Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, Adware, Virus Rando Sites Loading When My Hard Drive Isnt Churning


  • This topic is locked This topic is locked
11 replies to this topic

#1 cheapsuits

cheapsuits

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 28 April 2008 - 11:59 PM

Ok I admit I am a numbskull twice over. First time for file sharing via limewire on the advice of a family member. That's what started all this trouble.

I posted a now deleted HJK log earlier and then proceded to read the tutorials and attempt to solve my problems myself-- Mistake #2 ( new file follows)

I have random sites popup and ads STILL. I also have a mysterious voice telling me I won 2 iPod nanos even though nothing seems open on my computer. I have been having trouble running DSS because so much stiff launches it gets constipated. I ran Search and destroy but who knows.. I got a "ran out of memory error". I tried getting into safe mode but either it takes longer then the 5 impateint minutes I have or it hangs forever.

I now get two boxes when the machine starts:

Special module could not be found. Error loading system32\vyjftrpx.dll and Special module could not be found. Error loading system32\pqhfivlc.

My hard drive is churning and grinding constantly.

below is the HJK file

Thank you very very much for taking a peak:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:29 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AA706044-C896-4D62-9748-E329723272D8} - C:\WINDOWS\system32\byxvVlig.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: gooochi browser optimizer - {b85f9f08-7c81-73f2-d826-a374e20f8596} - C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll
O2 - BHO: (no name) - {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - C:\WINDOWS\system32\qomJdaay.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [287236eb] rundll32.exe "C:\WINDOWS\system32\pqhifivk.dll",b
O4 - HKLM\..\Run: [BM2b410577] Rundll32.exe "C:\WINDOWS\system32\vyjftrpx.dll",s
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll" DllInit
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - Winlogon Notify: qomJdaay - qomJdaay.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)

--
End of file - 10363 bytes

Deckard's System Scanner v20071014.68
Run by Garry on 2008-04-28 23:59:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
58: 2008-04-28 05:31:26 UTC - RP209 - Deckard's System Scanner Restore Point
57: 2008-04-28 05:22:31 UTC - RP208 - Last known good configuration
56: 2008-04-28 05:22:18 UTC - RP207 - Restore Operation
55: 2008-04-28 05:22:17 UTC - RP206 - Deckard's System Scanner Restore Point
54: 2008-04-28 05:22:13 UTC - RP205 - Last known good configuration


-- First Restore Point --
1: 2008-04-28 05:22:01 UTC - RP152 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.48 GiB (less than 15%) free.


-- HijackThis (run as Garry.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:35 AM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Garry\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Garry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AA706044-C896-4D62-9748-E329723272D8} - C:\WINDOWS\system32\byxvVlig.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: gooochi browser optimizer - {b85f9f08-7c81-73f2-d826-a374e20f8596} - C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll
O2 - BHO: (no name) - {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - C:\WINDOWS\system32\qomJdaay.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [287236eb] rundll32.exe "C:\WINDOWS\system32\pqhifivk.dll",b
O4 - HKLM\..\Run: [BM2b410577] Rundll32.exe "C:\WINDOWS\system32\vyjftrpx.dll",s
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll" DllInit
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - Winlogon Notify: qomJdaay - qomJdaay.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)

--
End of file - 10364 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070722-123150-382 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
backup-20080427-235528-122 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntkkdn.exe DWram
backup-20080427-235528-362 O4 - HKLM\..\Run: [{23-36-64-44-DW}] c:\windows\system32\jjwnw64k.exe DWram
backup-20080427-235528-433 O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll" DllInit
backup-20080427-235528-828 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
backup-20080427-235528-924 O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Garry\svchost.exe
backup-20080427-235711-934 O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
backup-20080428-000407-382 O4 - HKLM\..\Run: [{23-36-64-44-DW}] C:\WINDOWS\system32\jjwnw64k.exe DWram
backup-20080428-000407-392 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntkkdn.exe DWram
backup-20080428-000407-613 O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll" DllInit
backup-20080428-004822-141 O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Garry\svchost.exe
backup-20080428-004822-220 O4 - HKLM\..\Run: [{23-36-64-44-DW}] C:\windows\system32\jjwnw64k.exe DWram
backup-20080428-004822-326 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
backup-20080428-004822-892 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntkkdn.exe DWram
backup-20080428-004822-931 O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll" DllInit
backup-20080428-213751-263 O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll" DllInit
backup-20080428-213751-304 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntkkdn.exe DWram
backup-20080428-213751-699 O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntkkdn.exe
backup-20080428-213751-867 O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jjwnw64k.exe
backup-20080428-213751-993 O4 - HKLM\..\Run: [{23-36-64-44-DW}] C:\windows\system32\jjwnw64k.exe DWram

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 raspppoee - c:\windows\system32\drivers\raspppoee.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-28 21:42:04 0 d-------- C:\fsaua.data
2008-04-28 18:52:38 0 d-------- C:\Program Files\Panda Security
2008-04-28 15:15:00 515179 --ahs---- C:\WINDOWS\system32\FLmVEfhk.ini2
2008-04-28 14:56:04 0 d-------- C:\Documents and Settings\Jennifer Stoelk\Application Data\Google
2008-04-28 01:00:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-28 01:00:26 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-28 01:00:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-27 23:44:07 3944448 --a------ C:\Documents and Settings\Garry\ntuser.dat
2008-04-27 23:44:06 1085440 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-27 23:19:23 524081 --ahs---- C:\WINDOWS\system32\gilVvxyb.ini2
2008-04-27 23:15:21 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-04-27 23:15:18 0 d--hs---- C:\Documents and Settings\Garry\!
2008-04-27 23:14:21 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-27 23:14:09 401608 --a------ C:\WINDOWS\system32\g78.exe
2008-04-27 23:14:08 0 d--hs---- C:\WINDOWS\SmVubmlmZXI
2008-04-27 23:14:04 86144 --a------ C:\WINDOWS\system32\drivers\raspppoee.sys
2008-04-27 23:14:02 0 d-------- C:\WINDOWS\system32\x4
2008-04-27 23:14:02 0 d-------- C:\WINDOWS\system32\wTMP
2008-04-27 23:14:02 0 d-------- C:\WINDOWS\system32\n3
2008-04-27 23:14:02 0 d-------- C:\WINDOWS\system32\b1
2008-04-27 23:14:00 0 d-------- C:\WINDOWS\system32\pnVes05
2008-04-07 11:27:34 330240 --a------ C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll
2008-04-05 07:43:21 0 d-------- C:\Documents and Settings\Eleanor & Audrey\Application Data\Google
2008-04-04 17:29:00 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-01 11:41:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-01 11:40:54 0 d-------- C:\Program Files\Dell Support Center
2008-04-01 11:40:54 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-30 23:18:57 0 d-------- C:\Documents and Settings\Jennifer Stoelk\Application Data\LimeWire
2008-03-30 15:17:04 0 d-------- C:\Documents and Settings\Eleanor & Audrey\Application Data\LimeWire


-- Find3M Report ---------------------------------------------------------------

2008-04-28 00:44:24 0 d-------- C:\Documents and Settings\Garry\Application Data\LimeWire
2008-04-27 23:20:22 0 d-------- C:\Program Files\LimeWire
2008-04-17 21:49:40 0 d-------- C:\Documents and Settings\Garry\Application Data\WeatherBug
2008-04-06 09:25:26 0 d-------- C:\Documents and Settings\Garry\Application Data\Google
2008-04-04 17:37:35 0 d-------- C:\Program Files\Google
2008-04-01 23:00:34 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-01 11:40:54 0 d-------- C:\Program Files\Common Files
2008-03-27 22:09:45 0 d-------- C:\Documents and Settings\Garry\Application Data\.BitTornado
2008-03-27 22:08:46 0 d-------- C:\Program Files\BitTornado
2008-03-17 21:08:04 0 d-------- C:\Program Files\TechSmith
2008-03-17 21:07:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 18:41:47 0 d-------- C:\Program Files\iTunes
2008-03-12 18:41:34 0 d-------- C:\Program Files\iPod
2008-03-12 18:40:29 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA706044-C896-4D62-9748-E329723272D8}]
C:\WINDOWS\system32\byxvVlig.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b85f9f08-7c81-73f2-d826-a374e20f8596}]
04/07/2008 11:27 AM 330240 --a------ C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}]
C:\WINDOWS\system32\qomJdaay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 08:12 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 01:02 AM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [04/30/2007 09:19 AM]
"SpyHunter"="" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [10/21/2005 09:29 AM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 08:50 AM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 08:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"287236eb"="C:\WINDOWS\system32\pqhifivk.dll" []
"BM2b410577"="C:\WINDOWS\system32\vyjftrpx.dll" []
"spa_start"="C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll" [04/07/2008 11:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [10/06/2005 03:02 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/05/2005 03:08 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/3/2005 7:45:28 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}"= C:\WINDOWS\system32\qomJdaay.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomJdaay]
qomJdaay.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byxvVlig




-- End of Deckard's System Scanner: finished at 2008-04-29 00:02:15 ------------

Edited by cheapsuits, 29 April 2008 - 12:03 AM.


BC AdBot (Login to Remove)

 


#2 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:42 PM

Posted 29 April 2008 - 04:19 AM

Hi, Wellcome to Bleeping Computer Forums!

You might want to save this page on your favorites, so you can find it again when you return.


Please take note of the following:
  • I will be handling your log and helping you, please do not make any system changes yet.
  • The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.

:thumbsup:
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:42 PM

Posted 29 April 2008 - 08:57 AM

Hello,

It is important that your computer has an antivirus software running on your machine.
Your log doesn't show an antivirus software running. This is somewhat suicidal in today's digital world.


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case LimeWire).
These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and
you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



# Step 1 #

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
# Step 2 #

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer



# Step 3 #

You need to install an antivirus program as soon as you can and run a complete scan of the computer. Please download and install one of these good (and free) products:

Avira Antivir
Avast
AVG


Install just one of these products and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

Note: I do not recommend that you have more than one anti virus product installed and running on your computer at a time.
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 cheapsuits

cheapsuits
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 29 April 2008 - 07:46 PM

GRACIAS!!! Appreciate the help. Still having the RUNDLL error boxes pop up. ComboFix ,HJT and AVG logs follow:

ComboFix 08-04-29.3 - Garry 2008-04-29 19:03:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.572 [GMT -5:00]
Running from: C:\Documents and Settings\Garry\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Garry\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\b1\CBWA3UI.0XE
C:\WINDOWS\system32\drivers\raspppoee.sys
C:\WINDOWS\system32\FLmVEfhk.ini
C:\WINDOWS\system32\FLmVEfhk.ini2
C:\WINDOWS\system32\gilVvxyb.ini
C:\WINDOWS\system32\gilVvxyb.ini2
C:\WINDOWS\system32\ilrlnsie.ini
C:\WINDOWS\system32\kvifihqp.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\n3
C:\WINDOWS\system32\n3\predircom3.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\x4
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_RASPPPOEE
-------\Service_raspppoee


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-29 19:29 . 2008-04-29 19:29 <DIR> d--hs---- C:\found.000
2008-04-28 21:42 . 2008-04-28 21:42 <DIR> d-------- C:\fsaua.data
2008-04-28 18:52 . 2008-04-28 18:52 <DIR> d-------- C:\Program Files\Panda Security
2008-04-28 14:55 . 2008-04-28 14:55 0 --a------ C:\WINDOWS\BM2b410577.xml
2008-04-28 00:30 . 2008-04-28 00:30 <DIR> d-------- C:\Deckard
2008-04-27 23:15 . 2008-04-27 23:48 <DIR> d--hs---- C:\Documents and Settings\Garry\!
2008-04-27 23:15 . 2008-04-27 23:15 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-04-27 23:14 . 2008-04-27 23:14 <DIR> d-------- C:\WINDOWS\system32\wTMP
2008-04-27 23:14 . 2008-04-28 23:41 <DIR> d-------- C:\WINDOWS\system32\pnVes05
2008-04-27 23:14 . 2008-04-27 23:14 <DIR> d--hs---- C:\WINDOWS\SmVubmlmZXI
2008-04-27 23:14 . 2008-04-27 23:14 <DIR> d-------- C:\temp\zvebs14
2008-04-27 23:14 . 2008-04-27 23:14 <DIR> d-------- C:\temp\kvebs14
2008-04-27 23:14 . 2008-04-27 23:14 401,608 --a------ C:\WINDOWS\system32\g78.exe
2008-04-27 23:14 . 2008-04-27 23:14 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-04-27 23:14 . 2008-04-28 20:51 63,893 --a------ C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll-uninst.exe
2008-04-27 23:14 . 2008-04-28 15:10 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-07 11:27 . 2008-04-07 11:27 330,240 --a------ C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll
2008-04-04 17:29 . 2008-04-04 17:37 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-01 11:41 . 2008-04-01 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-01 11:40 . 2008-04-01 11:41 <DIR> d-------- C:\Program Files\Dell Support Center
2008-04-01 11:40 . 2008-04-01 11:40 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-03-30 23:18 . 2008-03-30 23:19 <DIR> d-------- C:\Documents and Settings\Jennifer Stoelk\Application Data\LimeWire
2008-03-30 15:17 . 2008-03-30 16:44 <DIR> d-------- C:\Documents and Settings\Eleanor & Audrey\Application Data\LimeWire
2008-03-27 22:51 . 2008-04-27 23:20 <DIR> d-------- C:\Program Files\LimeWire
2008-03-27 22:51 . 2008-04-28 00:44 <DIR> d-------- C:\Documents and Settings\Garry\Application Data\LimeWire
2008-03-27 22:09 . 2008-03-27 22:09 <DIR> d-------- C:\Documents and Settings\Garry\Application Data\.BitTornado
2008-03-27 22:08 . 2008-03-27 22:08 <DIR> d-------- C:\Program Files\BitTornado
2008-03-17 21:08 . 2008-03-17 21:08 <DIR> d-------- C:\Program Files\TechSmith
2008-03-17 21:08 . 2008-03-17 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-17 21:07 . 2008-03-17 21:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 18:42 . 2008-04-29 19:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-12 18:42 . 2008-03-12 18:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-12 18:41 . 2008-03-12 18:41 <DIR> d-------- C:\Program Files\iTunes
2008-03-12 18:39 . 2008-03-12 18:40 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 00:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-28 19:56 --------- d-----w C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug
2008-04-18 02:49 --------- d-----w C:\Documents and Settings\Garry\Application Data\WeatherBug
2008-04-04 22:37 --------- d-----w C:\Program Files\Google
2008-04-01 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-12 23:41 --------- d-----w C:\Program Files\iPod
2005-08-02 21:46 187,904 --sha-r C:\WINDOWS\SmVubmlmZXI\asappsrv.dll
2005-08-02 21:58 293,888 --sha-r C:\WINDOWS\SmVubmlmZXI\command.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\SmVubmlmZXI\mApRvA5AtrK.vbs
2006-11-05 00:51 56 --sh--r C:\WINDOWS\system32\3AAC41B9EA.sys
2006-11-05 00:51 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA706044-C896-4D62-9748-E329723272D8}]
C:\WINDOWS\system32\byxvVlig.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b85f9f08-7c81-73f2-d826-a374e20f8596}]
2008-04-07 11:27 330240 --a------ C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2005-10-06 15:02 1339392]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 09:19 20480]
"SpyHunter"="" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-21 09:29 26112]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"287236eb"="C:\WINDOWS\system32\pqhifivk.dll" [ ]
"BM2b410577"="C:\WINDOWS\system32\vyjftrpx.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 07:45:28 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomJdaay]
qomJdaay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\Wireless\\lxdjwpss.exe"=
"C:\\WINDOWS\\system32\\lxdjcoms.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\App4r.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-06-11 12:17]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 19:31:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-29 19:43:10 - machine was rebooted [Garry]
ComboFix-quarantined-files.txt 2008-04-30 00:43:07

Pre-Run: 4,695,207,936 bytes free
Post-Run: 14,517,751,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

HJK

182
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:47 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AA706044-C896-4D62-9748-E329723272D8} - C:\WINDOWS\system32\byxvVlig.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: gooochi browser optimizer - {b85f9f08-7c81-73f2-d826-a374e20f8596} - C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [287236eb] rundll32.exe "C:\WINDOWS\system32\pqhifivk.dll",b
O4 - HKLM\..\Run: [BM2b410577] Rundll32.exe "C:\WINDOWS\system32\vyjftrpx.dll",s
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - Winlogon Notify: qomJdaay - qomJdaay.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)

--
End of file - 10058 bytes

AVG FILE


Scan "Scan whole computer" was finished.
Infections found:;"5"
Infected objects removed or healed;"5"
Not removed or healed.;"0"
Spyware found:;"6"
Spyware removed:;"6"
Not removed:;"0"
Warnings count:;"772"
Information count:;"0"
Scan started:;"Tuesday, April 29, 2008, 7:52:48 PM"
Total object scanned:;"723614"
Time needed:;"1 hour(s) 25 minute(s) 51 second(s) "
Errors encountered:;"0"

Infections
File;"Infection";"Result"
C:\Documents and Settings\Garry\My Documents\LimeWire\Saved\dexter.zip:\setup.exe:\$JK\adw.exe:\$KG;"Trojan horse NaviPromo.N";"Moved to Virus Vault"
C:\Documents and Settings\Garry\My Documents\LimeWire\Saved\dexter.zip:\setup.exe:\$JK\adw.exe;"Trojan horse NaviPromo.N";"Moved to Virus Vault"
C:\Documents and Settings\Garry\My Documents\LimeWire\Saved\dexter.zip:\setup.exe;"Trojan horse NaviPromo.N";"Moved to Virus Vault"
C:\Documents and Settings\Garry\My Documents\LimeWire\Saved\dexter.zip;"Trojan horse NaviPromo.N";"Moved to Virus Vault"
C:\WINDOWS\system32\wTMP\idevdpll.exe;"Trojan horse Lop.4.A";"Moved to Virus Vault"

Spyware
File;"Infection";"Result"
C:\Deckard\System Scanner\20080428210909\backup\DOCUME~1\Garry\LOCALS~1\Temp\cmdinst.exe;"Adware Generic3.BKI";"Moved to Virus Vault"
C:\Documents and Settings\Garry\My Documents\LimeWire\Saved\dexter.zip:\setup.exe:\$JK\bann.exe:\$CF\cpmsky.dll;"Adware Generic3.BMN";"Moved to Virus Vault"
C:\Documents and Settings\Garry\My Documents\LimeWire\Saved\dexter.zip:\setup.exe:\$JK\bann.exe;"Adware Generic3.BMN";"Moved to Virus Vault"
C:\Documents and Settings\Garry\My Documents\LimeWire\Saved\dexter.zip:\setup.exe:\$JK\adw.exe:\$CF\WhoisCL.exe;"Potentially harmful program HackTool.DHO";"Moved to Virus Vault"
C:\WINDOWS\SmVubmlmZXI\asappsrv.dll;"Adware Generic.GMD";"Moved to Virus Vault"
C:\WINDOWS\SmVubmlmZXI\command.exe;"Adware Generic2.OQO";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-15D9-4736-AB29-131578A45F2B};"Found Adware.Wordsonweb";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-59D4-4008-9058-080011001200};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-C1EC-0345-6EC2-4D0300000000};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-F09C-02B4-6EC2-AD0300000000};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000001-C003-4A2F-9142-7CB1D78DE6C1};"Found Adware.InternetOptimizer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000049-8F91-4D9C-9573-F016E7626484};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000062-2E5F-4AF7-986E-5B64E0951A96};"Found Adware.BetterInternet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00027925-0017-4FAF-9539-90E4AC0B9EC5};"Found Adware.IEPlugin";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00110011-4B0B-44D5-9718-90C88817369B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{002AF282-E42D-4B51-9F70-F1570C02FAAD};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441};"Found Downloader.ConHook.l";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00F1D395-4744-40F0-A611-980F61AE2C59};"Found Adware.DrSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01B55AFA-F451-474B-9E91-C35B24D02641};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01D8D081-0F76-4AB5-B5E4-9B23A709670E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01E69986-A054-4C52-ABE8-EF63DF1C5211};"Found Adware.CramToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{020B1227-417D-4682-9AC3-61F43CB5B6B1};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{052B12F7-86FA-4921-8482-26C42316B522};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{05324ED1-05C0-4E3A-A34F-98BFC64426F5};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06170642-FA65-4FB6-AC79-5F235CB99BC2};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06849E9F-C8D7-4D59-B87D-784B7D6BE083};"Found Logger.Agent.io";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06FE8138-6C67-484F-AB1F-42ABDDD2CBB6};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{086AE192-23A6-48D6-96EC-715F53797E85};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{08A312BB-5409-49FC-9347-54BB7D069AC6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0A00D11E-B1E7-44B5-AD88-C9190876AAC4};"Found Adware.Dyibar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0AD937E7-2F37-4873-A05E-548A67EF1D0E};"Found Adware.FlashEnhancer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0BAD5052-665D-40D4-A9BD-A2891EAAFB42};"Found Adware.VirusBursters";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0BAE99AF-A9F7-4F7E-9C72-2C1CC81BE0FF};"Found Adware.CreatrixMedia";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0C5A0FFF-9164-493B-93E0-17446374E0A0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D0FAB5C-2BE4-4126-A28E-828FEBCE1E55};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D2DEF3A-F4F1-42EC-AC4F-132E7BA6E292};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D4C7057-EAD2-44C6-AD18-9092905F28F1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D9EB558-0666-479E-868A-21B1D1A53BD1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E4E5110-A772-4C4A-A7DC-137FE10ABD6E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0F25878F-F8AE-5D5D-2BB7-31B5F803290D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11111111-2222-408A-9842-CDBE1C6D37EB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11853D5F-F894-4CC7-BBC3-FC7A9DCFD896};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11904CE8-632A-4856-A7CC-00B33FE71BD8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11A4CA8C-A8B9-49C2-A6D3-3F64C9EEBAE6};"Found Adware.Shorty";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F09AFD-75AD-4E51-AB43-E09E9351CE16};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{125494B2-ACAD-414C-98B9-452F3EF7703A};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{150FA160-130D-451F-B863-B655061432BA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1559E6C1-7E5E-4461-9457-6A2DEA85EB9F};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{159C2E51-9823-11D2-8DDC-D84A1B4ACD4D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15ACE85C-0BB1-42D1-9E32-07EB0506675A};"Found Downloader.Small.nl";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15BA172C-5F41-4CB9-B38D-530FD507997C};"Found Trojan.KillProc.h";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1640DE0E-75E4-4A83-B5D1-2492BC7EBA8F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{16875E09-927B-4494-82BD-158A1CD46BA0};"Found Downloader.Delf.vt";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{168CF174-6DAB-461C-A761-A7ADFA5A5719};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{16A770A0-0E87-4278-B748-2460D64A8386};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17253725-2463-2796-3683-279268379362};"Found Trojan.Goldun.u";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17DA0C9E-4A27-4AC5-BB75-5D24B8CDB972};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{18A41B20-E519-47A1-B545-FFC200730E9B};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{18F57D30-EF36-4C0E-9343-7BFA6DF79B4A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{197A85BC-BD97-4404-A702-95E556E4DAEB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{197B8CA4-E215-46DD-8F33-E0544A80E5C4};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A01A98C-4F25-42E1-971A-185CF63569B2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A1DDC19-5893-43AB-A73F-F41A0F34D115};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1AC5C88A-DEA7-462B-A232-04AF5CA42E7E};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4};"Found Adware.ActivShopper";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5};"Found Downloader.Delf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B9CB0F8-118B-49C1-956D-B703E976F8E3};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C044AAD-7955-4CBD-8175-501A165C4E5D};"Found Trojan.Conhook.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C4DA27D-4D52-4465-A089-98E01BB725CA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482E-80C0-3A1E5238A565};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CA480CD-C0E5-4548-874E-B85B17905B3A};"Found Trojan.Zlob.f";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D1B2879-99FF-11E3-8D96-D7ACAC95952A};"Found Logger.PerfectKeylogger";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E6CE4CD-161B-4847-B8BF-E2EF72299D69};"Found Logger.Sters";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F6FE2C2-6040-4645-9053-7F689AFFE176};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2016A466-91A2-43C6-97D8-2FD380F065EF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{202A961F-23AE-42B1-9505-FFE3C818D717};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{20929603-21DB-477C-BA6F-0B8E70B3C8A0};"Found Adware.CramToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{20A3D913-30EF-4E69-B3F7-93B3F1FB9D5C};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4};"Found Adware.WinAntiVirus";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22024DC7-D190-44EC-9D49-AEE5F244A466};"Found Adware.DriveCleaner";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2296428D-C133-4928-B76A-A200FF409572};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB};"Found Adware.Begin2search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2353FCBC-012D-487B-8BF3-865C0929FBEB};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2439DCBB-DA51-FB1C-927A-CC1E586A8D00};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{246A2CA8-10D9-4F50-B259-CAFF6619A12E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{250D1063-5414-4FB0-86D5-AABB7A5D7DA7};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2559D0B1-AF60-4BD5-965D-0E51383A6367};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27150F81-0877-42E9-AF13-55E5A3439A26};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27321538-5739-4AA1-B84C-7D18E4383F1F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27AC09EE-C20B-4BA4-8E27-F1C33D263875};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824};"Found Adware.iLookup";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A0176FE-008B-4706-90F5-BBA532A49731};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2ACF3ADD-34A1-4F2F-99CF-CC69785D1E90};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2B334C22-40CA-438F-913A-61A8105C4CCD};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2BE26361-58A2-4836-BE57-B838F02FEC3F};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D38A51A-23C9-48A1-A33C-48675AA2B494};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2DC9D850-044D-11E1-B3C9-00805E499D93};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2DC9D850-144D-11E1-B3C9-10805E499D93};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E16DA2D-3194-4B72-AF4E-FD8597CFAFDC};"Found Hijacker.MorwillSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E246FAE-8420-11D9-870D-000C2917DE7F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31615D5C-5126-448A-818A-A7CDFEE85A9B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{330A77C2-C15A-43B5-055C-B4E35EAED279};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{34A12A06-48C0-420D-8F11-73552EE9631A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{364B6276-C6C1-40B6-A6D7-6C48871FD707};"Found Adware.Accoona";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{366B2151-E1C7-44A3-86A3-E5686C2A3D2F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{382ED25E-FF84-4A00-ACC4-4DDADD62DDDD};"Found Adware.CashDeluxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{392BAF48-A26A-45B5-9263-97128E429268};"Found Adware.AdBlaster";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39C78B50-7E98-4AA0-B007-D83114EA6E0F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3A4E6FF3-BF59-446E-9DC8-731BCE2F349A};"Found Trojan.Banker.q";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3BF1F86F-B1A8-489B-8D8B-43781D51411F};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3C767C6B-602D-4B9B-829D-A3DC5B2D89DD};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3D00A39C-655B-428B-AEB2-2FBA03DCC49C};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3D782BB3-F2A5-11D3-BF4C-000000000000};"Found Adware.ActivShopper";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E290290-1728-4C1E-863A-AA12526333F6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E422F49-1566-40D3-B43D-077EF739AC32};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E4563A4-2A9B-4912-BE38-906A0CB702CC};"Found Adware.FastFind";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92};"Found Adware.Henbang";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3FDE0CB5-619F-4227-8961-F2D7ED15B88E};"Found Adware.CramToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4006DCA3-433D-4FC8-AC36-42DA7797DCB7};"Found Adware.eZula";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4022F902-ABC7-4C79-924F-BB26F1D355A2};"Found Adware.Dyibar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{405132A4-5DD1-4BA8-A181-95C8D435093A};"Found Adware.VipSearcher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{408F660A-9465-44A3-B557-8709DFD992BC};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4136C3F6-7636-49BF-A122-D4DA53B1ADDF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41943050-65CC-454B-81E4-9C8A9D7CBAEA};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4233AC08-A2C4-4742-A0B4-83719613D62C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{43DB73EB-4C90-4418-B6AD-10DB22016908};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44};"Found Trojan.Small.anm";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4487598C-2EC7-43A2-870E-6D8D720FDD9F};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4508E20C-ACAD-11D2-9FC0-00550076E06F};"Found Adware.2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{46D387E9-41FC-4F71-A7C3-B0BEB3568F00};"Found Adware.DigitalNames";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4700F4B2-EB75-07EF-2853-5B264BD6E7DB};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{49256FE8-6394-4ACE-939C-22F35CA042AD};"Found Adware.ZippyLookup";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A25D449-2BAA-4426-A992-D18CA70CF5A9};"Found Trojan.Kolweb.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E};"Found Adware.NewDotNet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AA870AC-8427-42A4-B92E-ECD956197489};"Found Adware.BetterInternet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4B0485A1-C853-42F0-9018-8ACC9A8598B7};"Found Adware.MetaStop";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4D993022-0899-4599-B4B6-0F887D0802E6};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4DA2EE61-6399-4C39-AEB9-0D990E610D29};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-8EEC-EF64B787BB38};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-9AFF-FD78A790AF2C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D};"Found Adware.2020Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-AB8C-E56FA49CA83A};"Found Adware.CursorZone";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C};"Found Adware.NewDotNet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C68A-8D2CF4D5FA7D};"Found Adware.SearchGuard";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-DEFF-ED65A486AA28};"Found Adware.UpSpiralBar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4EB548E5-1FB1-4F83-B49F-A3101FE5FC97};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F4E2384-42AD-4FE4-B966-B6D50C7BF90A};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4FA2B39B-A7DA-983C-68E6-5B095A4118FD};"Found Adware.WorldAntiSpy";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4FBBDFD6-2CA9-4BBA-93E4-AADF75321BCA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4FC003C3-87A0-489C-85CD-878246EB2D18};"Found Adware.VirusBursters";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5284AC2A-EF00-4750-9B82-B5B907D26536};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{52B1DFC7-AAFC-4362-B103-868B0683C697};"Found Adware.Vundo";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5345A7A9-805A-4923-B505-86B2FEBA3FE0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5753791B-F607-48CA-814E-91C14D081F9E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{575A5AE9-B68E-4BEB-BACB-FE430448C654};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{57A70350-87D9-4EA2-B3AC-C1C1B5296035};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{588599F4-DE26-4C28-BA14-F4EB17E33481};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58D324EE-2062-6566-1F57-2A699079E447};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58DBCE03-FFC3-4452-AB1D-C19EE9825A50};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58F07DD3-924D-4141-BC74-299F523A95F1};"Found Adware.WebDir";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59399E33-FB54-48AB-8AE4-AE108B36DAB4};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59879FA4-4790-461C-A1CC-4EC4DE4CA483};"Found Adware.RXToolbar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59F12660-2B92-4554-98F9-87295AD8A0CE};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5A5B6916-ED71-4531-8018-E792DD44156E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5BED3930-2E9E-76D8-BACC-80DF2188D455};"Found Adware.CouponBar";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5C00AF50-9737-4A0F-B728-8F751EB85E43};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5C4F2CBC-F32D-4A03-9812-86F39379811B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5D0F16E6-47DF-11DA-8802-00024493948B};"Found Adware.CashDeluxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF};"Found Adware.CtxPopup";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84};"Found Downloader.Agent.rs";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EDB03AF-0341-4E96-9E9B-3171522E4BAF};"Found Adware.FlashEnhancer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5F6BBD8A-18CF-4D55-8B4C-C9B4C9328DFE};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5F938C17-FBC7-4A3C-8526-85E5B1A1F762};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6001CDF7-6F45-471B-A203-0225615E35A7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{60371670-81B9-4D06-9C42-4DEC1AABE62B};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6076D2B1-634C-4685-843B-F826045EA5DC};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{616D4040-5712-4F0F-BCF1-5C6420A99E14};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{631F7200-642E-11DB-BD13-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{634BE415-DA12-496B-B89E-329B73C4807F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6379A99A-9102-446C-A837-0623E1810D75};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{654DCF3A-00ED-422E-BDA2-D7FA69261CE9};"Found Adware.EZtracks";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6570B782-1A41-4053-B2C9-12C7FCF0D84D};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6671A431-5C3D-463D-A7CF-5587F9B7E191};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{67270207-B9EE-4D26-9270-860FDB060CA1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6A512BF7-EC78-4E8D-9841-6C02E8FA9838};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6ABF54E1-3C4A-11D8-8169-00C02623048A};"Found Adware.ezCyberSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AC3806F-8B39-4746-9C38-6B01CB7331FF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AD686B9-AB56-4EBC-A804-9F70B55B4577};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF};"Found Adware.MyTool";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AE7418B-229F-4A2C-AE1B-D5962888F02D};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6B035665-6C0D-4388-AD11-B28314DCA59B};"Found Adware.EZ-Tracks";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6BDE1669-B490-48E3-B668-456314F2D6C3};"Found Adware.DuDuAccelerator";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DA975EA-CBB4-411B-97C0-DB0A892BF2C1};"Found Trojan.Agent.dq";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782375};"Found Trojan.Wayphisher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782378};"Found Trojan.Wayphisher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6EF91405-4FCB-4633-BAB3-FA5B3DC40C3B};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{70230839-555C-4862-8D42-BB1E2352502C};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{70305BC2-B289-4209-A344-BE21F22BC930};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{703BDF83-2C12-4D20-8BB0-106DDAB01B59};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{716002DB-288C-4BF0-80CD-A467E78D8B55};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71D1708F-973D-4600-AF01-AD86688403AE};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{724510C3-F3C8-4FB7-879A-D99F29008A2F};"Found Hijacker.SpyAxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{735E980D-45D2-4777-AF82-9923D3C8D3AE};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{746455FE-D059-47E7-AF0E-140E03F5A447};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7475D3FD-5D85-49DB-8B9B-6968467B2D80};"Found Adware.InstantBuzz";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{74CC49F7-EB32-4A08-B204-948962A6E3DB};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{74F25A2C-22B3-4023-8F1A-CA616C30A8B5};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{755BBD1A-AA59-456C-AFEB-B4C42C4DCB6F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{76532682-A5C9-11D8-AE07-00D0591AB78A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C};"Found Adware.SearchMaid";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78364D99-A640-4DDF-B91A-67EFF8373045};"Found Trojan.Brospy.c";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{784AA380-13F2-422E-8540-F2280F1DD4F1};"Found Adware.WorldSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78653A3E-A63F-42A9-A6FE-7524F4058767};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7891DA15-428E-11D7-BCC1-00A024831A8C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7977A6ED-C4BD-490E-8C58-AA0849CA03A4};"Found Trojan.VB.aft";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A002FB-C126-462D-B4A7-81D6B42D1666};"Found Adware.DirectIP";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3};"Found Trojan.Kolweb.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A533235-A128-434B-9F8A-9300A544D191};"Found Adware.CashdeLuxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A7E6D97-B492-4884-9ABB-C31281DCC4F2};"Found Adware.VipSearcher";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7B55BB05-0B4D-44FD-81A6-B136188F5DEB};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7BE183D2-A42D-4915-BF60-EC86FBF002CF};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7CAF96A2-C556-460A-988E-76FC7895D284};"Found Adware.SpyAxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7D435027-F646-4BF9-B2C5-0EF4940D5CA2};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7EC618F2-C506-4221-9F56-792B92BF762E};"Found Adware.DriveCleaner";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FA55359-7223-410F-BC82-EFB3E3DED07F};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FD44536-9DF0-4034-939F-5BD4D98E3187};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8037F7F0-80B6-453A-A7CB-5371A4A09BB8};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{804DB5C7-31E6-4885-850A-F1941B58A4C7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{826B2228-BC09-49F2-B5F8-42CE26B1B711};"Found Downloader.Delf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{826B2228-BC09-49F2-B5F8-42CE26B1B712};"Found Downloader.Delf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{827DC836-DD9F-4A68-A602-5812EB50A834};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8329660F-E248-4872-98CC-FB9C4FEC7BA8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8333C319-0669-4893-A418-F56D9249FCA6};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83A5F7B7-DC75-44CE-9195-264F41709FA9};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{84B71424-B020-11D4-B198-000102C6D473};"Found Adware.SpediaSurf";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1};"Found Adware.LinkMaker";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85E517D1-1B6B-4662-AF6E-4B9738091DCC};"Found Adware.FastSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{860C2F6B-CA82-4282-9187-BECCBB66F0AF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8670EE50-01F9-47DA-AC1E-CF8549E9E521};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87185E78-A61B-4DB3-965A-3235BBD7A622};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{873EB32D-AE1A-4183-89BD-45A77F761BE4};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{874443FE-AA33-4EBF-A6AC-73208787E62D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88CC91DE-5930-45AD-9E04-6B1233609FEA};"Found Adware.Appoli";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A406068-D45C-40B9-A096-38AC717FB608};"Found Adware.WebDir";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22};"Found Adware.LinkMaker";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8C56B6CE-C53F-44C4-9BDC-A9BC1711D05A};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8CC5CF9F-B05E-49A8-9540-DD8EAD0A8912};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D82BB89-B58C-4F21-9C5D-377F65947806};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D8C2387-7F80-4022-9BE6-43630A969558};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DBF02DA-4360-4A7E-BEA1-347B87816327};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26};"Found Trojan.Conhook.c";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8EE6BF73-B370-4D13-9126-EB0071178F2E};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{92617934-9ABC-DEF0-0FED-FAD682644311};"Found Trojan.Goldun.q";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{92E1B3F7-0546-421E-9835-904D25B7BA66};"Found Adware.VisuaExplorer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{93C6313C-9DB4-4694-8BD0-E378C573A9AD};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{93CECBB2-6B1B-448D-91B9-72604EF70105};"Found Adware.180Solutions";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{941CA48C-3984-4E7D-AAF8-8755ED76EB50};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{943B96A4-9BF6-42FE-8D0B-4BCA71C3632F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{944864A5-3916-46E2-96A9-A2E84F3F1208};"Found Adware.Accoona";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{950238FB-C706-4791-8674-4D429F85897E};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{951A98D0-DAD6-4A77-8280-A494279A884B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{957BAB51-81FF-8195-F273-D7E286EA702F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{95C60327-8E17-44D6-98EB-7EB70CC606DD};"Found Adware.SafeSurfing";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{97F56E12-C706-4AEB-9FFB-133C05EE5D38};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98640C3B-0699-4D51-ADB4-A6FC48ACB966};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98A7C97A-4FFF-4F6E-A313-D21BC759DD99};"Found Adware.SearchIT";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9A4B860B-B18E-4AFE-9B26-2A19268EB6BE};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12};"Found Adware.Begin2Search";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9BB7E700-4E48-476D-B75C-6F47606BE988};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C5875B8-93F3-429D-FF34-660B206D897A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CC1C589-4B22-4DAE-8E12-4C3B5FA12B3F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9D635A36-6B3C-4146-8625-F3AAF507BBF8};"Found Adware.Genericr";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9D9A7350-46C9-4E3C-92EF-382B5740A1C3};"Found Adware.ContextuAd";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E87077C-380C-407D-8DAB-EEDAD95C0A5D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A19EF336-01D4-48E6-926A-FE7E1C747AED};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9};"Found Adware.CommanderNET";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A43385F0-7113-496D-96D7-B9B550E3FCCA};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A509347C-461D-D47A-686D-852C0B1D26EE};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A646CE7E-951E-44D1-B93C-F7136DA41E58};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A69B7D98-9DAC-21C6-7ADB-7FF21D28CEC1};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A749B4BC-7621-4A80-9220-D0A283367DD5};"Found Adware.FlashEnhancer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A833AB67-7368-457E-B8BF-249CCD8DDD14};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8B28872-3324-4CD2-8AA3-7D555C872D96};"Found Adware.Softomate";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA};"Found Adware.DeluxeCommunications";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8FB8EB3-183B-4598-924D-86F0E5E37085};"Found Adware.WhyPPC";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AB340860-FD81-4A65-B345-82EB77A66B5E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AC3AEF75-0A6B-4AB8-82B5-2C9BA8396644};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D};"Found Adware.7000n";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1};"Found Adware.Henbang";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AED6F6A3-183C-488D-9F90-23DB99F56E7F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF4FD984-A939-4C32-82B2-8BAE7ABE9AEC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0DED443-5E68-4001-A81B-0A0001621AB8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B166BE07-30A4-4D38-B781-44528A630706};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B212D577-05B7-4963-911E-4A8588160DFA};"Found Trojan.Delf.nj";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B23DC537-3E13-44C7-BF67-D8405EB377F7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B2A3156E-3332-4B47-AF5A-5B121503514F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B313D637-F405-4052-AC37-E2119AB3C8F8};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B5141620-C2B2-4D95-9F0F-134D99C87AB0};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B53455DB-5527-4041-AC41-F86E6947AA47};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B54BFA47-D897-49CA-9657-05EC9F80A32B};"Found Adware.QuickMetaSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B59F3BA4-98DA-4B5F-8A2D-7B56FB11140B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B5F3970B-745E-46AC-B890-E08F69777D80};"Found Adware.Searchforit";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8B55274-0F9A-41E5-9067-A3539BD9E860};"Found Trojan.Agent.dj";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8D60EBB-5565-4392-957B-7164BA087AD4};"Found Adware.InstantBuzz";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA94F81E-99FC-40E1-824C-BAA00B575F4A};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB54DE33-E539-4749-BFAC-CC49617E8F2A};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408};"Found Adware.Able2know";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BBFF9532-5340-11D8-B39A-000D5610942E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD0FC212-0A36-4232-83CC-2063FB9282E0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD2E165D-1BC6-23AA-345B-1C234F173CBD};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA};"Found Adware.WebDir";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C15DFCFB-3D1C-4E50-AAC7-037B016B95F7};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C3703265-4671-4858-92A4-CBA6A7B3BB45};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C370527A-24A7-4583-BE01-72E59000EB17};"Found Adware.AFAEnhance";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C4C4786C-9861-46D2-BB63-AC782AB07046};"Found Adware.DriveCleaner";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C4F147D7-BF25-488E-A12B-EFD43E7029BF};"Found Adware.VisuaExplorer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5531D07-22C2-418B-85B9-D829AF1498B0};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5AF2622-8C75-4DFB-9693-23AB7686A456};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C61A70F3-505E-4B90-916F-627A8706B4BC};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C7CF1142-0785-4B12-A280-B64681E4D45E};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C833A552-F5AF-4A7B-87B3-6EBDE0DB3B43};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C89BB48C-15D9-4F4F-803E-95D90F62BE62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C95FE080-8F5D-11D2-A20B-00AA003C157A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C9FD0FB1-0121-4FBF-9B54-DBA85F34D743};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89};"Found Adware.WebDir";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CA356D79-679B-4B4C-8E49-5AF97014F4C1};"Found Adware.Starware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CC924BD1-7382-4619-A706-070CB00F2325};"Found Adware.SpywareWall";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CCAABCDD-7C16-4215-B12E-150BFB994CF0};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDB280E8-BE43-4128-8A5A-3FCD094E2D88};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDE9EB54-A08E-4570-B748-13F5DDB5781C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE70731D-F28D-4D81-9D61-C8EE60378401};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-0BED-709549C10020};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10000};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-71766C641316};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-71766C645750};"Found Trojan.Agent.gg";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-717765721306};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF490793-3A68-4931-9C10-A29A856D36F3};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708};"Found Adware.SpyLocked";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D1AC752E-883F-4ED8-8828-B618C3A72152};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D49E9D35-254C-4C6A-9D17-95018D228FF5};"Found Adware.Starware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D4D5C535-BA95-4327-870D-A33826FDD17A};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5EFDB0E-4F51-414F-B740-54A5C87A8957};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D6D64CDF-0363-4261-B723-29A3AF365E1D};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7950AB4-67F5-458E-A37D-9F2DE7F250AC};"Found Adware.NetRevenueStream";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BDD42A-7E69-4BB8-AAC3-D76FF65A3AA3};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7CC80D4-376C-4586-B023-4F35C2CEB28E};"Found Adware.Softomate";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7E588AB-A5D9-4422-B313-22A3470F9700};"Found Adware.FlashEnhancer";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38};"Found Adware.Softomate";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB};"Found Downloader.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA3B49F6-8C54-4429-A275-21A86DCCA413};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DAA873D4-958C-453C-81CA-3FE6F3676A87};"Found Downloader.Fugif";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DC8240DF-E60D-4193-B984-5111847DC7E6};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DE23A040-D6AA-43CA-9B86-D9BE3DAA6FE7};"Found Trojan.KillAV.F";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DF56F9D5-EF50-400D-B616-6EEB7AE63C55};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DFA61DB1-388E-4C87-8D56-540FA229BCB4};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E0103CD4-D1CE-411A-B75B-4FEC072867F4};"Found Trojan.Puper.ac";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E0767047-9D25-4A3A-B905-852CDA087E86};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E10959A2-8862-4582-973A-05BDAF4E0FE9};"Found Adware.ezSearching";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E1412445-4FF8-410E-8D24-F2CF86B171A4};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E14DCE67-8FB7-4721-8149-179BAA4D792C};"Found Trojan.Ciadoor.m";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E175D136-4566-4C0B-B91C-848A899A691F};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2DDF680-9905-4DEE-8C64-0A5DE7FE133C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3A729DA-EABC-DF50-1842-DFD682644311};"Found Trojan.Lespy.a";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E52DEDBB-D168-4BDB-B229-C48160800E81};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6ADAAF0-79B2-4CF1-A660-50A0B33991A1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6B4AB50-F423-4EE6-9839-B35DCFCDFA49};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7296F98-6668-419C-AE1D-04ED641E7C3E};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E944D14A-03AA-43E3-9D0E-4F50C4D1B005};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA0D26BD-9029-431A-86E0-83152D67828A};"Found Adware.180Solutions";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E};"Found Adware.SpyAxe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDE8BED5-92CF-4482-8F51-A01CD9B3EA37};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDF78E1B-31A2-4C6E-AD40-0AFCD0D55263};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EE7C3CF0-4B15-11D1-ABED-709549C10000};"Found Adware.IEHlpr";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EE86F11E-08FB-4B20-B175-7726C63DF9E9};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEBA788A-C268-492A-B7FE-42C2B6C553D4};"Found Adware.FastFind";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6};"Found Trojan.CWSMeup.b";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EFDAC3FE-F44A-4030-8589-1E23BC6573D5};"Found Hijacker.Morwillsearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F007E221-018D-4BAF-924A-B0E9092F3853};"Found Adware.CreatrixMedia";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2EFA195-4785-4DB1-9316-B48C64BB71DA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F31AEE4A-1530-4FEF-8537-79C6973BFF9A};"Found Adware.VirusBurst";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F38696FC-7143-4B0A-9052-A7A96E398D11};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F43BD772-ABDD-43B7-A96A-3E9E61946EC0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F452FA15-98C9-BD51-AC62-418E0C391EC0};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4D74AAA-A178-4463-846B-B4BC87A024E0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5};"Found Adware.ErrorSafe";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F5DE8ADB-4A69-4E56-96AB-823171C8E9D8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F6053709-5723-454E-AB9D-7FC7E681AFA5};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F63E3B76-F82F-46EB-851C-8C0A221686BB};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F65B197F-8260-4D52-909A-F70118E646EB};"Found Adware.MWSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F68D4ACF-5F32-4D00-A9D9-62D849AE0451};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F745F808-E783-4301-8B95-253DC70BEEFE};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F7D40011-29BB-43EB-9C97-875CE89E9E36};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F85E86D8-F796-4C97-AAA2-26664A98A42C};"Found Hijacker.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA19BD7E-50BC-4203-80AC-C4EDC81CA9A3};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA1A6CC3-BE63-4F7C-A455-417D35A67DA6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA4FBF53-C766-4622-8011-A87A805EEBF0};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683};"Found Trojan.VB.aft";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC148228-87E1-4D00-AC06-58DCAA52A4D1};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FD9BC004-8331-4457-B830-4759FF704C22};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE288882-F661-4522-88F3-20CFB7866FA4};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEAA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF170564-36C8-43F7-9100-559E166405CF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E};"Found Adware.Virtumonde";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFD2825E-0785-40C5-9A41-518F53A8261F};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884};"Found Adware.Shorty";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA};"Found Trojan.Zapchast";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\247realmedia.com.ef906bac;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.e7049c28;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.c6def732;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.d7bf1ff7;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.23fffc1c;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.8fc88f10;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.9eaabe7c;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.2ac1ca8b;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.d30835fe;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.2f7bcb9b;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.a9b49f05;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.ba90db70;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.51705b36;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.1a6a6c0d;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\2o7.net.ba50e506;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\overture.com.8e32a996;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\revsci.net.2e81011a;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\revsci.net.55564293;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\revsci.net.b9b08de6;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\revsci.net.44605440;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Application Data\Mozilla\Firefox\Profiles\lptleh7y.default\cookies.txt;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@247realmedia[1].txt:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@247realmedia[1].txt;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@adopt.euroclick[2].txt:\adopt.euroclick.com.6d7740f7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@adopt.euroclick[2].txt:\adopt.euroclick.com.17044b51;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@adopt.euroclick[2].txt:\adopt.euroclick.com.8b1bd7bc;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@adopt.euroclick[2].txt:\adopt.euroclick.com.fb764ef7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@adopt.euroclick[2].txt:\adopt.euroclick.com.891542da;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@adopt.euroclick[2].txt:\adopt.euroclick.com.ffe11db7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@adopt.euroclick[2].txt;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@bs.serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@overture[1].txt:\overture.com.8e32a996;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@overture[1].txt;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@perf.overture[1].txt:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@perf.overture[1].txt;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@realmedia[1].txt:\realmedia.com.68087763;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@realmedia[1].txt:\realmedia.com.ef906bac;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@realmedia[1].txt:\realmedia.com.125a868c;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@realmedia[1].txt;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@serving-sys[2].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@serving-sys[2].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@serving-sys[2].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@serving-sys[2].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@serving-sys[2].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@serving-sys[2].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tacoda[1].txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tacoda[1].txt:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tacoda[1].txt:\tacoda.net.cd7ce44f;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tacoda[1].txt:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tacoda[1].txt:\tacoda.net.ed9c50d1;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tacoda[1].txt:\tacoda.net.e9f57f8;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tacoda[1].txt;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tribalfusion[1].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Eleanor & Audrey\Cookies\eleanor & audrey@tribalfusion[1].txt;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@247realmedia[1].txt:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@247realmedia[1].txt;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt:\ad.yieldmanager.com.87a9ab5d;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e762f029;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adbrite[2].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adbrite[2].txt:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adbrite[2].txt:\adbrite.com.e3b6fcdd;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adbrite[2].txt;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adopt.euroclick[2].txt:\adopt.euroclick.com.891542da;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adopt.euroclick[2].txt:\adopt.euroclick.com.fb764ef7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adopt.euroclick[2].txt:\adopt.euroclick.com.ffe11db7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adopt.euroclick[2].txt;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adrevolver[3].txt:\adrevolver.com.f6cfcad4;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adrevolver[3].txt:\adrevolver.com.9b9d670a;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@adrevolver[3].txt;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@advertising[1].txt:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@advertising[1].txt;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@burstnet[2].txt:\burstnet.com.27341d57;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@burstnet[2].txt:\burstnet.com.c4fe2ebb;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@burstnet[2].txt:\burstnet.com.a3218a37;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@burstnet[2].txt;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@cj[2].txt:\cj.com.13a6979d;"Found Tracking cookie.Cj";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@cj[2].txt:\cj.com.8aafc627;"Found Tracking cookie.Cj";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@cj[2].txt:\cj.com.99c35e71;"Found Tracking cookie.Cj";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@cj[2].txt:\cj.com.e4c20ca1;"Found Tracking cookie.Cj";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@cj[2].txt;"Found Tracking cookie.Cj";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@cpvfeed[1].txt:\cpvfeed.com.23f953b;"Found Tracking cookie.Cpvfeed";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@cpvfeed[1].txt;"Found Tracking cookie.Cpvfeed";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@enhance[2].txt:\enhance.com.2ff9c31e;"Found Tracking cookie.Enhance";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@enhance[2].txt:\enhance.com.378d31e7;"Found Tracking cookie.Enhance";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@enhance[2].txt;"Found Tracking cookie.Enhance";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@fastclick[2].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@fastclick[2].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@fastclick[2].txt:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@fastclick[2].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@fastclick[2].txt:\fastclick.net.9b41aa53;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@fastclick[2].txt;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@media.adrevolver[1].txt:\media.adrevolver.com.5fed601d;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@media.adrevolver[1].txt;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@overture[1].txt:\overture.com.8e32a996;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@overture[1].txt:\overture.com.d727de6f;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@overture[1].txt:\overture.com.52ca467a;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@overture[1].txt;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@paycounter[2].txt:\paycounter.com.1606f523;"Found Tracking cookie.Paycounter";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@paycounter[2].txt;"Found Tracking cookie.Paycounter";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@pro-market[1].txt:\pro-market.net.bbf67f2d;"Found Tracking cookie.Pro-market";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@pro-market[1].txt:\pro-market.net.1d1ba569;"Found Tracking cookie.Pro-market";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@pro-market[1].txt:\pro-market.net.b51604f4;"Found Tracking cookie.Pro-market";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@pro-market[1].txt:\pro-market.net.266912e2;"Found Tracking cookie.Pro-market";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@pro-market[1].txt;"Found Tracking cookie.Pro-market";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@questionmarket[2].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@questionmarket[2].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@questionmarket[2].txt;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.68087763;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.964cd308;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.ef906bac;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.532016bf;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.e14be39e;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.125a868c;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.6b2e2a72;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.f83dacf0;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.997b4805;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt:\realmedia.com.f2ca3bd;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@realmedia[2].txt;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@real[1].txt:\real.com.66561182;"Found Tracking cookie.Real";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@real[1].txt;"Found Tracking cookie.Real";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@real[2].txt:\real.com.66561182;"Found Tracking cookie.Real";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@real[2].txt;"Found Tracking cookie.Real";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@revenue[2].txt:\revenue.net.bcf44ea1;"Found Tracking cookie.Revenue";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@revenue[2].txt;"Found Tracking cookie.Revenue";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[1].txt:\searchportal.information.com.44e78b2;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[1].txt:\searchportal.information.com.abc8a92b;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[1].txt:\searchportal.information.com.3a8d7204;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[1].txt;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[2].txt:\searchportal.information.com.44e78b2;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[2].txt:\searchportal.information.com.9307df89;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[2].txt:\searchportal.information.com.3a8d7204;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[2].txt:\searchportal.information.com.f3701738;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@searchportal.information[2].txt;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@serving-sys[1].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@serving-sys[1].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@serving-sys[1].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@serving-sys[1].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@serving-sys[1].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@serving-sys[1].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@stat.dealtime[2].txt:\stat.dealtime.com.f58c396a;"Found Tracking cookie.Dealtime";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@stat.dealtime[2].txt;"Found Tracking cookie.Dealtime";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@statcounter[2].txt:\statcounter.com.cbeca241;"Found Tracking cookie.Statcounter";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@statcounter[2].txt:\statcounter.com.d8e24882;"Found Tracking cookie.Statcounter";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@statcounter[2].txt;"Found Tracking cookie.Statcounter";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tacoda[1].txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tacoda[1].txt:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tacoda[1].txt:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tacoda[1].txt:\tacoda.net.e9f57f8;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tacoda[1].txt:\tacoda.net.d323296e;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tacoda[1].txt:\tacoda.net.a3218a37;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tacoda[1].txt;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@trafficmp[1].txt:\trafficmp.com.e2e71e33;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@trafficmp[1].txt:\trafficmp.com.37644bdb;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@trafficmp[1].txt:\trafficmp.com.ae53b8b;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@trafficmp[1].txt:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@trafficmp[1].txt:\trafficmp.com.f3e5803e;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@trafficmp[1].txt;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tribalfusion[2].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tribalfusion[2].txt:\tribalfusion.com.7610f0e0;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tribalfusion[2].txt:\tribalfusion.com.9bc3e98f;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tribalfusion[2].txt:\tribalfusion.com.8b22ad8c;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@tribalfusion[2].txt;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@valueclick[1].txt:\valueclick.net.85648628;"Found Tracking cookie.Valueclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@valueclick[1].txt;"Found Tracking cookie.Valueclick";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt:\zedo.com.e9b084d6;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt:\zedo.com.775ee79c;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt:\zedo.com.a5b6a132;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt:\zedo.com.b8c8ce8b;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt:\zedo.com.14a38114;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt:\zedo.com.f1d14556;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt:\zedo.com.ff8ec9c0;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Garry\Cookies\garry@zedo[1].txt;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@247realmedia[1].txt:\247realmedia.com.68087763;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@247realmedia[1].txt:\247realmedia.com.ef906bac;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@247realmedia[1].txt:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@247realmedia[1].txt;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@adopt.euroclick[1].txt:\adopt.euroclick.com.fb764ef7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@adopt.euroclick[1].txt:\adopt.euroclick.com.891542da;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@adopt.euroclick[1].txt:\adopt.euroclick.com.ffe11db7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@adopt.euroclick[1].txt;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@bfast[2].txt:\bfast.com.c53c448c;"Found Tracking cookie.Bfast";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@bfast[2].txt;"Found Tracking cookie.Bfast";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@bluestreak[1].txt:\bluestreak.com.bf396750;"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@bluestreak[1].txt;"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@burstnet[2].txt:\burstnet.com.a3218a37;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@burstnet[2].txt:\burstnet.com.27341d57;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@burstnet[2].txt:\burstnet.com.c4fe2ebb;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@burstnet[2].txt;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.80ad4799;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.121ba2aa;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.1def8f2b;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.f31be13a;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.3a28db8d;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.e1f88397;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.6a12b080;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.1d158016;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.837115b5;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt:\casalemedia.com.5e43734d;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@casalemedia[2].txt;"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@fastclick[1].txt:\fastclick.net.bb8bcae;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@fastclick[1].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@fastclick[1].txt:\fastclick.net.9b41aa53;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@fastclick[1].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@fastclick[1].txt:\fastclick.net.5e30928c;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@fastclick[1].txt:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@findwhat[1].txt:\findwhat.com.539b0606;"Found Tracking cookie.Findwhat";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@findwhat[1].txt;"Found Tracking cookie.Findwhat";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@hitbox[2].txt:\hitbox.com.bbf2a6e8;"Found Tracking cookie.Hitbox";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@hitbox[2].txt:\hitbox.com.2b95f8a3;"Found Tracking cookie.Hitbox";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@hitbox[2].txt;"Found Tracking cookie.Hitbox";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@overture[1].txt:\overture.com.8e32a996;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@overture[1].txt:\overture.com.52ca467a;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@overture[1].txt;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@perf.overture[1].txt:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@perf.overture[1].txt;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@realmedia[1].txt:\realmedia.com.68087763;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@realmedia[1].txt:\realmedia.com.e14be39e;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@realmedia[1].txt:\realmedia.com.125a868c;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@realmedia[1].txt;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@revenue[2].txt:\revenue.net.bcf44ea1;"Found Tracking cookie.Revenue";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@revenue[2].txt;"Found Tracking cookie.Revenue";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@searchportal.information[1].txt:\searchportal.information.com.44e78b2;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@searchportal.information[1].txt:\searchportal.information.com.e5bfcc4b;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@searchportal.information[1].txt:\searchportal.information.com.3a8d7204;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@searchportal.information[1].txt;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@serving-sys[1].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@serving-sys[1].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@serving-sys[1].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@serving-sys[1].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@serving-sys[1].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@serving-sys[1].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@statse.webtrendslive[1].txt;"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tacoda[1].txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tacoda[1].txt:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tacoda[1].txt:\tacoda.net.e9f57f8;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tacoda[1].txt:\tacoda.net.d323296e;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tacoda[1].txt:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tacoda[1].txt:\tacoda.net.cd7ce44f;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tacoda[1].txt:\tacoda.net.ed9c50d1;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tacoda[1].txt;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.f26d6a3e;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.5660bdd9;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.94d192dc;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.23194c51;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.ffea4053;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.42abf50;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.c28a69e3;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.a6c5ee3c;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt:\trafficmp.com.e56c223c;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@trafficmp[1].txt;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tribalfusion[2].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@tribalfusion[2].txt;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@valueclick[2].txt:\valueclick.net.85648628;"Found Tracking cookie.Valueclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@valueclick[2].txt;"Found Tracking cookie.Valueclick";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@web-stat[1].txt:\web-stat.com.4b669a27;"Found Tracking cookie.Web-stat";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@web-stat[1].txt:\web-stat.com.50764a0f;"Found Tracking cookie.Web-stat";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@web-stat[1].txt:\web-stat.com.37497612;"Found Tracking cookie.Web-stat";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@web-stat[1].txt;"Found Tracking cookie.Web-stat";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@zedo[2].txt:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@zedo[2].txt:\zedo.com.775ee79c;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@zedo[2].txt:\zedo.com.ff8ec9c0;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@zedo[2].txt:\zedo.com.a5b6a132;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@zedo[2].txt:\zedo.com.cef1c7af;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@zedo[2].txt:\zedo.com.dd15d628;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@zedo[2].txt:\zedo.com.f462b69f;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jennifer Stoelk\Cookies\jennifer stoelk@zedo[2].txt;"Found Tracking cookie.Zedo";"Potentially dangerous object"

Edited by cheapsuits, 29 April 2008 - 09:29 PM.


#5 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:42 PM

Posted 30 April 2008 - 05:20 AM

Hello,

Has you can see, the use of P2P softwares its a bad idea, look at the results from AVG. :thumbsup:


Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

WeatherBug
- Its a bad software!


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\BM2b410577.xml
C:\WINDOWS\system32\g78.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll-uninst.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll
C:\WINDOWS\system32\byxvVlig.dll
C:\WINDOWS\system32\pqhifivk.dll
C:\WINDOWS\system32\vyjftrpx.dll
Folder::
C:\WINDOWS\system32\wTMP
C:\WINDOWS\system32\pnVes05
C:\WINDOWS\SmVubmlmZXI
C:\temp\zvebs14
C:\temp\kvebs14
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug
C:\Documents and Settings\Garry\Application Data\WeatherBug
C:\Program Files\AWS\WeatherBug
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA706044-C896-4D62-9748-E329723272D8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b85f9f08-7c81-73f2-d826-a374e20f8596}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"287236eb"=-
"BM2b410577"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomJdaay]
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post them along with a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Please download Navilog1 by IL-MAFIOSO:
http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe
(*Alternate download location Here)

* Save it to your Desktop.
* Double-click on Navilog1.exe to install the program.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double-click on the Navilog1 shortcut on your Desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time).
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

In your next reply, please post:
- The results from ComboFix.
- The results from Navilog1.
- A new HijackThis log.

Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#6 cheapsuits

cheapsuits
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 30 April 2008 - 08:18 PM

Thank you once again.
Unistalled WeatherBug
following is new Combofix, Navilog and HJT logs:

ComboFix 08-04-29.3 - Garry 2008-04-30 19:21:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -5:00]
Running from: C:\Documents and Settings\Garry\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Garry\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BM2b410577.xml
C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll
C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll-uninst.exe
C:\WINDOWS\system32\byxvVlig.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\g78.exe
C:\WINDOWS\system32\pqhifivk.dll
C:\WINDOWS\system32\vyjftrpx.dll
C:\WINDOWS\system32\winpfz33.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\0107_Winter.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\0107_Winter_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\06_Winter_121807.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\06_Winter_121807_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\06_Winter_BUBBLE_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\06_Winter_BUBBLE_Mask_updated.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\06_Winter_Bubble_Wrap.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\06_Winter_Bubble_Wrap_updated.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_ActiveStorms.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_Allergy.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_Blue.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_ColdAndFlu.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_ColdAndFlu_VZ.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_ColdAndFluMobile.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_Disney_Chance2Win.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_GrHog_tile.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_Hurricane_09252007.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_HurricaneCommandCenter.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_HurricaneCommandCenterWithFlag.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_NST_3-22-07.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96_VZW.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96DisneyQuestforGold.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96FarmersAlmanacOutlookTile.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96HurricaneNameVideo_Plus_Mobile.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96HurricaneVideo.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96LiveTrafficCameras.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96Mobile2_0507.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96New_Disney_2.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96PlusMobile.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96PlusNVerizon.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96Professional.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96SponsorTileMobileVideo.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96TP-MA-FF.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96Verizon.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96video.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\102x96video1_mobile2.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\4th_of_July_0707.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\4th_of_July_0707_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_blueyellow.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_blueyellow_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_Army_APPROVED.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_Army_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_delta_approved.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_delta_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_holidayinn_approved1.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_holidayinn_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_IceAgeAPPROVED.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_IceAgeMASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_sony_approved.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brand_sony_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brandwrap_cherryb_approved.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brandwrap_cherryb_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brandwrap_spring2.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_brandwrap_spring2_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Default_Fall_1007.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Default_Fall_1007_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Default_Spring_Mobile_BG_0506.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Default_Spring_Mobile_MASK_0506.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_generic_summerAPPROVED.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_generic_summerMASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic_Sun_0306_Final.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic_Sun_0306_Final.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic200_Spring_Mask_031908.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2006_Fall_091406.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2006_Fall_091406.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Fall_1107.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Mask_1107.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Spring_031908.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Summe_0807r.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Summer.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Summer_070507.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Summer_070507_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Summer_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Generic2007_Summer_Mask_0807.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_GenericPLUS_approved.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_GenericPLUS_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_GenericPLUS_Summer_082906.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_GenericPLUS_Summer_082906.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_nav_dark_square_0706.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_nav_light_round_0706.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_nav_light_square_0206.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_nav_light_square_0706.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Spring_Bubble_0507.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Spring_Bubble_Mask_0507.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Tornado_Spring_0607.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60_Tornado_Spring_0607_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\602.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-Ace_Hurricane.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-Ace_Hurricane.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-AceHardware_Leap.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-AceHardware_Leap.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-Applebees-050907_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-Applebees-050907_SHELL.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-Applebees-051107_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-Applebees-051107_SHELL.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-Economist0907.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-Economist0907.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-KraftHoneyBunches.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-KraftHoneyBunches.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-NationWideEST647.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales-NationWideEST647_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_Bank_of_America_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_Bank_of_America_shell.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_HVAC_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_HVAC2_shell.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_Lipton_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_Lipton_shell.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_MucinexChildren_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_MucinexChildren_shell.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_united_0707_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\60Sales_united_0707_SKIN.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Adderall_BRWP_Final.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Adderall_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Allstate.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Allstate_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Army_background.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Army_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\AveA-Walmart_0607_Hershey.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\AveA-Walmart_0607_Kingsford.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\AveA-Walmart_0607_Mask_Hershey.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\AveA-Walmart_0607_Mask_Kingsford.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Claritin.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Claritin_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Eucerin.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Eucerin_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Fall-VZWbubble_APPROVED.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Fall-VZWbubble_APPROVED_102407.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Fall-VZWbubble_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Fall-VZWbubble_MASK_102407.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Fall.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Fall_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Fox_Theatrical_approved.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Fox_Theatrical_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\GE_Eco.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\GE_Eco_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\LocalWeather.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\LocalWeather_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Memorial_Generic_07.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Memorial_Generic_07_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\nav_07182007.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\nav_Generic2005_032907.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\nav_Generic2006.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\nav_Generic2006_0706.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\New_Spring_Bubble_052007.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\New_Spring_Bubble_052007_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\NghtAtTheMus_back.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\NghtAtTheMus_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Orkin_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Orkin_Replacement.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Sanyo_APPROVED.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Sanyo_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Sears_Generic.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Sears_Generic_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Sears_Mobile.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Sears_Mobile_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\SharpSolar.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\SharpSolar_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\SponsorTile42.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Spring_2007.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Spring_2007_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Summer_Hurricane_Bubble_071707.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Summer_Hurricane_Bubble_071707_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Tamiflu.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Tamiflu_mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\topnav_Business.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\topnav_Generic2005.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\topnav_Generic2005_121505.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\topnav_Generic2007.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\topnav_square.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\topnav_square_121505.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Tylenol_APPROVED12.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Tylenol_MASK12.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\USPS.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\USPS_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Verizon_Bubble_0208.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Verizon_Bubble_0208_MASK.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Visa_Mask_revised.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Visa_revised.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\WeatherAlert.jpg
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\WeatherAlert_Mask.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Winter_BUBBLE2.bmp
C:\Documents and Settings\Jennifer Stoelk\Application Data\WeatherBug\Winter_BUBBLE2.jpg
C:\temp\kvebs14
C:\temp\kvebs14\zvKarru.log
C:\temp\zvebs14
C:\WINDOWS\BM2b410577.xml
C:\WINDOWS\SmVubmlmZXI
C:\WINDOWS\SmVubmlmZXI\mApRvA5AtrK.vbs
C:\WINDOWS\system32\{17bf3f3f-e850-c0d7-50d3-72aee838ea22}.dll-uninst.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\g78.exe
C:\WINDOWS\system32\pnVes05
C:\WINDOWS\system32\pnVes05\PNVES051080.0XE
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wTMP

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-30 19:16 . 2008-04-30 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-04-29 19:29 . 2008-04-29 19:29 <DIR> d--hs---- C:\found.000
2008-04-28 21:42 . 2008-04-28 21:42 <DIR> d-------- C:\fsaua.data
2008-04-28 18:52 . 2008-04-29 22:16 <DIR> d-------- C:\Program Files\Panda Security
2008-04-28 00:30 . 2008-04-28 00:30 <DIR> d-------- C:\Deckard
2008-04-27 23:15 . 2008-04-27 23:48 <DIR> d--hs---- C:\Documents and Settings\Garry\!
2008-04-04 17:29 . 2008-04-04 17:37 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-01 11:41 . 2008-04-01 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-01 11:40 . 2008-04-01 11:41 <DIR> d-------- C:\Program Files\Dell Support Center
2008-04-01 11:40 . 2008-04-01 11:40 <DIR> d-------- C:\Program Files\Common Files\supportsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 03:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-30 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 05:44 --------- d-----w C:\Documents and Settings\Garry\Application Data\LimeWire
2008-04-28 04:20 --------- d-----w C:\Program Files\LimeWire
2008-04-04 22:37 --------- d-----w C:\Program Files\Google
2008-04-01 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-31 04:19 --------- d-----w C:\Documents and Settings\Jennifer Stoelk\Application Data\LimeWire
2008-03-30 21:44 --------- d-----w C:\Documents and Settings\Eleanor & Audrey\Application Data\LimeWire
2008-03-28 03:09 --------- d-----w C:\Documents and Settings\Garry\Application Data\.BitTornado
2008-03-18 02:08 --------- d-----w C:\Program Files\TechSmith
2008-03-18 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-18 02:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 23:41 --------- d-----w C:\Program Files\iTunes
2008-03-12 23:41 --------- d-----w C:\Program Files\iPod
2008-03-12 23:40 --------- d-----w C:\Program Files\QuickTime
2006-11-05 00:51 56 --sh--r C:\WINDOWS\system32\3AAC41B9EA.sys
2006-11-05 00:51 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-29_19.42.49.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-30 00:30:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 00:18:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-12-02 03:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 09:19 20480]
"SpyHunter"="" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-21 09:29 26112]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 07:45:28 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\Wireless\\lxdjwpss.exe"=
"C:\\WINDOWS\\system32\\lxdjcoms.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\App4r.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-06-11 12:17]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 19:25:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-30 19:32:51
ComboFix-quarantined-files.txt 2008-05-01 00:32:49
ComboFix2.txt 2008-04-30 00:43:11

Pre-Run: 14,867,320,832 bytes free
Post-Run: 14,882,684,928 bytes free

334

Search Navipromo version 3.5.5 began on Wed 04/30/2008 at 19:35:14.10

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "Garry"

Updated on 29.04.2008 at 20h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 6.0.2900.2180
Filesystem type : NTFS

Done in normal mode


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Program Files" ***


*** Search folders in "c:\docume~1\alluse~1\applic~1" ***


*** Search folders in "c:\docume~1\alluse~1\startm~1\programs" ***


*** Search folders in "C:\Documents and Settings\Garry\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\ELEANO~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\JENNIF~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\Owner\applic~1" ***


*** Search folders in "C:\Documents and Settings\Garry\locals~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\ELEANO~1\locals~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\JENNIF~1\locals~1\applic~1" ***


*** Search folders in "C:\Documents and Settings\Garry\startm~1\programs" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***


*** Search folders in "C:\DOCUME~1\ELEANO~1\startm~1\programs" ***


*** Search folders in "C:\DOCUME~1\JENNIF~1\startm~1\programs" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found


*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Garry\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\ELEANO~1\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\JENNIF~1\locals~1\applic~1" *



*** Search files ***



*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Garry\locals~1\applic~1" :


* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* In "C:\DOCUME~1\ELEANO~1\locals~1\applic~1" :


* In "C:\DOCUME~1\JENNIF~1\locals~1\applic~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on Wed 04/30/2008 at 19:54:26.15 ***
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:19 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)

--
End of file - 8779 bytes

#7 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:42 PM

Posted 02 May 2008 - 04:19 AM

Hello,

Posted Image I still cant see an AntiVirus running on your computer! Posted Image

This is somewhat suicidal in today's digital world. If you have disabled your antivirus software, please re-enable it or you need to install an antivirus program as soon as you can and run a complete scan of the computer.
Please download and install one of these good (and free) products:

Avira Antivir
BitDefender
AVG


Install just one of these products and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

Note: I do not recommend that you have more than one anti virus product installed and running on your computer at a time.
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be prompted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along whit a new HijackThis log. Also let me know how i your computer its running.

Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#8 cheapsuits

cheapsuits
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 02 May 2008 - 05:34 AM

I appreciate your help. Thank you.
I will get back to you after I do the steps you asked.
About the antivirus program. I did/do have it installed. I used AVG but I might have to switch. I am having problems disabling it when I need to. It doesn't appear I can disable all of it.It was causing conflicts with some of the scanners I was running so I literally removed then readded it.
It is finding a virus however still: it says Win32/Heur and BackDoor.VB.BOK in c:\System Volume Information\_restore.
I will perform the steps you asked be back soon
thankyou again

#9 cheapsuits

cheapsuits
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 02 May 2008 - 08:23 PM

Following is Kapersky Scan and HJT scan.
Thank you very much:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 02, 2008 8:20:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/05/2008
Kaspersky Anti-Virus database records: 735539
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 123864
Number of viruses found: 16
Number of infected objects: 44
Number of suspicious objects: 0
Duration of the scan process: 01:51:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-39ffe08a/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-39ffe08a ZIP: infected - 1 skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\6.0\35\7ADB71E3-7DBBD3AA.0 Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-6b215de8/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-6b215de8 ZIP: infected - 1 skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-42ed57a9-37ad9391.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20018-3dfc7a22.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20018-3dfc7a22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516dc14a-1fb80faf.zip/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Eleanor & Audrey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516dc14a-1fb80faf.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Garry\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Garry\Desktop\Navilog1.exe/file10 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Garry\Desktop\Navilog1.exe Inno: infected - 1 skipped
C:\Documents and Settings\Garry\Local Settings\Application Data\Identities\{244D805A-6EF7-498A-B6A6-E9B3155AEE5C}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Garry\Local Settings\Application Data\Identities\{244D805A-6EF7-498A-B6A6-E9B3155AEE5C}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Garry\Local Settings\Application Data\Identities\{244D805A-6EF7-498A-B6A6-E9B3155AEE5C}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Garry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Garry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Garry\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Garry\Local Settings\History\History.IE5\MSHist012008050220080503\index.dat Object is locked skipped
C:\Documents and Settings\Garry\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Garry\My Documents\LimeWire\Saved\Dexter - S02E09.avi Infected: Trojan-Downloader.WMA.GetCodec.a skipped
C:\Documents and Settings\Garry\ntuser.dat Object is locked skipped
C:\Documents and Settings\Garry\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\b1\CBWA3UI.0XE.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir Infected: Rootkit.Win32.Agent.ey skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pnVes05\PNVES051080.0XE.vir Infected: Trojan-Downloader.Win32.VB.ebf skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024193.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024196.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024197.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024198.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024199.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024200.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024201.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024202.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024203.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024204.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0024217.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025247.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025248.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025249.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025250.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025251.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025251.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025251.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025252.exe Infected: Trojan-Downloader.Win32.VB.ebf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209\A0025253.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0026406.exe/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0026406.exe/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0026406.exe/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0026406.exe Inno: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0026411.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0026412.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0026413.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP219\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:40 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)

--
End of file - 9099 bytes

#10 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:42 PM

Posted 03 May 2008 - 04:05 AM

Hello,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Posted Image
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Read the TonyKlein's good advice: So how did I get infected in the first place?

  • Also visit the Secunia Software Inspector

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
Glad i was able to help and please let me know if you still need assistence.Posted Image
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#11 cheapsuits

cheapsuits
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 04 May 2008 - 02:45 AM

You are a miracle worker! THANK YOU! THANK YOU THANK YOU !!!! Learned some valuable lessons that's for sure. I have updated my antivirus software and WindowsXp amongst others. Do you accept gratuities?

#12 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:42 AM

Posted 05 May 2008 - 07:46 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users