32\kwbuxuhn.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvlaniry.dll
C:\WINDOWS\system32\mxssxwml.dll
C:\WINDOWS\system32\mxwbpemr.ini
C:\WINDOWS\system32\nfevnfhp.dll
C:\WINDOWS\system32\nhaelvgt.ini
C:\WINDOWS\system32\NnmWFfhk.ini
C:\WINDOWS\system32\NnmWFfhk.ini2
C:\WINDOWS\system32\nnviqudr.dll
C:\WINDOWS\system32\ofjmdggu.dll
C:\WINDOWS\system32\pjsfrwue.dll
C:\WINDOWS\system32\qqkdfnak.ini
C:\WINDOWS\system32\rduqivnn.ini
C:\WINDOWS\system32\roojfjfu.dll
C:\WINDOWS\system32\rorrkass.dll
C:\WINDOWS\system32\rorufugv.dll
C:\WINDOWS\system32\soauprgj.ini
C:\WINDOWS\system32\tvoxlpms.ini
C:\WINDOWS\system32\twxkvxsc.dll
C:\WINDOWS\system32\txbtgrir.dll
C:\WINDOWS\system32\vxbaapsf.ini
C:\WINDOWS\system32\wfbeemqk.ini
C:\WINDOWS\system32\xauflbbj.ini
C:\WINDOWS\system32\xftgjmmh.dll
C:\WINDOWS\system32\ylkprovf.dll
C:\WINDOWS\system32\ypcvbraj.dll
C:\WINDOWS\system32\ystknesl.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
2008-06-15 16:15 . 2008-06-15 16:15 <DIR> d-------- C:\WINDOWS\The Secret of Margrave Manor
2008-06-15 16:15 . 2008-06-15 16:17 <DIR> d-------- C:\Program Files\The Secret of Margrave Manor
2008-06-14 21:21 . 2008-06-14 21:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Big Fish Games
2008-06-14 15:40 . 2008-06-14 15:52 71 --a------ C:\WINDOWS\WININIT.INI
2008-06-14 15:33 . 2008-06-17 17:24 <DIR> d-------- C:\Program Files\X-Cleaner
2008-06-13 17:52 . 2008-06-17 17:24 <DIR> d-------- C:\Program Files\Panda Security
2008-06-13 17:34 . 2008-06-13 17:36 <DIR> d-------- C:\Documents and Settings\User\.housecall6.6
2008-06-10 17:15 . 2008-06-10 17:15 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-10 17:14 . 2008-06-10 17:14 23,047,784 --a------ C:\temp\setupeng.exe
2008-06-09 20:28 . 2008-06-09 20:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 20:27 . 2008-06-09 20:27 812,344 --a------ C:\temp\HJTInstall.exe
2008-06-08 17:31 . 2008-06-08 17:31 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-06-08 17:31 . 2008-06-08 17:31 <DIR> d-------- C:\WINDOWS\The Clumsys
2008-06-08 17:30 . 2008-06-08 17:30 <DIR> d-------- C:\WINDOWS\Mystery In London
2008-06-08 17:30 . 2008-06-08 17:30 <DIR> d-------- C:\Program Files\Mystery In London
2008-06-07 15:18 . 2008-06-07 15:18 9,722,720 --a------ C:\temp\spybotsd152.exe
2008-05-30 21:33 . 2008-05-30 21:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-30 21:33 . 2008-05-30 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 21:17 . 2008-05-30 21:17 690,568 --a------ C:\temp\rr-free-setup.exe
2008-05-29 17:13 . 2008-05-29 17:13 <DIR> d-------- C:\WINDOWS\Haunted Hotel
2008-05-29 17:13 . 2008-05-29 17:13 <DIR> d-------- C:\WINDOWS\Dream Day - First Home
2008-05-29 17:12 . 2008-05-29 17:12 <DIR> d-------- C:\WINDOWS\Mystery Cookbook
2008-05-28 20:14 . 2008-05-28 20:14 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-05-28 20:13 . 2008-05-28 20:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 20:13 . 2008-05-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 20:13 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 20:13 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 20:11 . 2008-05-28 20:11 128,368 --a------ C:\temp\Download_mbam-setup.exe
2008-05-28 19:37 . 2008-05-28 20:12 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-28 19:37 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-28 17:24 . 2008-05-28 17:24 19,153,264 --a------ C:\temp\aaw2008.exe
2008-05-27 17:53 . 2008-05-27 17:53 48,585 --a------ C:\WINDOWS\system32\12520437m.sys
2008-05-27 17:51 . 2001-08-23 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-27 17:51 . 2008-05-30 20:54 180 --a-s---- C:\WINDOWS\system32\2722900764.dat
2008-05-27 17:51 . 2008-05-27 17:51 2 --a------ C:\1152005319
2008-05-27 17:01 . 2008-05-27 17:01 <DIR> d-------- C:\WINDOWS\The Lost Treasures Of Alexandria
2008-05-27 17:00 . 2008-05-27 17:00 <DIR> d-------- C:\WINDOWS\Hide & Secret 2 - Cliffhanger Castle
2008-05-27 16:59 . 2008-05-27 16:59 <DIR> d-------- C:\WINDOWS\Empire of the Gods
2008-05-27 16:59 . 2008-05-27 16:59 <DIR> d-------- C:\WINDOWS\Caribbean Pirate Quest
2008-05-22 17:04 . <DIR> C:\WINDOWS\Sultan of Persia
2008-05-22 17:04 . <DIR> C:\Program Files\Sultan of Persia
2008-05-22 17:03 . 2008-05-22 17:03 <DIR> d-------- C:\WINDOWS\Hidden Wonders of the Depths
2008-05-21 21:28 . 2008-05-21 21:28 <DIR> d-------- C:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet
2008-05-20 22:51 . 2008-05-20 22:51 <DIR> d-------- C:\WINDOWS\The Hidden Object Show
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-18 00:12 --------- d-----w C:\Documents and Settings\User\Application Data\AVG7
2008-06-13 23:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 00:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-02 00:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-02 00:41 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-05-31 04:33 --------- d-----w C:\Program Files\QuickTime
2008-05-11 03:37 --------- d-----w C:\Documents and Settings\User\Application Data\Restorer
2008-05-05 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2008-05-05 02:07 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-05-05 02:06 --------- d-----w C:\Program Files\JumpStart
2008-03-18 15:28 25,840 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2008-03-13 23:52 0 ----a-w C:\Program Files\temp01
2005-01-23 03:34 713,503 ----a-w C:\Program Files\xnews.zip
1989-12-12 18:10 1,050,000 --sh--r C:\WINDOWS\fyeames.exe
2001-08-23 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 08:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
.
------- Sigcheck -------
2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 00:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{683E2552-188D-4F53-BC4C-32E0E94771E1}]
C:\WINDOWS\system32\rqRIcbCS.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A9D4E6B-29BC-4908-9C48-D0FCF6F84E04}]
C:\WINDOWS\system32\nnnnMedB.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 00:55 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-14 08:59 579584]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
"Dimension4"="C:\Program Files\D4\D4.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:05 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{683E2552-188D-4F53-BC4C-32E0E94771E1}"= C:\WINDOWS\system32\rqRIcbCS.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIcbCS]
rqRIcbCS.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
R0 bridgeex;bridgeex;C:\WINDOWS\system32\drivers\bridgeex.sys [2006-06-05 05:09]
R1 hsf2k;hsf2k;C:\WINDOWS\system32\drivers\hsf2k.sys [2006-09-21 05:39]
S2 stisvcBITS;Windows Image Acquisition (WIA) stisvcBITS;C:\WINDOWS\system32\algs.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9455d23-e7d3-11dc-8761-0002b34a6880}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 17:55:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\wuapi.dll.wusetup.273828.bak 430592 bytes executable
C:\WINDOWS\system32\wuauclt.exe.wusetup.282937.bak 111104 bytes executable
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.284750.bak 162304 bytes executable
C:\WINDOWS\system32\wuaueng.dll.wusetup.287750.bak 1134592 bytes executable
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-06-17 18:04:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 01:03:26
Pre-Run: 22,482,812,928 bytes free
Post-Run: 22,406,799,360 bytes free
229 --- E O F --- 2008-05-16 12:49:17
My HJT log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:21 PM, on 06/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\WindowsXP-KB905474-ENU-x86.exe
c:\460ea60778ebba097d3ae527579a5b\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: (no name) - {683E2552-188D-4F53-BC4C-32E0E94771E1} - C:\WINDOWS\system32\rqRIcbCS.dll (file missing)
O2 - BHO: (no name) - {7A9D4E6B-29BC-4908-9C48-D0FCF6F84E04} - C:\WINDOWS\system32\nnnnMedB.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130106900953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O20 - Winlogon Notify: rqRIcbCS - rqRIcbCS.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
--
End of file - 8360 bytes
Thanks for all the help so far
Peter
pskelley
2008-06-18, 15:26
It is very important that your take the time to read and follow all directions carefully and in the numbered order.
1) C:\temp\spybotsd152.exe <<< Spybot S&D is running from a temp folder? Uninstall that program, I will also do that with combofix in the event you can uninstall. You may reinstall it when you are clean. Please install it to the default location when you do which will be C:\Program Files.
2) C:\temp\aaw2008.exe <<< do the same thing with Ad-Aware if you need that program.
3) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
5) Disable the Service
Click Start > Run and type services.msc
Scroll down to Windows Image Acquisition and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.
6) Open notepad and copy/paste the text in the codebox below into it:
File::
c:\460ea60778ebba097d3ae527579a5b\update\update.exe
C:\temp\spybotsd152.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{683E2552-188D-4F53-BC4C-32E0E94771E1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A9D4E6B-29BC-4908-9C48-D0FCF6F84E04}]
Save this as CFScript
http://i24.photobucket.com/albums/c30/ken545/CFScript.gif
Referring to the picture above, drag CFScript into ComboFix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
7) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: (no name) - {683E2552-188D-4F53-BC4C-32E0E94771E1} - C:\WINDOWS\system32\rqRIcbCS.dll (file missing)
O2 - BHO: (no name) - {7A9D4E6B-29BC-4908-9C48-D0FCF6F84E04} - C:\WINDOWS\system32\nnnnMedB.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O20 - Winlogon Notify: rqRIcbCS - rqRIcbCS.dll (file missing)
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
8) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the combofix log from CFScript and a new HJT log.
Once that is posted, then do this:
Start > Control Panel > Add Remove Programs and uninstall AVG7. Once it is uninstalled, then download AVG 8 here:
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
Take your time and read every prompt so you don't wind up with a trial version if you want the free one. Read all instructions carefully before choosing, once you have AVG installed, you will need to update right away after it is activated. As soon as it is running in the system tray, do a system scan and save the report, post it here.
Thanks
Heatheremmadaddy1000
2008-06-18, 17:35
Thanks, I fifgured out why it wouoldnt install, I was trying to install the trial version, instead of the free version. I will post everything tonight after work. It will most likely be after you are off tonight as I am in pacific time.
Thanks
Peter
pskelley
2008-06-18, 18:32
Hey Peter, thanks for the feedback. I wondered what the issue was and was guessing Vundo was blocking you, the hackers keep changing what it does. I probably won't see your post until around 6AM EST. Here is a peek at this side of the country, I am about two miles from Clearwater Beach.
http://www.beachtourism.com/pier.htm
Phil
Heatheremmadaddy1000
2008-06-19, 06:51
Here we go, this is the combofix log from CFScript
ComboFix 08-06-16.5 - User 2008-06-18 20:30:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.418 [GMT -7:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\460ea60778ebba097d3ae527579a5b\update\update.exe
C:\temp\spybotsd152.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\gimmygames91.dat
C:\WINDOWS\winsysupd101.dat
C:\WINDOWS\winsysupd91.dat
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.
2008-06-17 19:54 . 2008-06-18 00:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-17 18:47 . 2008-06-17 18:47 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-17 18:42 . 2008-06-17 18:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-17 18:42 . 2008-06-17 18:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-17 18:41 . 2008-06-18 18:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-17 18:41 . 2008-06-17 18:41 <DIR> d-------- C:\Program Files\AVG
2008-06-17 18:41 . 2008-06-17 20:12 <DIR> d-------- C:\Documents and Settings\User\Application Data\AVGTOOLBAR
2008-06-17 18:41 . 2008-06-17 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-17 18:29 . 2008-06-18 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-17 18:03 . 2008-04-14 04:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-15 16:15 . 2008-06-15 16:15 <DIR> d-------- C:\WINDOWS\The Secret of Margrave Manor
2008-06-15 16:15 . 2008-06-15 16:17 <DIR> d-------- C:\Program Files\The Secret of Margrave Manor
2008-06-14 21:21 . 2008-06-14 21:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Big Fish Games
2008-06-14 15:40 . 2008-06-14 15:52 71 --a------ C:\WINDOWS\WININIT.INI
2008-06-14 15:33 . 2008-06-17 17:24 <DIR> d-------- C:\Program Files\X-Cleaner
2008-06-13 17:52 . 2008-06-17 17:24 <DIR> d-------- C:\Program Files\Panda Security
2008-06-13 17:34 . 2008-06-13 17:36 <DIR> d-------- C:\Documents and Settings\User\.housecall6.6
2008-06-10 17:15 . 2008-06-10 17:15 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-10 17:14 . 2008-06-10 17:14 23,047,784 --a------ C:\temp\setupeng.exe
2008-06-09 20:28 . 2008-06-09 20:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 20:27 . 2008-06-09 20:27 812,344 --a------ C:\temp\HJTInstall.exe
2008-06-08 17:31 . 2008-06-08 17:31 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-06-08 17:31 . 2008-06-08 17:31 <DIR> d-------- C:\WINDOWS\The Clumsys
2008-06-08 17:30 . 2008-06-08 17:30 <DIR> d-------- C:\WINDOWS\Mystery In London
2008-06-08 17:30 . 2008-06-08 17:30 <DIR> d-------- C:\Program Files\Mystery In London
2008-05-30 21:33 . 2008-05-30 21:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-30 21:33 . 2008-05-30 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 21:17 . 2008-05-30 21:17 690,568 --a------ C:\temp\rr-free-setup.exe
2008-05-29 17:13 . 2008-05-29 17:13 <DIR> d-------- C:\WINDOWS\Haunted Hotel
2008-05-29 17:13 . 2008-05-29 17:13 <DIR> d-------- C:\WINDOWS\Dream Day - First Home
2008-05-29 17:12 . 2008-05-29 17:12 <DIR> d-------- C:\WINDOWS\Mystery Cookbook
2008-05-28 20:14 . 2008-05-28 20:14 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-05-28 20:13 . 2008-05-28 20:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 20:13 . 2008-05-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 20:13 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 20:13 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 20:11 . 2008-05-28 20:11 128,368 --a------ C:\temp\Download_mbam-setup.exe
2008-05-28 19:37 . 2008-05-28 20:12 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-28 19:37 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-27 17:53 . 2008-05-27 17:53 48,585 --a------ C:\WINDOWS\system32\12520437m.sys
2008-05-27 17:51 . 2001-08-23 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-27 17:51 . 2008-05-30 20:54 180 --a-s---- C:\WINDOWS\system32\2722900764.dat
2008-05-27 17:51 . 2008-05-27 17:51 2 --a------ C:\1152005319
2008-05-27 17:01 . 2008-05-27 17:01 <DIR> d-------- C:\WINDOWS\The Lost Treasures Of Alexandria
2008-05-27 17:00 . 2008-05-27 17:00 <DIR> d-------- C:\WINDOWS\Hide & Secret 2 - Cliffhanger Castle
2008-05-27 16:59 . 2008-05-27 16:59 <DIR> d-------- C:\WINDOWS\Empire of the Gods
2008-05-27 16:59 . 2008-05-27 16:59 <DIR> d-------- C:\WINDOWS\Caribbean Pirate Quest
2008-05-22 17:04 . <DIR> C:\WINDOWS\Sultan of Persia
2008-05-22 17:04 . <DIR> C:\Program Files\Sultan of Persia
2008-05-22 17:03 . 2008-05-22 17:03 <DIR> d-------- C:\WINDOWS\Hidden Wonders of the Depths
2008-05-21 21:28 . 2008-05-21 21:28 <DIR> d-------- C:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet
2008-05-20 22:51 . 2008-05-20 22:51 <DIR> d-------- C:\WINDOWS\The Hidden Object Show
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 01:29 --------- d-----w C:\Program Files\Google
2008-06-13 23:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 00:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-11 00:33 112,866,357 ----a-w C:\WINDOWS\system32\Vbacache.dll
2008-06-02 00:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-02 00:41 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-05-31 04:33 --------- d-----w C:\Program Files\QuickTime
2008-05-11 03:37 --------- d-----w C:\Documents and Settings\User\Application Data\Restorer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\quartz.dll
2008-05-05 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2008-05-05 02:07 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-05-05 02:06 --------- d-----w C:\Program Files\JumpStart
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-18 15:28 25,840 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2008-03-13 23:52 0 ----a-w C:\Program Files\temp01
2005-01-23 03:34 713,503 ----a-w C:\Program Files\xnews.zip
1989-12-12 18:10 1,050,000 --sh--r C:\WINDOWS\fyeames.exe
2001-08-23 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 08:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
.
------- Sigcheck -------
2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 00:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_18.02.58.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-18 00:54:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 01:44:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 08:59:35 151,040 ------w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:56 151,040 ------w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 08:59:35 1,054,208 ------w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:57 1,054,208 ------w C:\WINDOWS\system32\danim.dll
- 2008-02-16 08:59:34 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 08:59:35 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:56 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 08:59:35 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:57 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 08:59:35 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 08:59:35 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:57 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 08:59:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:58 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 08:59:35 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:58 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 08:59:35 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:29:38 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 08:59:37 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 08:59:37 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:59 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 08:59:37 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:59 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 08:59:37 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 08:59:38 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 08:59:38 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 08:59:38 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:04:00 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 08:59:39 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:04:00 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 08:56:48 430,592 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-31 02:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2004-08-04 08:56:58 111,104 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-31 02:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2004-08-04 08:56:48 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-31 02:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2004-08-04 08:56:48 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-31 02:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2004-08-04 08:56:48 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-31 02:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2004-08-04 08:56:48 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-31 02:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-06-18 01:41:59 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2004-08-04 07:10:38 274,304 ------w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
- 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 08:59:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:57 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 08:59:35 96,256 ------w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:58 96,256 ------w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 08:59:35 16,384 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 08:59:37 146,432 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:59 146,432 ------w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 08:59:37 532,480 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:59 532,480 ------w C:\WINDOWS\system32\mstime.dll
- 2008-05-29 02:39:25 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-18 04:01:51 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-29 02:39:25 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-18 04:01:52 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-10 21:10:02 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 08:56:48 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-04 08:56:58 111,104 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-04 08:56:48 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-04 08:56:48 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-04 08:56:48 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2004-08-04 08:56:48 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 00:55 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
"Dimension4"="C:\Program Files\D4\D4.exe" [ ]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-17 18:41 1177368]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIcbCS]
rqRIcbCS.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
R0 bridgeex;bridgeex;C:\WINDOWS\system32\drivers\bridgeex.sys [2006-06-05 05:09]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-17 18:42]
R1 hsf2k;hsf2k;C:\WINDOWS\system32\drivers\hsf2k.sys [2006-09-21 05:39]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-17 18:41]
S2 stisvcBITS;Windows Image Acquisition (WIA) stisvcBITS;C:\WINDOWS\system32\algs.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9455d23-e7d3-11dc-8761-0002b34a6880}]
\Shell\AutoRun\command - G:\setupSNK.exe
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 20:33:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-06-18 20:37:07
ComboFix-quarantined-files.txt 2008-06-19 03:36:04
ComboFix2.txt 2008-06-18 01:04:32
Pre-Run: 24,056,324,096 bytes free
Post-Run: 24,045,072,384 bytes free
323 --- E O F --- 2008-06-18 01:19:12
Here is my new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:04 PM, on 06/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130106900953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: rqRIcbCS - rqRIcbCS.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
--
End of file - 6819 bytes
Heatheremmadaddy1000
2008-06-19, 06:57
Here is the first part of the avg log
Infected objects removed or healed;"10"
Not removed or healed.;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"573"
Information count:;"0"
Scan started:;"Tuesday, June 17, 2008, 11:00:01 PM"
Total object scanned:;"726518"
Time needed:;"2 hour(s) 40 minute(s) 2 second(s) "
Errors encountered:;"0"
Infections
File;"Infection";"Result"
C:\Documents and Settings\User\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.87278;"Virus found Win32/Heur";"Moved to Virus Vault"
C:\Documents and Settings\User\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.99633;"Virus found Win32/Heur";"Moved to Virus Vault"
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP1242\A0162246.dll;"Trojan horse Generic10.AKYR";"Moved to Virus Vault"
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP1243\A0162533.dll;"Trojan horse Generic10.ALNA";"Moved to Virus Vault"
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP1243\A0162534.dll;"Trojan horse Vundo.T";"Moved to Virus Vault"
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP1243\A0162535.dll;"Trojan horse Vundo.T";"Moved to Virus Vault"
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP1247\A0165000.dll;"Trojan horse Generic10.AMRA";"Moved to Virus Vault"
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP1247\A0165001.dll;"Trojan horse Generic10.AMRA";"Moved to Virus Vault"
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP1247\A0165002.dll;"Trojan horse Vundo.T";"Moved to Virus Vault"
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP1247\A0165003.dll;"Trojan horse Vundo.T";"Moved to Virus Vault"
Warnings
File;"Infection";"Result"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-15D9-4736-AB29-131578A45F2B};"Found Adware.Wordsonweb";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-59D4-4008-9058-080011001200};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-C1EC-0345-6EC2-4D0300000000};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-F09C-02B4-6EC2-AD0300000000};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000001-C003-4A2F-9142-7CB1D78DE6C1};"Found Adware.InternetOptimizer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000049-8F91-4D9C-9573-F016E7626484};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000062-2E5F-4AF7-986E-5B64E0951A96};"Found Adware.BetterInternet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00027925-0017-4FAF-9539-90E4AC0B9EC5};"Found Adware.IEPlugin";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00110011-4B0B-44D5-9718-90C88817369B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{002AF282-E42D-4B51-9F70-F1570C02FAAD};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441};"Found Downloader.ConHook.l";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00F1D395-4744-40F0-A611-980F61AE2C59};"Found Adware.DrSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01B55AFA-F451-474B-9E91-C35B24D02641};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01D8D081-0F76-4AB5-B5E4-9B23A709670E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01E69986-A054-4C52-ABE8-EF63DF1C5211};"Found Adware.CramToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{020B1227-417D-4682-9AC3-61F43CB5B6B1};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{037CE595-57CB-4EB5-9775-97BC112F3BB3};"Found Trojan.Bomka";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{052B12F7-86FA-4921-8482-26C42316B522};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{05324ED1-05C0-4E3A-A34F-98BFC64426F5};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06170642-FA65-4FB6-AC79-5F235CB99BC2};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06849E9F-C8D7-4D59-B87D-784B7D6BE083};"Found Logger.Agent.io";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06FE8138-6C67-484F-AB1F-42ABDDD2CBB6};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{086AE192-23A6-48D6-96EC-715F53797E85};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{08A312BB-5409-49FC-9347-54BB7D069AC6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0A00D11E-B1E7-44B5-AD88-C9190876AAC4};"Found Adware.Dyibar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0AD937E7-2F37-4873-A05E-548A67EF1D0E};"Found Adware.FlashEnhancer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0BAD5052-665D-40D4-A9BD-A2891EAAFB42};"Found Adware.VirusBursters";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0BAE99AF-A9F7-4F7E-9C72-2C1CC81BE0FF};"Found Adware.CreatrixMedia";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0C5A0FFF-9164-493B-93E0-17446374E0A0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D0FAB5C-2BE4-4126-A28E-828FEBCE1E55};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D2DEF3A-F4F1-42EC-AC4F-132E7BA6E292};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D4C7057-EAD2-44C6-AD18-9092905F28F1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D9EB558-0666-479E-868A-21B1D1A53BD1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E4E5110-A772-4C4A-A7DC-137FE10ABD6E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0F25878F-F8AE-5D5D-2BB7-31B5F803290D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11111111-2222-408A-9842-CDBE1C6D37EB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11853D5F-F894-4CC7-BBC3-FC7A9DCFD896};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11904CE8-632A-4856-A7CC-00B33FE71BD8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11A4CA8C-A8B9-49C2-A6D3-3F64C9EEBAE6};"Found Adware.Shorty";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F09AFD-75AD-4E51-AB43-E09E9351CE16};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{125494B2-ACAD-414C-98B9-452F3EF7703A};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13146842-6251-5625-3072-548536364311};"Found Logger.Goldun.an";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{150FA160-130D-451F-B863-B655061432BA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1559E6C1-7E5E-4461-9457-6A2DEA85EB9F};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{159C2E51-9823-11D2-8DDC-D84A1B4ACD4D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15ACE85C-0BB1-42D1-9E32-07EB0506675A};"Found Downloader.Small.nl";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15BA172C-5F41-4CB9-B38D-530FD507997C};"Found Trojan.KillProc.h";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1640DE0E-75E4-4A83-B5D1-2492BC7EBA8F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{16875E09-927B-4494-82BD-158A1CD46BA0};"Found Downloader.Delf.vt";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{168CF174-6DAB-461C-A761-A7ADFA5A5719};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{16A770A0-0E87-4278-B748-2460D64A8386};"Found Adware.Generic";"Potentially dangerous object"
Heatheremmadaddy1000
2008-06-19, 07:02
Here is part 2 of the avg log
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17253725-2463-2796-3683-279268379362};"Found Trojan.Goldun.u";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{18A41B20-E519-47A1-B545-FFC200730E9B};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{18F57D30-EF36-4C0E-9343-7BFA6DF79B4A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{197A85BC-BD97-4404-A702-95E556E4DAEB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{197B8CA4-E215-46DD-8F33-E0544A80E5C4};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A01A98C-4F25-42E1-971A-185CF63569B2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A1DDC19-5893-43AB-A73F-F41A0F34D115};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1AC5C88A-DEA7-462B-A232-04AF5CA42E7E};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4};"Found Adware.ActivShopper";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5};"Found Downloader.Delf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B689522-64CD-46A3-B454-BCB4A7F55E78};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B9CB0F8-118B-49C1-956D-B703E976F8E3};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BB87441-6B7F-4B60-885C-B7AF9F9AFDE3};"Found Adware.Affilred";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C044AAD-7955-4CBD-8175-501A165C4E5D};"Found Trojan.Conhook.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C4DA27D-4D52-4465-A089-98E01BB725CA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482e-80C0-3A1E5238A565};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CA480CD-C0E5-4548-874E-B85B17905B3A};"Found Trojan.Zlob.f";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D1B2879-99FF-11E3-8D96-D7ACAC95952A};"Found Logger.PerfectKeylogger";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E6CE4CD-161B-4847-B8BF-E2EF72299D69};"Found Logger.Sters";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F6FE2C2-6040-4645-9053-7F689AFFE176};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2016A466-91A2-43C6-97D8-2FD380F065EF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{202A961F-23AE-42B1-9505-FFE3C818D717};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{20929603-21DB-477C-BA6F-0B8E70B3C8A0};"Found Adware.CramToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{20A3D913-30EF-4E69-B3F7-93B3F1FB9D5C};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{21345678-9ABC-DEF0-0FED-CBA987654321};"Found Trojan.PWS.cu";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4};"Found Adware.WinAntiVirus";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22024DC7-D190-44EC-9D49-AEE5F244A466};"Found Adware.DriveCleaner";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2296428D-C133-4928-B76A-A200FF409572};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB};"Found Adware.Begin2search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2353FCBC-012D-487B-8BF3-865C0929FBEB};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2439DCBB-DA51-FB1C-927A-CC1E586A8D00};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{246A2CA8-10D9-4F50-B259-CAFF6619A12E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{250D1063-5414-4FB0-86D5-AABB7A5D7DA7};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2559D0B1-AF60-4BD5-965D-0E51383A6367};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{25B7D2FD-4F71-46D1-801A-7DE323E4EC82};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27150F81-0877-42E9-AF13-55E5A3439A26};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27321538-5739-4AA1-B84C-7D18E4383F1F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27AC09EE-C20B-4BA4-8E27-F1C33D263875};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824};"Found Adware.iLookup";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A0176FE-008B-4706-90F5-BBA532A49731};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2ACF3ADD-34A1-4F2F-99CF-CC69785D1E90};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2B334C22-40CA-438F-913A-61A8105C4CCD};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2BE26361-58A2-4836-BE57-B838F02FEC3F};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D38A51A-23C9-48a1-A33C-48675AA2B494};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2DC9D850-044D-11E1-B3C9-00805E499D93};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2DC9D850-144D-11E1-B3C9-10805E499D93};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E16DA2D-3194-4B72-AF4E-FD8597CFAFDC};"Found Hijacker.MorwillSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E246FAE-8420-11D9-870D-000C2917DE7F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31615D5C-5126-448A-818A-A7CDFEE85A9B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{330A77C2-C15A-43B5-055C-B4E35EAED279};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{34A12A06-48C0-420D-8F11-73552EE9631A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{364B6276-C6C1-40B6-A6D7-6C48871FD707};"Found Adware.Accoona";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{366B2151-E1C7-44A3-86A3-E5686C2A3D2F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{382ED25E-FF84-4A00-ACC4-4DDADD62DDDD};"Found Adware.CashDeluxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{392BAF48-A26A-45B5-9263-97128E429268};"Found Adware.AdBlaster";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39C78B50-7E98-4AA0-B007-D83114EA6E0F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3A4E6FF3-BF59-446E-9DC8-731BCE2F349A};"Found Trojan.Banker.q";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3BF1F86F-B1A8-489B-8D8B-43781D51411F};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3C767C6B-602D-4B9B-829D-A3DC5B2D89DD};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3D00A39C-655B-428B-AEB2-2FBA03DCC49C};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3D782BB3-F2A5-11D3-BF4C-000000000000};"Found Adware.ActivShopper";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E290290-1728-4C1E-863A-AA12526333F6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E422F49-1566-40D3-B43D-077EF739AC32};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E4563A4-2A9B-4912-BE38-906A0CB702CC};"Found Adware.FastFind";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92};"Found Adware.Henbang";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3F2BBC05-40D
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3FDE0CB5-619F-4227-8961-F2D7ED15B88E};"Found Adware.CramToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4006DCA3-433D-4FC8-AC36-42DA7797DCB7};"Found Adware.eZula";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4022F902-ABC7-4C79-924F-BB26F1D355A2};"Found Adware.Dyibar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{405132A4-5DD1-4BA8-A181-95C8D435093A};"Found Adware.VipSearcher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{408F660A-9465-44A3-B557-8709DFD992BC};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4136C3F6-7636-49BF-A122-D4DA53B1ADDF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41943050-65CC-454B-81E4-9C8A9D7CBAEA};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4233AC08-A2C4-4742-A0B4-83719613D62C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{43DB73EB-4C90-4418-B6AD-10DB22016908};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44};"Found Trojan.Small.anm";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4487598C-2EC7-43A2-870E-6D8D720FDD9F};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4508E20C-ACAD-11D2-9FC0-00550076E06F};"Found Adware.2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{46D387E9-41FC-4F71-A7C3-B0BEB3568F00};"Found Adware.DigitalNames";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4700F4B2-EB75-07EF-2853-5B264BD6E7DB};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{49256FE8-6394-4ACE-939C-22F35CA042AD};"Found Adware.ZippyLookup";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A25D449-2BAA-4426-A992-D18CA70CF5A9};"Found Trojan.Kolweb.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E};"Found Adware.NewDotNet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AA870AC-8427-42A4-B92E-ECD956197489};"Found Adware.BetterInternet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4B0485A1-C853-42F0-9018-8ACC9A8598B7};"Found Adware.MetaStop";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4D993022-0899-4599-B4B6-0F887D0802E6};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4DA2EE61-6399-4C39-AEB9-0D990E610D29};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-8EEC-EF64B787BB38};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-9AFF-FD78A790AF2C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D};"Found Adware.2020Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-AB8C-E56FA49CA83A};"Found Adware.CursorZone";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C68A-8D2CF4D5FA7D};"Found Adware.SearchGuard";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4EB548E5-1FB1-4F83-B49F-A3101FE5FC97};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F4E2384-42AD-4FE4-B966-B6D50C7BF90A};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4FA2B39B-A7DA-983C-68E6-5B095A4118FD};"Found Adware.WorldAntiSpy";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4FBBDFD6-2CA9-4BBA-93E4-AADF75321BCA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4FC003C3-87A0-489C-85CD-878246EB2D18};"Found Adware.VirusBursters";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5054F860-748D-4840-B7B4-DDDB428421AF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5284AC2A-EF00-4750-9B82-B5B907D26536};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{52B1DFC7-AAFC-4362-B103-868B0683C697};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{56262124-6251-5625-3072-548536364311};"Found Logger.Goldun.aa";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{56B60F70-057F-4150-98B1-29572DF422F0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5753791B-F607-48CA-814E-91C14D081F9E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{575A5AE9-B68E-4BEB-BACB-FE430448C654};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{57A70350-87D9-4EA2-B3AC-C1C1B5296035};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{588599F4-DE26-4C28-BA14-F4EB17E33481};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58D324EE-2062-6566-1F57-2A699079E447};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58DBCE03-FFC3-4452-AB1D-C19EE9825A50};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58F07DD3-924D-4141-BC74-299F523A95F1};"Found Adware.WebDir";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59399E33-FB54-48AB-8AE4-AE108B36DAB4};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59879FA4-4790-461C-A1CC-4EC4DE4CA483};"Found Adware.RXToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59F12660-2B92-4554-98F9-87295AD8A0CE};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5A5B6916-ED71-4531-8018-E792DD44156E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5C00AF50-9737-4A0F-B728-8F751EB85E43};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5C4F2CBC-F32D-4A03-9812-86F39379811B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CAC4E80-A015-41C8-8796-047BE272AC04};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5D0F16E6-47DF-11DA-8802-00024493948B};"Found Adware.CashDeluxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF};"Found Adware.CtxPopup";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84};"Found Downloader.Agent.rs";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EDB03AF-0341-4E96-9E9B-3171522E4BAF};"Found Adware.FlashEnhancer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5F6BBD8A-18CF-4D55-8B4C-C9B4C9328DFE};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5F938C17-FBC7-4A3C-8526-85E5B1A1F762};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6001CDF7-6F45-471B-A203-0225615E35A7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{60371670-81B9-4D06-9C42-4DEC1AABE62B};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6076D2B1-634C-4685-843B-F826045EA5DC};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{616D4040-5712-4F0F-BCF1-5C6420A99E14};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{62457936-6381-6170-3572-468926792311};"Found Logger.Goldun.ed";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{631F7200-642E-11DB-BD13-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{634BE415-DA12-496B-B89E-329B73C4807F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6379A99A-9102-446C-A837-0623E1810D75};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65194BCE-CBDD-4263-3814-463926792311};"Found Logger.Goldun.h";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{654DCF3A-00ED-422E-BDA2-D7FA69261CE9};"Found Adware.EZtracks";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6570B782-1A41-4053-B2C9-12C7FCF0D84D};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6671A431-5C3D-463D-A7CF-5587F9B7E191};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{67270207-B9EE-4D26-9270-860FDB060CA1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{68397934-9ABC-DEF0-0FED-FAD682644311};"Found Trojan.Goldun.E";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6A512BF7-EC78-4E8D-9841-6C02E8FA9838};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6ABF54E1-3C4A-11D8-8169-00C02623048A};"Found Adware.ezCyberSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AC3806F-8B39-4746-9C38-6B01CB7331FF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AD686B9-AB56-4EBC-A804-9F70B55B4577};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF};"Found Adware.MyTool";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AE7418B-229F-4A2C-AE1B-D5962888F02D};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6BDE1669-B490-48E3-B668-456314F2D6C3};"Found Adware.DuDuAccelerator";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DA975EA-CBB4-411B-97C0-DB0A892BF2C1};"Found Trojan.Agent.dq";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782359};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782373};"Found Trojan.Wayphisher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782375};"Found Trojan.Wayphisher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782378};"Found Trojan.Wayphisher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782379};"Found Logger.Small.cz";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6EF91405-4FCB-4633-BAB3-FA5B3DC40C3B};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{70230839-555C-4862-8D42-BB1E2352502C};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{70305BC2-B289-4209-A344-BE21F22BC930};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{703BDF83-2C12-4D20-8BB0-106DDAB01B59};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{70AFF2CB-9DA2-499C-8D15-900729FCE83D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{716002DB-288C-4BF0-80CD-A467E78D8B55};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71D1708F-973D-4600-AF01-AD86688403AE};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{724510C3-F3C8-4FB7-879A-D99F29008A2F};"Found Hijacker.SpyAxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{735E980D-45D2-4777-AF82-9923D3C8D3AE};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{746455FE-D059-47E7-AF0E-140E03F5A447};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7475D3FD-5D85-49DB-8B9B-6968467B2D80};"Found Adware.InstantBuzz";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{74F25A2C-22B3-4023-8F1A-CA616C30A8B5};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{754FB7D8-B8FE-4810-B363-A788CD060F1F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{755BBD1A-AA59-456C-AFEB-B4C42C4DCB6F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{76532682-A5C9-11D8-AE07-00D0591AB78A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C};"Found Adware.SearchMaid";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78364D99-A640-4DDF-B91A-67EFF8373045};"Found Trojan.Brospy.c";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{784AA380-13F2-422E-8540-F2280F1DD4F1};"Found Adware.WorldSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78653A3E-A63F-42A9-A6FE-7524F4058767};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7891DA15-428E-11D7-BCC1-00A024831A8C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7977A6ED-C4BD-490E-8C58-AA0849CA03A4};"Found Trojan.VB.aft";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A002FB-C126-462D-B4A7-81D6B42D1666};"Found Adware.DirectIP";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3};"Found Trojan.Kolweb.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A533235-A128-434B-9F8A-9300A544D191};"Found Adware.CashdeLuxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A7E6D97-B492-4884-9ABB-C31281DCC4F2};"Found Adware.VipSearcher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7B55BB05-0B4D-44FD-81A6-B136188F5DEB};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7BE183D2-A42D-4915-BF60-EC86FBF002CF};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7CAF96A2-C556-460A-988E-76FC7895D284};"Found Adware.SpyAxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7D435027-F646-4BF9-B2C5-0EF4940D5CA2};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7EC618F2-C506-4221-9F56-792B92BF762E};"Found Adware.DriveCleaner";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FA55359-7223-410F-BC82-EFB3E3DED07F};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FD44536-9DF0-4034-939F-5BD4D98E3187};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8037F7F0-80B6-453A-A7CB-5371A4A09BB8};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{80523A67-ABCD-CF37-3352-54DF4479BDF1};"Found Logger.Goldun.w";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{826B2228-BC09-49F2-B5F8-42CE26B1B711};"Found Downloader.Delf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{826B2228-BC09-49F2-B5F8-42CE26B1B712};"Found Downloader.Delf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{827DC836-DD9F-4A68-A602-5812EB50A834};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8329660F-E248-4872-98CC-FB9C4FEC7BA8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8333C319-0669-4893-A418-F56D9249FCA6};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83A5F7B7-DC75-44CE-9195-264F41709FA9};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{84B71424-B020-11D4-B198-000102C6D473};"Found Adware.SpediaSurf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1};"Found Adware.LinkMaker";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85E517D1-1B6B-4662-AF6E-4B9738091DCC};"Found Adware.FastSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{860C2F6B-CA82-4282-9187-BECCBB66F0AF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8670EE50-01F9-47DA-AC1E-CF8549E9E521};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87185E78-A61B-4DB3-965A-3235BBD7A622};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{873EB32D-AE1A-4183-89BD-45A77F761BE4};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{874443FE-AA33-4EBF-A6AC-73208787E62D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88CC91DE-5930-45AD-9E04-6B1233609FEA};"Found Adware.Appoli";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A406068-D45C-40B9-A096-38AC717FB608};"Found Adware.WebDir";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22};"Found Adware.LinkMaker";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8C56B6CE-C53F-44C4-9BDC-A9BC1711D05A};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8CC5CF9F-B05E-49A8-9540-DD8EAD0A8912};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D82BB89-B58C-4F21-9C5D-377F65947806};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D8C2387-7F80-4022-9BE6-43630A969558};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DBF02DA-4360-4A7E-BEA1-347B87816327};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26};"Found Trojan.Conhook.c";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8EE6BF73-B370-4D13-9126-EB0071178F2E};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{92617934-9ABC-DEF0-0FED-FAD682644311};"Found Trojan.Goldun.q";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{92E1B3F7-0546-421E-9835-904D25B7BA66};"Found Adware.VisuaExplorer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{93C6313C-9DB4-4694-8BD0-E378C573A9AD};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{93CECBB2-6B1B-448D-91B9-72604EF70105};"Found Adware.180Solutions";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{941CA48C-3984-4E7D-AAF8-8755ED76EB50};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{943B96A4-9BF6-42FE-8D0B-4BCA71C3632F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{944864A5-3916-46E2-96A9-A2E84F3F1208};"Found Adware.Accoona";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{950238FB-C706-4791-8674-4D429F85897E};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{951A98D0-DAD6-4A77-8280-A494279A884B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{957BAB51-81FF-8195-F273-D7E286EA702F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{95C60327-8E17-44D6-98EB-7EB70CC606DD};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{97F56E12-C706-4AEB-9FFB-133C05EE5D38};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98640C3B-0699-4D51-ADB4-A6FC48ACB966};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99A753C6-E429-46BD-989E-DD4A21CD059D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9A4B860B-B18E-4AFE-9B26-2A19268EB6BE};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9BB7E700-4E48-476D-B75C-6F47606BE988};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C5875B8-93F3-429D-FF34-660B206D897A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CC1C589-4B22-4DAE-8E12-4C3B5FA12B3F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9D635A36-6B3C-4146-8625-F3AAF507BBF8};"Found Adware.Genericr";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9D9A7350-46C9-4E3C-92EF-382B5740A1C3};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E87077C-380C-407D-8DAB-EEDAD95C0A5D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A19EF336-01D4-48E6-926A-FE7E1C747AED};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2595F37-48D0-46A1-9B51-478591A97764};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A43385F0-7113-496D-96D7-B9B550E3FCCA};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A509347C-461D-D47A-686D-852C0B1D26EE};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A646CE7E-951E-44D1-B93C-F7136DA41E58};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A69B7D98-9DAC-21C6-7ADB-7FF21D28CEC1};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A749B4BC-7621-4A80-9220-D0A283367DD5};"Found Adware.FlashEnhancer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A833AB67-7368-457E-B8BF-249CCD8DDD14};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A853979C-2A9A-4ACB-8975-5740A7E26CB4};"Found Trojan.Agent.if";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8B28872-3324-4CD2-8AA3-7D555C872D96};"Found Adware.Softomate";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA};"Found Adware.DeluxeCommunications";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AB340860-FD81-4A65-B345-82EB77A66B5E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D};"Found Adware.7000n";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1};"Found Adware.Henbang";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AED6F6A3-183C-488D-9F90-23DB99F56E7F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF4FD984-A939-4C32-82B2-8BAE7ABE9AEC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0DED443-5E68-4001-A81B-0A0001621AB8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B166BE07-30A4-4D38-B781-44528A630706};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B212D577-05B7-4963-911E-4A8588160DFA};"Found Trojan.Delf.nj";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B23DC537-3E13-44C7-BF67-D8405EB377F7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B2A3156E-3332-4B47-AF5A-5B121503514F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B313D637-F405-4052-AC37-E2119AB3C8F8};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B5141620-C2B2-4D95-9F0F-134D99C87AB0};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B53455DB-5527-4041-AC41-F86E6947AA47};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B54BFA47-D897-49CA-9657-05EC9F80A32B};"Found Adware.QuickMetaSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B59F3BA4-98DA-4B5F-8A2D-7B56FB11140B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B5F3970B-745E-46AC-B890-E08F69777D80};"Found Adware.Searchforit";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8B55274-0F9A-41E5-9067-A3539BD9E860};"Found Trojan.Agent.dj";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8D60EBB-5565-4392-957B-7164BA087AD4};"Found Adware.InstantBuzz";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA94F81E-99FC-40E1-824C-BAA00B575F4A};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB54DE33-E539-4749-BFAC-CC49617E8F2A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BBBD3E11-D201-46C9-8471-091D33159287};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408};"Found Adware.Able2know";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BBFF9532-5340-11D8-B39A-000D5610942E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD0FC212-0A36-4232-83CC-2063FB9282E0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD2E165D-1BC6-23AA-345B-1C234F173CBD};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA};"Found Adware.WebDir";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C15DFCFB-3D1C-4E50-AAC7-037B016B95F7};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C3703265-4671-4858-92A4-CBA6A7B3BB45};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C370527A-24A7-4583-BE01-72E59000EB17};"Found Adware.AFAEnhance";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C4C4786C-9861-46D2-BB63-AC782AB07046};"Found Adware.DriveCleaner";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C4F147D7-BF25-488E-A12B-EFD43E7029BF};"Found Adware.VisuaExplorer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5531D07-22C2-418B-85B9-D829AF1498B0};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5AF2622-8C75-4DFB-9693-23AB7686A456};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C61A70F3-505E-4B90-916F-627A8706B4BC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C7CF1142-0785-4B12-A280-B64681E4D45E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C833A552-F5AF-4A7B-87B3-6EBDE0DB3B43};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C89BB48C-15D9-4F4F-803E-95D90F62BE62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C95FE080-8F5D-11D2-A20B-00AA003C157A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C9FD0FB1-0121-4FBF-9B54-DBA85F34D743};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89};"Found Adware.WebDir";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CA356D79-679B-4B4C-8E49-5AF97014F4C1};"Found Adware.Starware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CC924BD1-7382-4619-A706-070CB00F2325};"Found Adware.SpywareWall";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CCAABCDD-7C16-4215-B12E-150BFB994CF0};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDB280E8-BE43-4128-8A5A-3FCD094E2D88};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDE9EB54-A08E-4570-B748-13F5DDB5781C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE70731D-F28D-4D81-9D61-C8EE60378401};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-0BED-709549C10020};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10000};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-71766C641316};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-71766C645750};"Found Trojan.Agent.gg";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-717765721306};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF490793-3A68-4931-9C10-A29A856D36F3};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708};"Found Adware.SpyLocked";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D1AC752E-883F-4ED8-8828-B618C3A72152};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D49E9D35-254C-4C6A-9D17-95018D228FF5};"Found Adware.Starware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D4D5C535-BA95-4327-870D-A33826FDD17A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5EFDB0E-4F51-414F-B740-54A5C87A8957};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D6D64CDF-0363-4261-B723-29A3AF365E1D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7058BAA-49A4-40B7-95C2-EEC95CDF51F3};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7950AB4-67F5-458E-A37D-9F2DE7F250AC};"Found Adware.NetRevenueStream";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BDD42A-7E69-4BB8-AAC3-D76FF65A3AA3};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7CC80D4-376C-4586-B023-4F35C2CEB28E};"Found Adware.Softomate";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7E588AB-A5D9-4422-B313-22A3470F9700};"Found Adware.FlashEnhancer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7FFD784-5276-42D1-887B-00267870A4C7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38};"Found Adware.Softomate";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB};"Found Downloader.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA3B49F6-8C54-4429-A275-21A86DCCA413};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DAA873D4-958C-453C-81CA-3FE6F3676A87};"Found Downloader.Fugif";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DC8240DF-E60D-4193-B984-5111847DC7E6};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DE23A040-D6AA-43CA-9B86-D9BE3DAA6FE7};"Found Trojan.KillAV.F";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DF56F9D5-EF50-400D-B616-6EEB7AE63C55};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DFA61DB1-388E-4C87-8D56-540FA229BCB4};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E0103CD4-D1CE-411A-B75B-4FEC072867F4};"Found Trojan.Puper.ac";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E0767047-9D25-4A3A-B905-852CDA087E86};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E10959A2-8862-4582-973A-05BDAF4E0FE9};"Found Adware.ezSearching";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E1412445-4FF8-410E-8D24-F2CF86B171A4};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E14DCE67-8FB7-4721-8149-179BAA4D792C};"Found Trojan.Ciadoor.m";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E175D136-4566-4C0B-B91C-848A899A691F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3A729DA-EABC-DF50-1842-DFD682644311};"Found Trojan.Lespy.a";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E52DEDBB-D168-4BDB-B229-C48160800E81};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6ADAAF0-79B2-4CF1-A660-50A0B33991A1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6B4AB50-F423-4EE6-9839-B35DCFCDFA49};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7296F98-6668-419C-AE1D-04ED641E7C3E};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E944D14A-03AA-43E3-9D0E-4F50C4D1B005};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA038DDD-0FE0-41F5-BA60-FC3660529E71};"Found Adware.Ad-Protect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E};"Found Adware.SpyAxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDE8BED5-92CF-4482-8F51-A01CD9B3EA37};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDF78E1B-31A2-4C6E-AD40-0AFCD0D55263};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EE5C363D-7627-4F21-98AE-4CBCC1DBD650};"Found Trojan.Delf.lb";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EE7C3CF0-4B15-11D1-ABED-709549C10000};"Found Adware.IEHlpr";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EE86F11E-08FB-4B20-B175-7726C63DF9E9};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEBA788A-C268-492A-B7FE-42C2B6C553D4};"Found Adware.FastFind";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6};"Found Trojan.CWSMeup.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EFDAC3FE-F44A-4030-8589-1E23BC6573D5};"Found Hijacker.Morwillsearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F007E221-018D-4BAF-924A-B0E9092F3853};"Found Adware.CreatrixMedia";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2EFA195-4785-4DB1-9316-B48C64BB71DA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F31AEE4A-1530-4FEF-8537-79C6973BFF9A};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F38696FC-7143-4B0A-9052-A7A96E398D11};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F43BD772-ABDD-43B7-A96A-3E9E61946EC0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F452FA15-98C9-BD51-AC62-418E0C391EC0};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4D74AAA-A178-4463-846B-B4BC87A024E0};"Found Adware.Generic";"Potentially dangerous object"
Heatheremmadaddy1000
2008-06-19, 07:07
There is more but it wouldnt let me post it.
Thanks for the help so far.
Just to let you know about where I live, I live in the Vancouver, British Columbia, Canada area.
You might know it as the site for the 2010 Winter Olympics
Here is webcam site of our city:
http://www.vancouver.com/webcam/
http://www.westinbayshore.com/cam/?EM=SOP_OMA_WEBCAM_WI_1080_CAN
pskelley
2008-06-19, 15:01
Thanks for returning your information and the webcam links, added to my collection and I will enjoy those.
Looking down the list of the stuff AVG 8 found, be sure you quarantined the junk. I run AVG 8 on two computers and since a few mistakes have been made as the new program is fine tuned, I leave them in the vault for a week or so then empty the vault.
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing) G
This item is still in the HJT log, do you have any idea why it is there? I did post instructions for Disabling the Service and if they were followed the Service should no longer be showing in the HJT log?
If you do not know why it is running on your computer, here are instructions for removing it:
Disable the Service
Click Start > Run and type services.msc
Scroll down to Windows Image Acquisition and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.
Delete the Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type (WIA) and press OK.
OK any prompts, close HijackThis, and restart your computer.
I see infected System Restore files in the AVG scan and AVG cannot clean those protected Windows files. Let's see if we can get this scan to run:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here.
Thanks
Heatheremmadaddy1000
2008-06-19, 19:07
I have followed everything you told me to so far including this part
"O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing) G
This item is still in the HJT log, do you have any idea why it is there? I did post instructions for Disabling the Service and if they were followed the Service should no longer be showing in the HJT log?
If you do not know why it is running on your computer, here are instructions for removing it:
Disable the Service
Click Start > Run and type services.msc
Scroll down to Windows Image Acquisition and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.
Delete the Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type (WIA) and press OK.
OK any prompts, close HijackThis, and restart your computer."
It wont let me remove it from the computer, not even in HJT I have tried a couple of times. I cant try anything else till tonight after work. I will run the other program and post the logs then
Peter
Heatheremmadaddy1000
2008-06-20, 04:50
Here is the report from Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 19, 2008 15:17:52
Records in database: 879503
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 51437
Threat name: 2
Infected objects: 1
Suspicious objects: 1
Duration of the scan: 01:48:27
File name / Threat name / Threats count
C:\Documents and Settings\User\Local Settings\Application Data\Identities\{4DCCD912-1273-4821-8A07-68C9501D2AC9}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ypcvbraj.dll.vir Infected: Trojan.Win32.Agent.rwi 1
The selected area was scanned.
pskelley
2008-06-20, 14:00
Let's looks at the KOS first:
KASPERSKY ONLINE SCANNER 7 REPORT Thursday, June 19, 2008
(delete this infected email)
C:\Documents and Settings\User\Local Settings\Application Data\Identities\{4DCCD912-1273-4821-8A07-68C9501D2AC9}\Microsoft\Outlook Express\Deleted Items.dbx <------Trojan-Spy.HTML.Fraud.gen 1
(we will wait on the combofix quarantine and remove it a bit later)
C:\QooBox\Quarantine\C\WINDOWS\system32\ypcvbraj.dll.vir ------> Trojan.Win32.Agent.rwi 1
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O23 - Service: Windows Image Acquisition (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Restart and post a new HJT log after the above is done.
I need to know how this computer is running now, any malware issues?
Thanks
Heatheremmadaddy1000
2008-06-20, 16:35
There doesnt seem to be any malware issues now, it seems to be running a lot faster than before, it is also responsive now.
Here is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:36 AM, on 06/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130106900953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: rqRIcbCS - rqRIcbCS.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6715 bytes
pskelley
2008-06-20, 17:36
Thanks for the HJT log and the feedback, the log looks good except for this dead line, use HJT to remove it:
O20 - Winlogon Notify: rqRIcbCS - rqRIcbCS.dll (file missing)
This is the next bridge we must cross before we can finish up:
I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.
Since we do not need to scan with combofix, click NO
http://img.photobucket.com/albums/v666/sUBs/RC_whatnext.gif
http://img.photobucket.com/albums/v666/sUBs/RC_AllDone.gif
Thanks...Phil
Heatheremmadaddy1000
2008-06-20, 18:43
Thanks I will post these logs tonight after work and I guess you will see them in the morning tomorrow.
Thanks
Peter
Heatheremmadaddy1000
2008-06-21, 04:08
Here ia the log of CF-RC:
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Thanks
Peter
pskelley
2008-06-21, 16:01
Good job installing Recovery Console:bigthumb: might come in real handy one day, here is some info from Microsoft:
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654
Let's remove combofix from your computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Make sure System Restore files are clean like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Let's take a last look with MBAM:
Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
Let me know how the computer is running at that point.
Thanks
Heatheremmadaddy1000
2008-06-21, 19:14
Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:25 AM, on 06/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130106900953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6652 bytes
Here is MBAM log:
Malwarebytes' Anti-Malware 1.18
Database version: 874
9:17:48 AM 06/21/2008
mbam-log-6-21-2008 (09-17-48).txt
Scan type: Full Scan
Objects scanned: 40010
Time elapsed: 28 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
pskelley
2008-06-21, 19:38
Let me know how the computer is running at that point.
Everything looks good, I suggest you consider upgrading to Internet Explorer 7 if only for the additional security it provides:
http://www.microsoft.com/windows/products/winfamily/ie/default.mspx
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Heatheremmadaddy1000
2008-06-22, 00:03
Sorry, the machine is runing smoothly nhow, no problems at all except being old. But dont we all have that problem.:)
Thanks for all the help
Peter
pskelley
2008-06-22, 12:37
Hi Peter, as a volunteer I have time constraints for one thing, for another there are members waiting for help that no one has been able to get to yet. I can not say which volunteer will be available for your new topic or when, but they are all qualified. You should review the directions:
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
Then click the "New Thread" button near the top on the left and post your new HJT log and any other information required in the instructions.
I will move this HJT log from this topic.
Thanks...Phil