would greatly appreciate your help

Australian Maid · Apr 24, 2008

Dear Team
I am using a relatives computer which is on broadband and yet it is 10 times slower than my dial up.
Spybot S&D found 8 items
Adarew SE found 122 items, I deleted these a few weeks ago but they are back again. I see they have limewire P2P and have told them it has to come off the computer but I have left it there for now.

I have been through the 5 step process, but the Panda scan would not work 3 days in a row. When the scan completes and I press the update button, it just keeps returning an error and won't finish or give me a log.

I would also like to get rid of Norton from this computer and use AVG and Zone alarm, but so far have not touch this as I will wait for instructions from you guys as I am not sure how to completely uninstall Norton.

Here is the log from DSS:

Deckard's System Scanner v20071014.68
Run by Antonio on 2008-04-24 10:50:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
86: 2008-04-24 00:51:02 UTC - RP356 - Deckard's System Scanner Restore Point
85: 2008-04-24 00:33:17 UTC - RP355 - Software Distribution Service 3.0
84: 2008-04-23 10:28:55 UTC - RP354 - System Checkpoint
83: 2008-04-22 08:24:00 UTC - RP353 - System Checkpoint
82: 2008-04-21 08:09:46 UTC - RP352 - Installed A+ Portuguese

-- First Restore Point --
1: 2008-01-25 19:55:06 UTC - RP271 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-24 10:52:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\21cn\VGO\Clt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Antonio\Desktop\Spyware removal programs\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: VGOIEBHO Helper - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - C:\Program Files\21cn\VGO\VGOIEBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VGO Live] C:\Program Files\21cn\VGO\vgo.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...t.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183062554892
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10352 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&36B16CB7&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&36B16CB7&0
Service: i8042prt

-- Scheduled Tasks -------------------------------------------------------------

2008-04-24 08:03:38 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-28 11:54:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-06-29 13:16:54 144 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job

-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2008-04-24 09:46:53 0 d-------- C:\ie-spyad_zo
2008-04-24 09:12:48 0 d-------- C:\Program Files\SpywareBlaster
2008-04-23 20:36:55 0 d-------- C:\Program Files\Panda Security

-- Find3M Report ---------------------------------------------------------------

2008-04-22 15:42:29 0 d-------- C:\Program Files\Norton 360
2008-04-21 18:09:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 15:38:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-21 04:46:38 0 d-------- C:\Program Files\Java
2008-02-28 17:51:24 0 d-------- C:\Program Files\Championship Manager 01-02
2008-02-27 17:46:24 0 d-------- C:\Program Files\PPLive
2008-02-27 10:40:43 0 d-------- C:\Documents and Settings\Antonio\Application Data\LimeWire
2008-02-26 22:27:32 0 d-------- C:\Program Files\Lavasoft
2008-02-26 22:26:55 0 d-------- C:\Program Files\Common Files
2008-02-26 22:26:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [21/06/2005 04:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [21/06/2005 04:44 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 03:25 AM]
"RemoteControl"="C:\Program Files\CyberLink PowerDVD\PDVDServ.exe" [02/11/2004 08:24 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [15/03/2007 01:10 PM]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [08/05/2003 11:34 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 06:20 PM]
"VX1000"="C:\WINDOWS\vVX1000.exe" [06/12/2006 09:38 AM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [13/01/2007 11:48 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 07:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 05:36 PM]
"VGO Live"="C:\Program Files\21cn\VGO\vgo.exe" [13/11/2007 12:35 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 04:38 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/08/2004 12:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/09/2007 07:42 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^slots_gowest.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\slots_gowest.lnk
backup=C:\WINDOWS\pss\slots_gowest.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Game Service]
C:\PROGRA~1\ubi.com\Core\GS4.exe

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-04-24 10:54:04 ------------

Thank you guys, you are invaluable, and I appreciate your time and effort.
Regards
Deb

greyknight17 · Apr 25, 2008

Hi Deb and welcome to TSF.

They also have a program called VSO that's also a file sharing program...

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Australian Maid · Apr 27, 2008

Dear Team
I have completed the log which is posted below.
I could not find an easy way to disable Norton 360 so I uninstalled it,
and installed AVG and Zone Alarm to compensate. I want to get rid of Norton anyway. There is also now a problem receiving emails with Microsoft Outlook (not Outlook Express). I have also uninstalled a program called VGO which is a program that allows you to view soccer matches from around the world- so I am told. I has never worked properly so I uninstalled it for them, but it is still there on the log.

Thanks again
Deb

ComboFix 08-04-22.5 - Antonio 2008-04-27 9:54:15.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.443 [GMT 10:00]
Running from: C:\Documents and Settings\Antonio\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-26 09:59 . 2008-04-27 09:57 499,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-26 09:59 . 2008-04-26 23:03 5,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-26 09:58 . 2008-04-26 09:58 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-26 09:55 . 2008-04-26 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-26 09:54 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-26 09:54 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-26 09:54 . 2008-04-26 09:58 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-26 09:53 . 2008-04-26 09:53 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-26 09:52 . 2008-04-27 09:50 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-25 20:53 . 2008-04-26 17:56 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-25 19:45 . 2008-04-27 09:24 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-25 19:45 . 2008-04-25 20:59 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\AVGTOOLBAR
2008-04-25 19:45 . 2008-04-25 19:45 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-25 19:45 . 2008-04-25 19:45 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-25 19:44 . 2008-04-25 19:44 <DIR> d-------- C:\Program Files\AVG
2008-04-25 19:44 . 2008-04-25 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-25 19:08 . 2008-04-25 19:08 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-04-24 10:50 . 2008-04-24 10:50 <DIR> d-------- C:\Deckard
2008-04-24 09:46 . 2008-04-24 09:46 <DIR> d-------- C:\ie-spyad_zo
2008-04-24 09:12 . 2008-04-24 09:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-24 09:12 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-23 20:36 . 2008-04-23 20:36 <DIR> d-------- C:\Program Files\Panda Security
2008-04-06 11:05 . 2008-04-06 11:05 244 --ah----- C:\sqmnoopt07.sqm
2008-04-06 11:05 . 2008-04-06 11:05 232 --ah----- C:\sqmdata07.sqm
2008-04-06 11:04 . 2008-04-06 11:04 244 --ah----- C:\sqmnoopt06.sqm
2008-04-06 11:04 . 2008-04-06 11:04 232 --ah----- C:\sqmdata06.sqm
2008-04-06 11:03 . 2008-04-06 11:03 244 --ah----- C:\sqmnoopt05.sqm
2008-04-06 11:03 . 2008-04-06 11:03 232 --ah----- C:\sqmdata05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 09:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-25 09:08 --------- d-----w C:\Program Files\Symantec
2008-04-25 09:08 --------- d-----w C:\Program Files\Norton 360
2008-04-25 00:20 --------- d-----w C:\Documents and Settings\Antonio\Application Data\LimeWire
2008-04-21 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-02 11:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-20 18:46 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 07:51 --------- d-----w C:\Program Files\Championship Manager 01-02
2008-02-27 07:46 --------- d-----w C:\Program Files\PPLive
2008-02-27 01:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 12:27 --------- d-----w C:\Program Files\Lavasoft
2008-02-26 12:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-26_11.09.14.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 23:59:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 19:56:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-25 19:45 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-26 09:58 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-25 19:45 2050816]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-26 09:58 262144]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-25 19:45 2050816]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-26 09:58 262144]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PGF Files]
@={8A42DFBF-7868-4029-958C-60E51AE0578B}

[HKEY_CLASSES_ROOT\CLSID\{8A42DFBF-7868-4029-958C-60E51AE0578B}]
2007-09-12 18:43 253096 --a------ c:\documents and settings\antonio\application data\ppstream\bin\1.0.0.2\vodrc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-21 07:42 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"RemoteControl"="C:\Program Files\CyberLink PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 11:34 69632]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-12-06 09:38 707360]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 11:48 275800]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 19:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 17:36 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 16:38 583048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-25 19:44 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^slots_gowest.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\slots_gowest.lnk
backup=C:\WINDOWS\pss\slots_gowest.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Game Service]
--a------ 2005-06-07 11:24 393287 C:\PROGRA~1\ubi.com\Core\GS4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGO Live]
--a------ 2007-11-13 12:35 65536 C:\Program Files\21cn\VGO\vgo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\21cn\\VGO\\Clt.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-25 19:45]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-25 19:44]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 08:13]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 09:39]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 01:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-06-29 03:16:54 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
- D:\setup.exe
"2008-04-26 19:59:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 09:58:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-04-27 9:59:34
ComboFix-quarantined-files.txt 2008-04-26 23:59:24
ComboFix2.txt 2008-04-26 01:09:56
ComboFix3.txt 2008-04-25 09:22:29

Pre-Run: 233,287,704,576 bytes free
Post-Run: 233,281,589,248 bytes free

169 --- E O F --- 2008-04-24 21:36:40

greyknight17 · Apr 27, 2008

Norton still have remnants left behind there. Try running the Norton Removal Tool to see if it can remove the rest of it there.

What problems is outlook having?

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\slots_gowest.lnk
C:\WINDOWS\pss\slots_gowest.lnkCommon Startup
Folder::
C:\Program Files\21cn\
C:\WINDOWS\pss\slots_gowest.lnkCommon Startup
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^slots_gowest.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGO Live]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?

Australian Maid · Apr 27, 2008

Sorry greyknight I ran the combofix scan after dropping the notepad text into it, but I had not yet used the norton removal tool, so I ran it again after I used the removal tool.
The computer seems to be running better, but having problems with Microsoft Outlook. It says there are 9 messages totalling 216kb, but it stalls at 23 kb and we can't get the emails.
Also AVG scan took almost 2 hours to complete and says it scanned 780,000 items ( I thought this was way too may items for this computer as they don't seem to have much on it). The report log for AVG says there are multiple instances of Loggers, Hijackers, Downloaders, Trojans, and lots of adware and cookies. I saved an excel report of that in case you need to look. As I say, it only reported these things, it did not give me an option to remove them or move them to the vault.
Thanks again
Deb

ComboFix 08-04-22.5 - Antonio 2008-04-27 19:06:32.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.419 [GMT 10:00]
Running from: C:\Documents and Settings\Antonio\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-26 09:59 . 2008-04-27 19:10 1,863,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-26 09:59 . 2008-04-27 17:55 22,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-26 09:58 . 2008-04-26 09:58 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-26 09:55 . 2008-04-26 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-26 09:54 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-26 09:54 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-26 09:54 . 2008-04-26 09:58 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-26 09:53 . 2008-04-26 09:53 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-26 09:52 . 2008-04-27 19:04 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-25 20:53 . 2008-04-26 17:56 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-25 19:45 . 2008-04-27 09:24 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-25 19:45 . 2008-04-25 20:59 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\AVGTOOLBAR
2008-04-25 19:45 . 2008-04-25 19:45 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-25 19:45 . 2008-04-25 19:45 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-25 19:44 . 2008-04-25 19:44 <DIR> d-------- C:\Program Files\AVG
2008-04-25 19:44 . 2008-04-25 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-25 19:08 . 2008-04-25 19:08 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-04-24 10:50 . 2008-04-24 10:50 <DIR> d-------- C:\Deckard
2008-04-24 09:46 . 2008-04-24 09:46 <DIR> d-------- C:\ie-spyad_zo
2008-04-24 09:12 . 2008-04-24 09:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-24 09:12 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-23 20:36 . 2008-04-23 20:36 <DIR> d-------- C:\Program Files\Panda Security
2008-04-06 11:05 . 2008-04-06 11:05 244 --ah----- C:\sqmnoopt07.sqm
2008-04-06 11:05 . 2008-04-06 11:05 232 --ah----- C:\sqmdata07.sqm
2008-04-06 11:04 . 2008-04-06 11:04 244 --ah----- C:\sqmnoopt06.sqm
2008-04-06 11:04 . 2008-04-06 11:04 232 --ah----- C:\sqmdata06.sqm
2008-04-06 11:03 . 2008-04-06 11:03 244 --ah----- C:\sqmnoopt05.sqm
2008-04-06 11:03 . 2008-04-06 11:03 232 --ah----- C:\sqmdata05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 07:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 09:08 --------- d-----w C:\Program Files\Norton 360
2008-04-25 00:20 --------- d-----w C:\Documents and Settings\Antonio\Application Data\LimeWire
2008-04-21 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-02 11:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-20 18:46 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 07:51 --------- d-----w C:\Program Files\Championship Manager 01-02
2008-02-27 07:46 --------- d-----w C:\Program Files\PPLive
2008-02-27 01:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-26_11.09.14.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 23:59:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 07:56:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-25 19:45 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-26 09:58 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-25 19:45 2050816]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-26 09:58 262144]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-25 19:45 2050816]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-26 09:58 262144]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PGF Files]
@={8A42DFBF-7868-4029-958C-60E51AE0578B}

[HKEY_CLASSES_ROOT\CLSID\{8A42DFBF-7868-4029-958C-60E51AE0578B}]
2007-09-12 18:43 253096 --a------ c:\documents and settings\antonio\application data\ppstream\bin\1.0.0.2\vodrc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-21 07:42 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"RemoteControl"="C:\Program Files\CyberLink PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 11:34 69632]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-12-06 09:38 707360]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 11:48 275800]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 19:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 17:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-25 19:44 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Game Service]
--a------ 2005-06-07 11:24 393287 C:\PROGRA~1\ubi.com\Core\GS4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-25 19:45]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-25 19:44]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 08:13]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 09:39]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 01:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-06-29 03:16:54 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
- D:\setup.exe
"2008-04-27 08:00:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 19:10:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-04-27 19:11:39
ComboFix-quarantined-files.txt 2008-04-27 09:11:27
ComboFix2.txt 2008-04-27 06:47:08
ComboFix3.txt 2008-04-26 23:59:35
ComboFix4.txt 2008-04-26 01:09:56
ComboFix5.txt 2008-04-25 09:22:29

Pre-Run: 233,506,500,608 bytes free
Post-Run: 233,513,332,736 bytes free

160 --- E O F --- 2008-04-24 21:36:40

greyknight17 · Apr 27, 2008

Try deleting these folders (if still found):

C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Norton 360

Post the AVG log here.

Australian Maid · Apr 27, 2008

Thanks Again,
Have fouind and deleted all three folders that you requested.
Here is the avg log:

Scan "Scheduled scan" was finished.
Infections found:;"0"
Infected objects removed or healed;"0"
Not removed or healed.;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"284"
Information count:;"0"
Scan started:;"Sunday, 27 April 2008, 10:00:01 AM"
Total object scanned:;"782118"
Time needed:;"1 hour(s) 59 minute(s) 17 second(s) "
Errors encountered:;"0"

Warnings
File;"Infection";"Result"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000001-C003-4A2F-9142-7CB1D78DE6C1};"Found Adware.InternetOptimizer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000049-8F91-4D9C-9573-F016E7626484};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00110011-4B0B-44D5-9718-90C88817369B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{002AF282-E42D-4B51-9F70-F1570C02FAAD};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00C9C6A4-1889-46BC-B73A-F4DDCC042735};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441};"Found Downloader.ConHook.l";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01E69986-A054-4C52-ABE8-EF63DF1C5211};"Found Adware.CramToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01EB5130-FC0C-4d75-B9CE-4801B1B854F5};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{037CE595-57CB-4EB5-9775-97BC112F3BB3};"Found Trojan.Bomka";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06EECACB-F7C6-4ab9-B6AE-2DC4ED4588BB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{086AE192-23A6-48D6-96EC-715F53797E85};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{08A312BB-5409-49FC-9347-54BB7D069AC6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0A51FD8D-6835-4212-B796-AFC24F4D108A};"Found Adware.CreatrixMedia";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D4C7057-EAD2-44C6-AD18-9092905F28F1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11111111-2222-3333-4444-555555555555};"Found Adware.Casino";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11904CE8-632A-4856-A7CC-00B33FE71BD8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6};"Found Adware.Shorty";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13146842-6251-5625-3072-548536364311};"Found Logger.Goldun.an";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13589181-4F0D-4553-B9F8-B4B72172C139};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{150FA160-130D-451F-B863-B655061432BA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{16DF666F-BA95-4F41-B396-1381C2BA66F4};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{18F57D30-EF36-4C0E-9343-7BFA6DF79B4A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C4DA27D-4D52-4465-A089-98E01BB725CA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482e-80C0-3A1E5238A565};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CA480CD-C0E5-4548-874E-B85B17905B3A};"Found Trojan.Zlob.f";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E6CE4CD-161B-4847-B8BF-E2EF72299D69};"Found Logger.Sters";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{20929603-21DB-477C-BA6F-0B8E70B3C8A0};"Found Adware.CramToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB};"Found Adware.Begin2search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2305D8B7-B649-4C65-BA03-4C8B05213E1A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2353FCBC-012D-487B-8BF3-865C0929FBEB};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2513A321-CB50-4C5F-91C5-80342AFACFB1};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{25E1A054-1262-459F-9F14-BF06148F4253};"Found Trojan.Bomka";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{28DFFB3C-A6C2-481B-B8D7-AD205DECBA6E};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A7372BA-656A-409A-B76D-F2B2B2DC6B1F};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D38A51A-23C9-48a1-A33C-48675AA2B494};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E246FAE-8420-11D9-870D-000C2917DE7F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3050F4D8-6D62-11CE-AF61-013309406392};"Found Trojan.BindFil.g";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3050F4D8-6D62-11CE-AF61-E13309406392};"Found Trojan.ZMark.a";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31615D5C-5126-448A-818A-A7CDFEE85A9B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{325338F0-AED0-45f6-A0DA-B5B09E6A07ED};"Found Adware.SavingsHound";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{364B6276-C6C1-40B6-A6D7-6C48871FD707};"Found Adware.Accoona";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{366B2151-E1C7-44a3-86A3-E5686C2A3D2F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39C78B50-7E98-4aa0-B007-D83114EA6E0F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39D3264A-0031-49DB-860D-37647ACCB78A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39F25B12-74FF-4079-A51F-1D70F5B08B84};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3BF1F86F-B1A8-489B-8D8B-43781D51411F};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3D782BB3-F2A5-11D3-BF4C-000000000000};"Found Adware.ActivShopper";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4136C3F6-7636-49bf-A122-D4DA53B1ADDF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4145B998-6511-46de-A873-FD1DBD053164};"Found Adware.SurfComp";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41ED67C9-2734-4094-AD92-32F9EFEB5CC7};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{426F81A5-0B8C-4948-8115-11606FD3F389};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{429E4B60-3CEC-43C3-A53B-501C25F7F5FD};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44};"Found Trojan.Small.anm";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4734044C-7427-43D8-ADBE-DF942E52BEF2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E};"Found Adware.NewDotNet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A85F02A-CCD3-4E96-9BB1-7ACE7D0B9C23};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AA870AC-8427-42a4-B92E-ECD956197489};"Found Adware.BetterInternet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C};"Found Adware.NewDotNet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C1F2-F063A09BB32A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-DEFF-ED65A486AA28};"Found Adware.UpSpiralBar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5054F860-748D-4840-B7B4-DDDB428421AF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5240864B-FDFE-4563-3514-463926792311};"Found Logger.Goldun.ac";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{52B1DFC7-AAFC-4362-B103-868B0683C697};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5345A7A9-805A-4923-B505-86B2FEBA3FE0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{56262124-6251-5625-3072-548536364311};"Found Logger.Goldun.aa";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5753791B-F607-48CA-814E-91C14D081F9E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84};"Found Downloader.Agent.rs";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5FCA4D4F-CBDD-4263-3814-463926792311};"Found Logger.Goldun.ae";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{61468245-A343-CF27-3452-44DF4679BDF1};"Found Trojan.Goldun.v";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{62457936-6381-6170-3572-468926792311};"Found Logger.Goldun.ed";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65194BCE-CBDD-4263-3814-463926792311};"Found Logger.Goldun.h";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{659E147E-BD03-4605-988C-AA6D7EA497CA};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65E9801C-0472-47F9-85A0-8442D47A82B0};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6B035665-6C0D-4388-AD11-B28314DCA59B};"Found Adware.EZ-Tracks";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DA975EA-CBB4-411B-97C0-DB0A892BF2C1};"Found Trojan.Agent.dq";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782373};"Found Trojan.Wayphisher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782375};"Found Trojan.Wayphisher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782378};"Found Trojan.Wayphisher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E2CE423-B3F7-4DCC-ACF3-8671CC20BFCF};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6EEB621D-02F7-4EE6-B889-C6218BFCFEA8};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6F3F8C08-2506-4CD0-B1A9-E4A83383CBBB};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6F71C05E-6C91-4A3A-9146-9C19DA2E4CCE};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{724510C3-F3C8-4FB7-879A-D99F29008A2F};"Found Hijacker.SpyAxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{736b5468-bdad-41be-92d0-22ae2ddf7bcb};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{74CC49F7-EB32-4A08-B204-948962A6E3DB};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7507739F-BC2E-4DC3-B233-816783C25DC9};"Found Downloader.Delf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7697DB96-5DA3-44F2-BC97-AD35E5F4CEDC};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C};"Found Adware.SearchMaid";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{780916B6-00F4-484C-8AF7-A69CEAE0736B};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78653A3E-A63F-42A9-A6FE-7524F4058767};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A002FB-C126-462D-B4A7-81D6B42D1666};"Found Adware.DirectIP";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3};"Found Trojan.Kolweb.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7BF451AC-2010-4804-B256-DB2F0A8D9EB6};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7E093FD0-5372-4FD5-9C7B-875668B4CDB2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FC91C90-8256-4868-B4B1-DACDDC9A4546};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FD44536-9DF0-4034-939F-5BD4D98E3187};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{804DB5C7-31E6-4885-850A-F1941B58A4C7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{80D484FE-0AA1-4D80-9FF2-5B196084E051};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{811ABD55-9D94-4892-AB46-11D7DA29B8AE};"Found Downloader.Small.ain";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{826B2228-BC09-49F2-B5F8-42CE26B1B712};"Found Downloader.Delf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{827DC836-DD9F-4A68-A602-5812EB50A834};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8333C319-0669-4893-A418-F56D9249FCA6};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83A5F7B7-DC75-44CE-9195-264F41709FA9};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{84695FD5-A8A8-11D8-978E-005022E14DE2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85597C9D-3994-4B7F-8CE3-515E632297A1};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{86059629-45EE-4AA6-A994-672B68AC8B44};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87185E78-A61B-4DB3-965A-3235BBD7A622};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{873EB32D-AE1A-4183-89BD-45A77F761BE4};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88C9975E-3995-4C53-BB17-B893F278049A};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88CC91DE-5930-45AD-9E04-6B1233609FEA};"Found Adware.Appoli";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88DE3E1B-3D01-4032-9BAE-FD1994A3D7B8};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B309141-83A9-4C92-BCBE-2ADA24058DF0};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DBF02DA-4360-4A7E-BEA1-347B87816327};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8E13DDE1-E013-47ec-9C4C-27C2F78BDD26};"Found Trojan.Conhook.c";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9068A414-3AF9-4F79-AF1C-E6EA415BAF52};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9148C6A5-5F1A-41EC-B3C2-883FA9F2CBAC};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{93C6313C-9DB4-4694-8BD0-E378C573A9AD};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98A7C97A-4FFF-4F6E-A313-D21BC759DD99};"Found Adware.SearchIT";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E69A5DE-24D3-4D3B-8117-5B60439EBFC2};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{a19ef336-01d4-48e6-926a-fe7e1c747aed};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9};"Found Adware.CommanderNET";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A5845A98-EBDA-4670-9DE6-5201C506E741};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D};"Found Trojan.KillAV.e";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A708A39C-8DA7-4e36-B3B0-0A1FFAFD4BCD};"Found Trojan.KillAV.e";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A717DBE3-D78D-4aa7-BDCF-2CC06B36371B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8FB8EB3-183B-4598-924D-86F0E5E37085};"Found Adware.WhyPPC";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AC3AEF75-0A6B-4AB8-82B5-2C9BA8396644};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AC9382D7-F0ED-4350-B7A7-4A383A1A93B0};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD42064F-2C53-CB42-1263-6A7F24C2B819};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D};"Found Adware.7000n";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF43C96A-216D-7D7A-AF61-0018C6061DD0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF7FCAFB-9FDB-4F5E-BAC6-68BDEE61D6C6};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B313D637-F405-4052-AC37-E2119AB3C8F8};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B49DA3DF-E569-423d-BDEA-8F89128E8107};"Found Trojan.Foron";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B53455DB-5527-4041-AC41-F86E6947AA47};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B72549CE-5644-4116-B8A4-A2B042321EC4};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8B55274-0F9A-41E5-9067-A3539BD9E860};"Found Trojan.Agent.dj";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408};"Found Adware.Able2know";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BEF178EB-79D6-4BFA-8213-6FB8EA4769C8};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1FE7C8F-043A-4FAC-AB62-2CC56F7482B1};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C370527A-24A7-4583-BE01-72E59000EB17};"Found Adware.AFAEnhance";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C3A64E2B-748B-4CA4-B20C-8C2817E12A6F};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C75A33FE-50C7-4F0F-81B0-6EB2272022CB};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C95FE080-8F5D-11D2-A20B-00AA003C157A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CBE0D59D-F985-4AC6-8826-FEE957065D42};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE70731D-F28D-4D81-9D61-C8EE60378401};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-0BED-709549C10020};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10000};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-717765721306};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D1AC752E-883F-4ED8-8828-B618C3A72152};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D4D5C535-BA95-4327-870D-A33826FDD17A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5EFDB0E-4F51-414F-B740-54A5C87A8957};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D9E5F993-FAEC-45B1-84F4-78A5BF27ED89};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DDDC947A-43F1-446A-A257-632F3ABDC212};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DE23A040-D6AA-43ca-9B86-D9BE3DAA6FE7};"Found Trojan.KillAV.F";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E14DCE67-8FB7-4721-8149-179BAA4D792C};"Found Trojan.Ciadoor.m";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E694E3DC-723F-40C7-87FE-6FFC222AD122};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E730189A-9973-4121-B046-AD1C161EC3AF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA0D26BD-9029-431A-86E0-83152D67828A};"Found Adware.180Solutions";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA806E03-A6B1-205A-117C-013309406392};"Found Trojan.Singu.s";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EB1CE8AA-7F27-45D3-BA59-37AFBFB4437F};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC83B900-B33A-D316-EF7D-013309406392};"Found Trojan.Stoped.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E};"Found Adware.SpyAxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EE02B99B-1D55-48bc-B8DB-649A42CE45F6};"Found Adware.CreatrixMedia";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F007E221-018D-4baf-924A-B0E9092F3853};"Found Adware.CreatrixMedia";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F43BD772-ABDD-43B7-A96A-3E9E61946EC0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F5BDC469-1EC5-4193-824B-2E209993D183};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F74B358E-6979-40a9-96CD-636C80B87AFF};"Found Trojan.BankAsh.g";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F7D40011-29BB-43EB-9C97-875CE89E9E36};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA1A6CC3-BE63-4f7c-A455-417D35A67DA6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBD49452-69E0-4837-91FA-9227A6DD1A83};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC148228-87E1-4D00-AC06-58DCAA52A4D1};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FD9BC004-8331-4457-B830-4759FF704C22};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FDC47F1A-61E1-4AC5-89CA-6B95644953AE};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9};"Found Adware.SecureServicePack";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFD2825E-0785-40C5-9A41-518F53A8261F};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF};"Found Adware.Generic";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@2o7[2].txt:\2o7.net.92b4d8ae;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@2o7[2].txt:\2o7.net.404851f2;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@2o7[2].txt:\2o7.net.6d0150be;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@2o7[2].txt:\2o7.net.f3d02fd3;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@2o7[2].txt:\2o7.net.fb54375d;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@2o7[2].txt:\2o7.net.19fc810a;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@2o7[2].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@adopt.euroclick[1].txt:\adopt.euroclick.com.6d7740f7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@adopt.euroclick[1].txt:\adopt.euroclick.com.17044b51;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@adopt.euroclick[1].txt:\adopt.euroclick.com.8b1bd7bc;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@adopt.euroclick[1].txt:\adopt.euroclick.com.891542da;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@adopt.euroclick[1].txt:\adopt.euroclick.com.ffe11db7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@adopt.euroclick[1].txt;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@dealtime[1].txt:\dealtime.com.48a2428c;"Found Tracking cookie.Dealtime";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@dealtime[1].txt;"Found Tracking cookie.Dealtime";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@doubleclick[2].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@doubleclick[2].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@m.webtrends[1].txt;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@overture[2].txt:\overture.com.d727de6f;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@overture[2].txt:\overture.com.52ca467a;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@overture[2].txt:\overture.com.8e32a996;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@overture[2].txt;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@perf.overture[1].txt:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@perf.overture[1].txt;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@searchportal.information[1].txt:\searchportal.information.com.44e78b2;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@searchportal.information[1].txt:\searchportal.information.com.a6de7d6;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@searchportal.information[1].txt:\searchportal.information.com.3a8d7204;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@searchportal.information[1].txt:\searchportal.information.com.13a6979d;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@searchportal.information[1].txt:\searchportal.information.com.8aafc627;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@searchportal.information[1].txt:\searchportal.information.com.99c35e71;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@searchportal.information[1].txt;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@serving-sys[1].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@serving-sys[1].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@serving-sys[1].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@serving-sys[1].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@serving-sys[1].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@serving-sys[1].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@sexlist[2].txt:\sexlist.com.432eb4ce;"Found Tracking cookie.Sexlist";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@sexlist[2].txt;"Found Tracking cookie.Sexlist";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@sextracker[2].txt:\sextracker.com.1b0b08af;"Found Tracking cookie.Sextracker";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@sextracker[2].txt;"Found Tracking cookie.Sextracker";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@stat.dealtime[1].txt:\stat.dealtime.com.f58c396a;"Found Tracking cookie.Dealtime";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@stat.dealtime[1].txt;"Found Tracking cookie.Dealtime";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@stat.dealtime[2].txt:\stat.dealtime.com.f58c396a;"Found Tracking cookie.Dealtime";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@stat.dealtime[2].txt;"Found Tracking cookie.Dealtime";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@tacoda[1].txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@tacoda[1].txt:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@tacoda[1].txt:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@tacoda[1].txt:\tacoda.net.ed9c50d1;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@tacoda[1].txt:\tacoda.net.e9f57f8;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@tacoda[1].txt:\tacoda.net.cd7ce44f;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@tacoda[1].txt;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@weborama[2].txt:\weborama.fr.30104bcb;"Found Tracking cookie.Weborama";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@weborama[2].txt:\weborama.fr.2bb7a5bc;"Found Tracking cookie.Weborama";"Potentially dangerous object"
C:\Documents and Settings\Antonio\Cookies\antonio@weborama[2].txt;"Found Tracking cookie.Weborama";"Potentially dangerous object"

greyknight17 · Apr 30, 2008

I'm surprised there's no option to remove the infected files found there....

OK, attach that file here instead then because I don't think it's posting everything here.

Australian Maid · May 1, 2008

The AVG file is csv and the attachments on this forum do not handle that extension. Email is working fine after
deleting all mail from ISP servers. They have all showed up again today.
comp running much better now

greyknight17 · May 3, 2008

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run the AVG scan again. Save the log file and compress it into a zip file instead. Then try attaching here again.

would greatly appreciate your help

Attachments

Top Contributors this Month

Recommended Communities