Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win32/Heur Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Win32/Heur Virus

Unread postby Jack » May 9th, 2008, 2:06 pm

After installing AVG 8, it has found a virus Win32/Heur at a location C:\System Volume Information\_restore{A99C4B41-4737-4164-B5B9-394B33FC1A8B}\RP1712\A0247432.EXE

I have got access to this by opening in safe mode but cannot delete this file in safe or normal mode. Can you suggest a way of deleting this file.

Log file as below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:29, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MIMER82 NT\TCPSRV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MIMER82 NT\MIMSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\MXOaldr.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb7.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C0D5D8B0-D626-4C77-8ED4-CFE4C41BCDA1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {5BDDFD2D-49C7-4FE3-94DD-5077CA9EC361} (PCName Control) - http://81.144.190.74/vps2.5/header/pcname.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0581005656
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/install ... nstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3579573078
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37380.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/ins ... utions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MIMER Named Pipes - Mimer Information Technology AB - C:\Program Files\MIMER82 NT\NAPSRV.exe
O23 - Service: MIMER TCP - Mimer Information Technology AB - C:\Program Files\MIMER82 NT\TCPSRV.exe
O23 - Service: MIMER-WinShark - Mimer Information Technology AB - C:\Program Files\MIMER82 NT\MIMSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

Many thanks in advance

Jack

--
Jack
Regular Member
 
Posts: 34
Joined: December 27th, 2007, 2:34 pm
Advertisement
Register to Remove

Re: Win32/Heur Virus

Unread postby Shaba » May 10th, 2008, 5:12 am

Hi Jack

That file is in system restore.

We will empty that later.

First let's do an online scan:

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)
    Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)
    Image
  • Now click on the Save as Text button
  • Savethe file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only! Keep ALL other programs closed during the scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Win32/Heur Virus

Unread postby Jack » May 10th, 2008, 12:15 pm

Shaba.

Thanks for your swift reply.

HJT Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:48, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MIMER82 NT\TCPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MIMER82 NT\MIMSRV.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\MXOaldr.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb7.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C0D5D8B0-D626-4C77-8ED4-CFE4C41BCDA1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {5BDDFD2D-49C7-4FE3-94DD-5077CA9EC361} (PCName Control) - http://81.144.190.74/vps2.5/header/pcname.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0581005656
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/install ... nstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3579573078
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37380.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/ins ... utions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MIMER Named Pipes - Mimer Information Technology AB - C:\Program Files\MIMER82 NT\NAPSRV.exe
O23 - Service: MIMER TCP - Mimer Information Technology AB - C:\Program Files\MIMER82 NT\TCPSRV.exe
O23 - Service: MIMER-WinShark - Mimer Information Technology AB - C:\Program Files\MIMER82 NT\MIMSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

--
End of file - 14241 bytes

Kaspersky Report.

KASPERSKY ONLINE SCANNER REPORT
Saturday, May 10, 2008 4:58:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/05/2008
Kaspersky Anti-Virus database records: 752929
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 138347
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:37:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12072006-093732.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\msn224.fdr Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5A5F.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFE9D9.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CKL\WinShark\Data\LOGDB.DBF Object is locked skipped
C:\Program Files\CKL\WinShark\Data\SQLDB.DBF Object is locked skipped
C:\Program Files\CKL\WinShark\Data\sysdb82.dbf Object is locked skipped
C:\Program Files\CKL\WinShark\Data\TRANSDB.DBF Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\market.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\themedef.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\ui.mar Object is locked skipped
C:\System Volume Information\_restore{A99C4B41-4737-4164-B5B9-394B33FC1A8B}\RP1713\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hlktmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{A99C4B41-4737-4164-B5B9-394B33FC1A8B}\RP1713\change.log Object is locked skipped

Scan process completed.

Just a question here...........have others found AVG 8 is "finding" stuff that others don't. I installed AVG 8 yesterday as they were saying there would be no updates after the end of the month for AVG 7. Because it has to remove AVG 7 before it will install AVG 8 it also removed its own Root Kit scanner which, although was no longer a stand alone prog, was very usefull as another way of checking for rootkits. Are there any good rootkit progs available?

Thank you again for your help.

Regards

Jack.
Jack
Regular Member
 
Posts: 34
Joined: December 27th, 2007, 2:34 pm

Re: Win32/Heur Virus

Unread postby Shaba » May 10th, 2008, 12:24 pm

Hi

"Just a question here...........have others found AVG 8 is "finding" stuff that others don't. I installed AVG 8 yesterday as they were saying there would be no updates after the end of the month for AVG 7. Because it has to remove AVG 7 before it will install AVG 8 it also removed its own Root Kit scanner which, although was no longer a stand alone prog, was very usefull as another way of checking for rootkits. Are there any good rootkit progs available?"

If you mean with that it finds sometimes false positives, then yes. That has increased with version 8.

GMER is good rootkit scanner but it can list also legit items.

Any other issues left?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Win32/Heur Virus

Unread postby Jack » May 10th, 2008, 1:51 pm

Hi.

I only asked the question because AVG 8 gave me 190 warning files, and when I scanned today it found 30. It does not find the Win32/Heur but i'm not convinced one way or the other. I saw the Kaspersky scan looked ok but how about the HJT.

Regards Jack
Jack
Regular Member
 
Posts: 34
Joined: December 27th, 2007, 2:34 pm

Re: Win32/Heur Virus

Unread postby Shaba » May 10th, 2008, 2:03 pm

Hi

"I only asked the question because AVG 8 gave me 190 warning files, and when I scanned today it found 30."

Those are likely all false positives. I know that AVG 8 can find those up too 500. You can post AVG scan report if unsure.

HJT log is fine.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Win32/Heur Virus

Unread postby Jack » May 10th, 2008, 3:19 pm

Hi.

Thanks for your reply

AVG picked this up (I think A Squared got it as well)

Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Virus found Win32/Heur";"C:\System Volume Information\_restore{A99C4B41-4737-4164-B5B9-394B33FC1A8B}\RP1712\A0247432.EXE";"Moved to Virus Vault";"09/05/2008, 15:53:48";"file";"C:\Program Files\a-squared Free\a2service.exe"


The warning files were
"Scan ""Scan whole computer"" was finished."
"Infections found:";"1"
"Infected objects removed or healed";"1"
"Not removed or healed.";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"0"
"Information count:";"0"
"Scan started:";"09 May 2008, 08:56:10"
"Total object scanned:";"849389"
"Time needed:";"1 hour(s) 35 minute(s) 28 second(s) "
"Errors encountered:";"0"

"Infections"
"File";"Infection";"Result"
"C:\Program Files\321Studios\CD X Rescue\CDXRescue.EXE";"Virus found Win32/Heur";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"HKLM\SOFTWARE\Classes\CLSID\{C7310572-AC80-11D1-8DF3-00C04FB6EF4F}\InprocServer32\\";"Found Adware.RogueSuspect";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000001-C003-4A2F-9142-7CB1D78DE6C1}";"Found Adware.InternetOptimizer";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000049-8F91-4D9C-9573-F016E7626484}";"Found Adware.Isearch";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00110011-4B0B-44D5-9718-90C88817369B}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{002AF282-E42D-4B51-9F70-F1570C02FAAD}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00C9C6A4-1889-46BC-B73A-F4DDCC042735}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}";"Found Downloader.ConHook.l";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01E69986-A054-4C52-ABE8-EF63DF1C5211}";"Found Adware.CramToolbar";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01EB5130-FC0C-4d75-B9CE-4801B1B854F5}";"Found Adware.Begin2Search";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{037CE595-57CB-4EB5-9775-97BC112F3BB3}";"Found Trojan.Bomka";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06EECACB-F7C6-4ab9-B6AE-2DC4ED4588BB}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{086AE192-23A6-48D6-96EC-715F53797E85}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{08A312BB-5409-49FC-9347-54BB7D069AC6}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0A51FD8D-6835-4212-B796-AFC24F4D108A}";"Found Adware.CreatrixMedia";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D4C7057-EAD2-44C6-AD18-9092905F28F1}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}";"Found Adware.RogueSuspect";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11111111-2222-3333-4444-555555555555}";"Found Adware.Casino";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11904CE8-632A-4856-A7CC-00B33FE71BD8}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6}";"Found Adware.Shorty";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13146842-6251-5625-3072-548536364311}";"Found Logger.Goldun.an";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13589181-4F0D-4553-B9F8-B4B72172C139}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{150FA160-130D-451F-B863-B655061432BA}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{16DF666F-BA95-4F41-B396-1381C2BA66F4}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{18F57D30-EF36-4C0E-9343-7BFA6DF79B4A}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C4DA27D-4D52-4465-A089-98E01BB725CA}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482e-80C0-3A1E5238A565}";"Found Adware.Isearch";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CA480CD-C0E5-4548-874E-B85B17905B3A}";"Found Trojan.Zlob.f";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E6CE4CD-161B-4847-B8BF-E2EF72299D69}";"Found Logger.Sters";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{20929603-21DB-477C-BA6F-0B8E70B3C8A0}";"Found Adware.CramToolbar";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}";"Found Adware.Begin2search";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2305D8B7-B649-4C65-BA03-4C8B05213E1A}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2353FCBC-012D-487B-8BF3-865C0929FBEB}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2513A321-CB50-4C5F-91C5-80342AFACFB1}";"Found Adware.TitanShieldAntispyware";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{25E1A054-1262-459F-9F14-BF06148F4253}";"Found Trojan.Bomka";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{28DFFB3C-A6C2-481B-B8D7-AD205DECBA6E}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A7372BA-656A-409A-B76D-F2B2B2DC6B1F}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D38A51A-23C9-48a1-A33C-48675AA2B494}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E246FAE-8420-11D9-870D-000C2917DE7F}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3050F4D8-6D62-11CE-AF61-013309406392}";"Found Trojan.BindFil.g";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3050F4D8-6D62-11CE-AF61-E13309406392}";"Found Trojan.ZMark.a";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31615D5C-5126-448A-818A-A7CDFEE85A9B}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{325338F0-AED0-45f6-A0DA-B5B09E6A07ED}";"Found Adware.SavingsHound";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{364B6276-C6C1-40B6-A6D7-6C48871FD707}";"Found Adware.Accoona";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{366B2151-E1C7-44a3-86A3-E5686C2A3D2F}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39C78B50-7E98-4aa0-B007-D83114EA6E0F}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39D3264A-0031-49DB-860D-37647ACCB78A}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39F25B12-74FF-4079-A51F-1D70F5B08B84}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}";"Found Adware.RogueSuspect";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3BF1F86F-B1A8-489B-8D8B-43781D51411F}";"Found Hijacker.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}";"Found Adware.TitanShieldAntispyware";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3D782BB3-F2A5-11D3-BF4C-000000000000}";"Found Adware.ActivShopper";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4136C3F6-7636-49bf-A122-D4DA53B1ADDF}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4145B998-6511-46de-A873-FD1DBD053164}";"Found Adware.SurfComp";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41ED67C9-2734-4094-AD92-32F9EFEB5CC7}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{426F81A5-0B8C-4948-8115-11606FD3F389}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{429E4B60-3CEC-43C3-A53B-501C25F7F5FD}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}";"Found Trojan.Small.anm";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4734044C-7427-43D8-ADBE-DF942E52BEF2}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}";"Found Adware.NewDotNet";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A85F02A-CCD3-4E96-9BB1-7ACE7D0B9C23}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AA870AC-8427-42a4-B92E-ECD956197489}";"Found Adware.BetterInternet";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}";"Found Adware.NewDotNet";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C1F2-F063A09BB32A}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-DEFF-ED65A486AA28}";"Found Adware.UpSpiralBar";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5054F860-748D-4840-B7B4-DDDB428421AF}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5240864B-FDFE-4563-3514-463926792311}";"Found Logger.Goldun.ac";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{52B1DFC7-AAFC-4362-B103-868B0683C697}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5345A7A9-805A-4923-B505-86B2FEBA3FE0}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{56262124-6251-5625-3072-548536364311}";"Found Logger.Goldun.aa";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5753791B-F607-48CA-814E-91C14D081F9E}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84}";"Found Downloader.Agent.rs";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5FCA4D4F-CBDD-4263-3814-463926792311}";"Found Logger.Goldun.ae";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{61468245-A343-CF27-3452-44DF4679BDF1}";"Found Trojan.Goldun.v";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{62457936-6381-6170-3572-468926792311}";"Found Logger.Goldun.ed";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65194BCE-CBDD-4263-3814-463926792311}";"Found Logger.Goldun.h";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{659E147E-BD03-4605-988C-AA6D7EA497CA}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65E9801C-0472-47F9-85A0-8442D47A82B0}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6B035665-6C0D-4388-AD11-B28314DCA59B}";"Found Adware.EZ-Tracks";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DA975EA-CBB4-411B-97C0-DB0A892BF2C1}";"Found Trojan.Agent.dq";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782373}";"Found Trojan.Wayphisher";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782375}";"Found Trojan.Wayphisher";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782378}";"Found Trojan.Wayphisher";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E2CE423-B3F7-4DCC-ACF3-8671CC20BFCF}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6EEB621D-02F7-4EE6-B889-C6218BFCFEA8}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6F3F8C08-2506-4CD0-B1A9-E4A83383CBBB}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6F71C05E-6C91-4A3A-9146-9C19DA2E4CCE}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{724510C3-F3C8-4FB7-879A-D99F29008A2F}";"Found Hijacker.SpyAxe";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{736b5468-bdad-41be-92d0-22ae2ddf7bcb}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{74CC49F7-EB32-4A08-B204-948962A6E3DB}";"Found Adware.RogueSuspect";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7507739F-BC2E-4DC3-B233-816783C25DC9}";"Found Downloader.Delf";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7697DB96-5DA3-44F2-BC97-AD35E5F4CEDC}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}";"Found Adware.SearchMaid";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{780916B6-00F4-484C-8AF7-A69CEAE0736B}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78653A3E-A63F-42A9-A6FE-7524F4058767}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A002FB-C126-462D-B4A7-81D6B42D1666}";"Found Adware.DirectIP";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3}";"Found Trojan.Kolweb.b";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7BF451AC-2010-4804-B256-DB2F0A8D9EB6}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7E093FD0-5372-4FD5-9C7B-875668B4CDB2}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FC91C90-8256-4868-B4B1-DACDDC9A4546}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FD44536-9DF0-4034-939F-5BD4D98E3187}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{804DB5C7-31E6-4885-850A-F1941B58A4C7}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{80D484FE-0AA1-4D80-9FF2-5B196084E051}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{811ABD55-9D94-4892-AB46-11D7DA29B8AE}";"Found Downloader.Small.ain";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{826B2228-BC09-49F2-B5F8-42CE26B1B712}";"Found Downloader.Delf";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{827DC836-DD9F-4A68-A602-5812EB50A834}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8333C319-0669-4893-A418-F56D9249FCA6}";"Found Adware.TitanShieldAntispyware";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83A5F7B7-DC75-44CE-9195-264F41709FA9}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{84695FD5-A8A8-11D8-978E-005022E14DE2}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85597C9D-3994-4B7F-8CE3-515E632297A1}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{86059629-45EE-4AA6-A994-672B68AC8B44}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87185E78-A61B-4DB3-965A-3235BBD7A622}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{873EB32D-AE1A-4183-89BD-45A77F761BE4}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88C9975E-3995-4C53-BB17-B893F278049A}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88CC91DE-5930-45AD-9E04-6B1233609FEA}";"Found Adware.Appoli";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88DE3E1B-3D01-4032-9BAE-FD1994A3D7B8}";"Found Adware.RogueSuspect";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B309141-83A9-4C92-BCBE-2ADA24058DF0}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DBF02DA-4360-4A7E-BEA1-347B87816327}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8E13DDE1-E013-47ec-9C4C-27C2F78BDD26}";"Found Trojan.Conhook.c";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9068A414-3AF9-4F79-AF1C-E6EA415BAF52}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9148C6A5-5F1A-41EC-B3C2-883FA9F2CBAC}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{96b01a48-1317-4a87-91f7-10116f755705}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98A7C97A-4FFF-4F6E-A313-D21BC759DD99}";"Found Adware.SearchIT";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12}";"Found Adware.Begin2Search";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}";"Found Adware.TitanShieldAntispyware";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E69A5DE-24D3-4D3B-8117-5B60439EBFC2}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9f2c17ac-9aa4-4c3a-82c7-ea7bcf00f03d}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{a19ef336-01d4-48e6-926a-fe7e1c747aed}";"Found Adware.MWSearch";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9}";"Found Adware.CommanderNET";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A5845A98-EBDA-4670-9DE6-5201C506E741}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D}";"Found Trojan.KillAV.e";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A708A39C-8DA7-4e36-B3B0-0A1FFAFD4BCD}";"Found Trojan.KillAV.e";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A717DBE3-D78D-4aa7-BDCF-2CC06B36371B}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8FB8EB3-183B-4598-924D-86F0E5E37085}";"Found Adware.WhyPPC";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AC3AEF75-0A6B-4AB8-82B5-2C9BA8396644}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AC9382D7-F0ED-4350-B7A7-4A383A1A93B0}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD42064F-2C53-CB42-1263-6A7F24C2B819}";"Found Adware.RogueSuspect";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D}";"Found Adware.7000n";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF43C96A-216D-7D7A-AF61-0018C6061DD0}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF7FCAFB-9FDB-4F5E-BAC6-68BDEE61D6C6}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B313D637-F405-4052-AC37-E2119AB3C8F8}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B49DA3DF-E569-423d-BDEA-8F89128E8107}";"Found Trojan.Foron";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B53455DB-5527-4041-AC41-F86E6947AA47}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B72549CE-5644-4116-B8A4-A2B042321EC4}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8B55274-0F9A-41E5-9067-A3539BD9E860}";"Found Trojan.Agent.dj";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}";"Found Adware.Able2know";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BEF178EB-79D6-4BFA-8213-6FB8EA4769C8}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1FE7C8F-043A-4FAC-AB62-2CC56F7482B1}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C370527A-24A7-4583-BE01-72E59000EB17}";"Found Adware.AFAEnhance";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C3A64E2B-748B-4CA4-B20C-8C2817E12A6F}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C75A33FE-50C7-4F0F-81B0-6EB2272022CB}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c89bb48c-15d9-4f4f-803e-95d90f62be62}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C95FE080-8F5D-11D2-A20B-00AA003C157A}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CBE0D59D-F985-4AC6-8826-FEE957065D42}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE70731D-F28D-4D81-9D61-C8EE60378401}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-0BED-709549C10020}";"Found Hijacker.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10000}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-717765721306}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D1AC752E-883F-4ED8-8828-B618C3A72152}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D4D5C535-BA95-4327-870D-A33826FDD17A}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5EFDB0E-4F51-414F-B740-54A5C87A8957}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D9E5F993-FAEC-45B1-84F4-78A5BF27ED89}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4}";"Found Adware.MWSearch";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DDDC947A-43F1-446A-A257-632F3ABDC212}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DE23A040-D6AA-43ca-9B86-D9BE3DAA6FE7}";"Found Trojan.KillAV.F";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E14DCE67-8FB7-4721-8149-179BAA4D792C}";"Found Trojan.Ciadoor.m";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E694E3DC-723F-40C7-87FE-6FFC222AD122}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E730189A-9973-4121-B046-AD1C161EC3AF}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}";"Found Hijacker.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA0D26BD-9029-431A-86E0-83152D67828A}";"Found Adware.180Solutions";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA806E03-A6B1-205A-117C-013309406392}";"Found Trojan.Singu.s";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EB1CE8AA-7F27-45D3-BA59-37AFBFB4437F}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC83B900-B33A-D316-EF7D-013309406392}";"Found Trojan.Stoped.b";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}";"Found Adware.SpyAxe";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EE02B99B-1D55-48bc-B8DB-649A42CE45F6}";"Found Adware.CreatrixMedia";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F007E221-018D-4baf-924A-B0E9092F3853}";"Found Adware.CreatrixMedia";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F43BD772-ABDD-43B7-A96A-3E9E61946EC0}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F5BDC469-1EC5-4193-824B-2E209993D183}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F74B358E-6979-40a9-96CD-636C80B87AFF}";"Found Trojan.BankAsh.g";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F7D40011-29BB-43EB-9C97-875CE89E9E36}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA1A6CC3-BE63-4f7c-A455-417D35A67DA6}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBD49452-69E0-4837-91FA-9227A6DD1A83}";"Found Adware.Vundo";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FD9BC004-8331-4457-B830-4759FF704C22}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FDC47F1A-61E1-4AC5-89CA-6B95644953AE}";"Found Adware.Virtumonde";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9}";"Found Adware.SecureServicePack";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880}";"Found Adware.Generic";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFD2825E-0785-40C5-9A41-518F53A8261F}";"Found Adware.TitanShieldAntispyware";"Moved to Virus Vault"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}";"Found Adware.Generic";"Moved to Virus Vault"


There seemed to be some nasty sounding stuff there.....................nothing else picks these up.

Any thoughts on these..........how do you sort out F/P's from the real thing.

Thanks again

Regards Jack
Jack
Regular Member
 
Posts: 34
Joined: December 27th, 2007, 2:34 pm

Re: Win32/Heur Virus

Unread postby Shaba » May 11th, 2008, 4:54 am

Hi

This is false positive, program is legit:

"Infections"
"File";"Infection";"Result"
"C:\Program Files\321Studios\CD X Rescue\CDXRescue.EXE";"Virus found Win32/Heur";"Moved to Virus Vault"

These are tracking cookies and nothing dangerous:

"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"

As for all things in HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\, I have all those entries as well :roll: And I guess that pretty much every user has them, too.

So I think that pretty much covers false positive thing.

Any other concerns?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Win32/Heur Virus

Unread postby Jack » May 11th, 2008, 7:37 am

Shaba.

Thanks for that.

The CD X Rescue is a prog thats been installed for about 4 years and I've probably used it once, so i've deleted it to save further instances like this.

Just one question.........I got access to System Volume Information. Should I go back to how it was and keep it hidden ?. Are things like this hidden in order to stop folks like me messing with it, or is there a security issue involved

I had a thought that the new AVG caused this problem but it is better to make sure. Perhaps it needs more testing in order to make both our lives easier.

Many thanks

Regards Jack
Jack
Regular Member
 
Posts: 34
Joined: December 27th, 2007, 2:34 pm

Re: Win32/Heur Virus

Unread postby Shaba » May 11th, 2008, 7:42 am

Hi

"Just one question.........I got access to System Volume Information. Should I go back to how it was and keep it hidden ?. Are things like this hidden in order to stop folks like me messing with it, or is there a security issue involved"

Yes, please keep it hidden. It is not meant that user directly access that folder. You can create restore points or revert back to one without direct access.

I give you soon instructions how to empty it in easy way.

"I had a thought that the new AVG caused this problem but it is better to make sure. Perhaps it needs more testing in order to make both our lives easier."

Yes, I agree.

Any other things left?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Win32/Heur Virus

Unread postby Jack » May 11th, 2008, 7:50 am

Shaba.

Everything seems Ok...........all regular scans come up clean. Spybot / Win Aso / Super Anti Spyware / Rogue Remover / Glary Utilities / Windows Defender / A squared etc (although they came up clean before)

So if the logs are clean, then what else do I need to do.

Regards Jack
Jack
Regular Member
 
Posts: 34
Joined: December 27th, 2007, 2:34 pm

Re: Win32/Heur Virus

Unread postby Shaba » May 11th, 2008, 8:02 am

Hi

See below for my tips.

You can fix these, they are leftovers:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {C0D5D8B0-D626-4C77-8ED4-CFE4C41BCDA1} - (no file)

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it saysThe Java SE Runtime Environment (JRE) allows end-users to run Java applications..
  • Click the Download button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Win32/Heur Virus

Unread postby Jack » May 11th, 2008, 11:03 am

Shaba.

Have been following your instructions, and have updated the Java, and removed old versions. Downloading Comodo and while it is scanning it has found Trojan.Win32.Patched.m

This is located at C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

Any reason why this should be here.?

Also what is the quickest way to turn off the Windows Firewall.

(Spyware Blaster and Win Patrol are already installed and up to date)

Regards Jack
Jack
Regular Member
 
Posts: 34
Joined: December 27th, 2007, 2:34 pm

Re: Win32/Heur Virus

Unread postby Shaba » May 11th, 2008, 11:10 am

Hi

"Have been following your instructions, and have updated the Java, and removed old versions. Downloading Comodo and while it is scanning it has found Trojan.Win32.Patched.m

This is located at C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

Any reason why this should be here.?"

It's a backup file for SP2 uninstallation. It is very likely a false positive.

You can do this:

Please click this link-->Jotti

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

Repeat steps for all files on the list.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

"Also what is the quickest way to turn off the Windows Firewall."

Control Panel - Windows Firewall - Off
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Win32/Heur Virus

Unread postby Shaba » May 17th, 2008, 4:29 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware