WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Spyware Guard 2008

3 posters

descriptionSpyware Guard 2008 EmptySpyware Guard 200812th December 2008, 2:04 pm

more_horiz
I have the Spyware Guard 2008. I tried to install the Malwarebytes' Anti-Malware which was recommended herehttp://www.geekpolice.net/malware-removal-guides-f12/how-to-remove-spyware-guard-2008-removal-guide-t3582.htm but the installler will not run.

Thank you in advance for any help.

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:04 AM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\XiMeta\NetDisk\LDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\XiMeta\NetDisk\Admin.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Hijack(GP)This.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thesac.athleticsite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: C:\WINDOWS\system32\jsdf8j3dgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsdf8j3dgf.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hquxevoyoxa] rundll32.exe "C:\WINDOWS\Qranirakipejoxir.dll",e
O4 - HKLM\..\Run: [Nhagebevaxiti] rundll32.exe "C:\WINDOWS\ugodonotudokawas.dll",e
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NetDisk Administrator.lnk = C:\Program Files\XiMeta\NetDisk\Admin.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Program Files\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Program Files\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174659137787
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O21 - SSODL: InternetConnection - {E721C615-66C0-42D6-984C-7A63C0E28BDD} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\hjjlhyjzug.dll
O21 - SSODL: ieModule - {C1821D17-873A-4400-A326-8BF9CE148D0A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O22 - SharedTaskScheduler: euphuize - {da75fab1-136e-4ead-834d-0e04fbd6edc1} - (no file)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsdf8j3dgf.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LanScsi Helper Service (LanScsiHelper) - XIMETA, Inc. - C:\Program Files\XiMeta\NetDisk\LDServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11213 bytes

descriptionSpyware Guard 2008 EmptyUninstall log12th December 2008, 2:08 pm

more_horiz
Here is the uninstall log:

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Creative Suite
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe PageMaker Plug-in Pack
Adobe Reader 8.1.1
Adobe Reader 8.1.2
Adobe SVG Viewer 3.0
Advanced Outlook Express Repair v1.5
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free Edition
Broadcom Gigabit Integrated Controller
CapTrue
CCleaner (remove only)
CDisplay 1.8
Compatibility Pack for the 2007 Office system
DVDx
eMule
Exact Audio Copy 0.99pb3
Express Burn
FLAC Installer 1.1.2a (remove only)
Gadwin Web Snapshot
Harry's Filters 3
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) 537EP V9x DF PCI Modem
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LogMeIn
LuraDocument PDF Compressor Desktop 4.2.0328
Magic Video Converter Trial Version (English) 8.0.2.18
Mail Recovery for Outlook Express
Malwarebytes' Anti-Malware
MediaMonkey 3.0
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6.0
mkw Audio Compression Toolkit
MonoCalendar 0.7.2
Movavi Video Converter 6
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
Nero PhotoShow Express
NetDisk 2.3.1
OE-Mail Recovery 1.7
Olympus DSS Player 2002
Outlook Express Backup V6.5
PC Inspector smart recovery
PDFCreator
Plugin Commander Light 1.60
Plugin Galaxy DEMO 1.50
PowerArchiver 2006 v9.51
QuickTime
RealPlayer
Repair Tool for Outlook Express v.1.6.4
Rhapsody Player Engine
Sansa Updater
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SnagIt 7
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Guard 2008
Stat Crew Software - Control Panel
Switch Uninstall
Symantec Technical Support Web Controls
TAS Golf
TasFonts
Ulead CD & DVD PictureShow 4
Ulead Photo Explorer 8.5
Ulead VideoStudio 8.0 SE Basic
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WavePad Uninstall
WD Backup
WD Diagnostics
WD Firewire HID Driver
Web Album Generator 1.8.2
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Xerox Support Centre
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 5:18 pm

more_horiz

  • Download combofix from here, use the top links - combofix.exe
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Spyware Guard 2008 Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes

    Spyware Guard 2008 Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Guard 2008 DXwU4
Spyware Guard 2008 VvYDg

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 5:36 pm

more_horiz
ComboFix 08-12-11.06 - Owner 2008-12-12 12:25:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.574 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll
c:\documents and settings\All Users\Application Data\svhost.exe
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\windows\Readme.txt
c:\windows\system32\TDSSwgqt.dat
c:\windows\system32\winscenter.exe
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.

2008-12-12 11:49 . 2008-12-12 11:49 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 03:02 . 2008-12-12 03:02 118 --a------ c:\windows\system32\MRT.INI
2008-12-12 03:00 . 2008-12-12 03:02 1,393 --a------ c:\windows\imsins.BAK
2008-12-11 15:30 . 2008-12-11 15:30 d-------- C:\Spyware Guard 2008
2008-12-10 12:30 . 2008-12-10 12:34 d-------- C:\Movavi files
2008-12-10 11:51 . 2008-12-10 11:51 d-------- c:\documents and settings\All Users\Application Data\Movavi Video Converter 6
2008-12-10 11:48 . 2008-10-07 00:16 d-------- c:\program files\Movavi Video Converter 6
2008-12-10 11:47 . 2008-12-10 11:47 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-10 11:47 . 2008-12-10 11:47 1,409 --a------ c:\windows\QTFont.for
2008-12-10 11:39 . 2008-12-10 11:39 141,312 --a------ c:\windows\ugodonotudokawas.dll
2008-12-10 11:28 . 2008-12-10 11:28 d-------- c:\program files\Magic Video Converter
2008-12-10 11:28 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2008-12-10 11:28 . 2003-03-19 11:03 544,768 --a------ c:\windows\system32\msvcr71d.dll
2008-12-10 11:28 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2008-12-10 11:27 . 2008-12-10 11:27 62,976 --a------ C:\hlmbqjx.exe
2008-12-10 11:27 . 2008-12-10 11:27 37,376 --a------ c:\windows\Qranirakipejoxir.dll
2008-12-10 11:27 . 2008-12-10 11:27 37,376 --a------ C:\mvasd.exe
2008-12-10 11:27 . 2008-12-10 11:27 2 --a------ C:\-800434012
2008-12-10 11:16 . 2008-12-10 11:16 d-------- c:\documents and settings\Owner\Application Data\AVS4YOU
2008-12-10 11:16 . 2008-12-10 11:16 d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-10 11:15 . 2008-12-10 11:26 d-------- c:\program files\Common Files\AVSMedia
2008-12-10 11:15 . 2008-12-10 11:26 d-------- c:\program files\AVS4YOU
2008-12-10 11:15 . 2007-02-27 18:36 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2008-12-10 11:15 . 2007-02-27 18:36 974,848 --a------ c:\windows\system32\mfc70.dll
2008-12-10 11:15 . 2007-02-27 18:36 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-12-10 11:15 . 2007-02-27 18:36 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-12-05 10:14 . 2008-12-05 10:14 d-------- c:\program files\Convar
2008-12-05 10:14 . 2003-07-18 13:58 516,784 -ra------ c:\windows\system32\XceedCry.dll
2008-12-05 10:14 . 2002-02-28 09:46 217,088 --a------ c:\windows\system32\DartSock.dll
2008-12-05 10:14 . 2002-02-21 10:12 118,784 --a------ c:\windows\system32\DartWeb.dll
2008-12-05 10:14 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-12-05 10:14 . 1998-06-13 22:53 44,544 --a------ c:\windows\system32\Gif89.dll
2008-12-05 10:14 . 2002-04-12 13:19 28,672 --a------ c:\windows\system32\DartWeb.oca
2008-11-13 12:04 . 2008-11-13 12:04 d-------- c:\documents and settings\All Users\Application Data\Ahead
2008-11-12 14:42 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:42 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 16:49 --------- d-----w c:\program files\Java
2008-12-12 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-12-12 14:15 --------- d-----w c:\program files\eMule
2008-12-12 08:08 --------- d-----w c:\program files\LogMeIn
2008-12-12 08:07 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-12-11 20:54 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-12-10 16:45 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2008-12-10 16:31 --------- d-----w c:\program files\Total Video Converter
2008-12-05 15:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 17:59 --------- d--h--w c:\documents and settings\Owner\Application Data\FVSTemp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-20 12:06 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-20 12:06 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-20 12:06 47,640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2008-10-20 12:06 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-20 12:06 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-20 12:06 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2008-10-16 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 20:16 --------- d-----w c:\program files\CVision
2008-10-15 20:01 --------- d-----w c:\program files\LuraTech
2008-10-15 19:50 --------- d-----w c:\documents and settings\Owner\Application Data\Nitro PDF
2008-10-15 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Nitro PDF
2008-10-13 22:19 --------- d-----w c:\program files\Applications
2008-10-13 22:13 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-13 22:13 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2008-10-13 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-13 22:09 --------- d-----w c:\program files\Common Files\Download Manager
2008-10-13 22:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-13 21:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-13 21:47 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-13 21:47 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-13 21:41 --------- d-----w c:\program files\Last.fm
2008-10-13 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Last.fm
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 18:33 227,664 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-07-24 14:44 66,360 ----a-w c:\documents and settings\Owner\g2ax_customer_downloadhelper_win32_x86.exe
2008-09-10 13:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 5:37 pm

more_horiz
Too big for one post, so here is the second part of the log



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-25 212992]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-14 185896]
"Hquxevoyoxa"="c:\windows\Qranirakipejoxir.dll" [2008-12-10 37376]
"Nhagebevaxiti"="c:\windows\ugodonotudokawas.dll" [2008-12-10 141312]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-06 c:\windows\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-27 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 738968]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-07-30 94208]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-10 24633]
NetDisk Administrator.lnk - c:\program files\XiMeta\NetDisk\Admin.exe [2004-01-14 131167]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-09-06 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-20 07:06 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"vidc.dvsd"= pdvcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 LanScsiHelper;LanScsi Helper Service;"c:\program files\XiMeta\NetDisk\LDServ.exe" [2004-01-14 94305]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2007-04-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-09-07 47640]
R2 lpx;LPX Protocol;c:\windows\system32\DRIVERS\lpx.sys [2004-01-14 108032]
R3 lanscsibus;LANSCSI Bus Driver for NetDisk;c:\windows\system32\DRIVERS\lanscsibus.sys [2004-01-14 30336]
S3 Tfssvdfacesm;Tfssvdfacesm; []
S3 Wdnsasiodd;Wdnsasiodd; []
S4 LMIRfsClientNP;LMIRfsClientNP; []
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://thesac.athleticsite.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

O16 -: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 12:28:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\SanDisk\Sansa Updater\SansaSvr.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-12 12:32:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-12 17:32:32

Pre-Run: 20,877,180,928 bytes free
Post-Run: 20,817,047,552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

241 --- E O F --- 2008-12-12 08:03:04

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 6:02 pm

more_horiz
Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\Qranirakipejoxir.dll
C:\hlmbqjx.exe
C:\mvasd.exe
c:\windows\ugodonotudokawas.dll

Folder::
C:\Spyware Guard 2008

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hquxevoyoxa"=-
"Nhagebevaxiti"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Spyware Guard 2008 Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Guard 2008 DXwU4
Spyware Guard 2008 VvYDg

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 6:18 pm

more_horiz
Here is the new log.
Quick question - I have Spybot-SD Resident and it keeps popping up about the registry changes. Are these good changes that Combo fix is making? I hit deny, just to be safe. Should I disable it?


ComboFix 08-12-11.06 - Owner 2008-12-12 13:06:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.546 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\hlmbqjx.exe
C:\mvasd.exe
c:\windows\Qranirakipejoxir.dll
c:\windows\ugodonotudokawas.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\hlmbqjx.exe
C:\mvasd.exe
C:\Spyware Guard 2008
c:\spyware guard 2008\Spyware Guard 2008.lnk
c:\spyware guard 2008\Uninstall.lnk
c:\windows\Qranirakipejoxir.dll
c:\windows\ugodonotudokawas.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.

2008-12-12 11:49 . 2008-12-12 11:49 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 03:02 . 2008-12-12 03:02 118 --a------ c:\windows\system32\MRT.INI
2008-12-12 03:00 . 2008-12-12 03:02 1,393 --a------ c:\windows\imsins.BAK
2008-12-10 12:30 . 2008-12-10 12:34 d-------- C:\Movavi files
2008-12-10 11:51 . 2008-12-10 11:51 d-------- c:\documents and settings\All Users\Application Data\Movavi Video Converter 6
2008-12-10 11:48 . 2008-10-07 00:16 d-------- c:\program files\Movavi Video Converter 6
2008-12-10 11:47 . 2008-12-10 11:47 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-10 11:47 . 2008-12-10 11:47 1,409 --a------ c:\windows\QTFont.for
2008-12-10 11:28 . 2008-12-10 11:28 d-------- c:\program files\Magic Video Converter
2008-12-10 11:28 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2008-12-10 11:28 . 2003-03-19 11:03 544,768 --a------ c:\windows\system32\msvcr71d.dll
2008-12-10 11:28 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2008-12-10 11:27 . 2008-12-10 11:27 2 --a------ C:\-800434012
2008-12-10 11:16 . 2008-12-10 11:16 d-------- c:\documents and settings\Owner\Application Data\AVS4YOU
2008-12-10 11:16 . 2008-12-10 11:16 d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-10 11:15 . 2008-12-10 11:26 d-------- c:\program files\Common Files\AVSMedia
2008-12-10 11:15 . 2008-12-10 11:26 d-------- c:\program files\AVS4YOU
2008-12-10 11:15 . 2007-02-27 18:36 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2008-12-10 11:15 . 2007-02-27 18:36 974,848 --a------ c:\windows\system32\mfc70.dll
2008-12-10 11:15 . 2007-02-27 18:36 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-12-10 11:15 . 2007-02-27 18:36 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-12-05 10:14 . 2008-12-05 10:14 d-------- c:\program files\Convar
2008-12-05 10:14 . 2003-07-18 13:58 516,784 -ra------ c:\windows\system32\XceedCry.dll
2008-12-05 10:14 . 2002-02-28 09:46 217,088 --a------ c:\windows\system32\DartSock.dll
2008-12-05 10:14 . 2002-02-21 10:12 118,784 --a------ c:\windows\system32\DartWeb.dll
2008-12-05 10:14 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-12-05 10:14 . 1998-06-13 22:53 44,544 --a------ c:\windows\system32\Gif89.dll
2008-12-05 10:14 . 2002-04-12 13:19 28,672 --a------ c:\windows\system32\DartWeb.oca
2008-11-13 12:04 . 2008-11-13 12:04 d-------- c:\documents and settings\All Users\Application Data\Ahead
2008-11-12 14:42 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:42 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 16:49 --------- d-----w c:\program files\Java
2008-12-12 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-12-12 14:15 --------- d-----w c:\program files\eMule
2008-12-12 08:08 --------- d-----w c:\program files\LogMeIn
2008-12-12 08:07 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-12-11 20:54 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-12-10 16:45 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2008-12-10 16:31 --------- d-----w c:\program files\Total Video Converter
2008-12-05 15:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 17:59 --------- d--h--w c:\documents and settings\Owner\Application Data\FVSTemp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 12:06 47,640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2008-10-16 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 20:16 --------- d-----w c:\program files\CVision
2008-10-15 20:01 --------- d-----w c:\program files\LuraTech
2008-10-15 19:50 --------- d-----w c:\documents and settings\Owner\Application Data\Nitro PDF
2008-10-15 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Nitro PDF
2008-10-13 22:19 --------- d-----w c:\program files\Applications
2008-10-13 22:13 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-13 22:13 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2008-10-13 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-13 22:09 --------- d-----w c:\program files\Common Files\Download Manager
2008-10-13 22:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-13 21:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-13 21:47 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-13 21:47 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-13 21:41 --------- d-----w c:\program files\Last.fm
2008-10-13 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Last.fm
2008-09-29 18:33 227,664 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-07-24 14:44 66,360 ----a-w c:\documents and settings\Owner\g2ax_customer_downloadhelper_win32_x86.exe
2008-09-10 13:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-12_12.32.06.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-12 18:10:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_668.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-25 212992]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-14 185896]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-06 c:\windows\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-27 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 738968]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-07-30 94208]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-10 24633]
NetDisk Administrator.lnk - c:\program files\XiMeta\NetDisk\Admin.exe [2004-01-14 131167]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-09-06 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-20 07:06 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"vidc.dvsd"= pdvcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 LanScsiHelper;LanScsi Helper Service;"c:\program files\XiMeta\NetDisk\LDServ.exe" [2004-01-14 94305]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-09-07 47640]
R2 lpx;LPX Protocol;c:\windows\system32\DRIVERS\lpx.sys [2004-01-14 108032]
R3 lanscsibus;LANSCSI Bus Driver for NetDisk;c:\windows\system32\DRIVERS\lanscsibus.sys [2004-01-14 30336]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2007-04-17 12856]
S3 Tfssvdfacesm;Tfssvdfacesm; []
S3 Wdnsasiodd;Wdnsasiodd; []
S4 LMIRfsClientNP;LMIRfsClientNP; []
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
HKLM-Run-Hquxevoyoxa - c:\windows\Qranirakipejoxir.dll
HKLM-Run-Nhagebevaxiti - c:\windows\ugodonotudokawas.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://thesac.athleticsite.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 13:10:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\SanDisk\Sansa Updater\SansaSvr.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-12 13:15:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-12 18:15:26
ComboFix2.txt 2008-12-12 17:32:36

Pre-Run: 20,803,764,224 bytes free
Post-Run: 20,794,654,720 bytes free

210 --- E O F --- 2008-12-12 08:03:04

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 6:22 pm

more_horiz
Hello.
Looks good now, what problems remain?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Guard 2008 DXwU4
Spyware Guard 2008 VvYDg

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 6:23 pm

more_horiz
Everything seems good. Thank you very much for your help

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 6:25 pm

more_horiz
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware Guard 2008 DXwU4
Spyware Guard 2008 VvYDg

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200812th December 2008, 6:47 pm

more_horiz
Here is the log you requested. Thanks for the tip on the Java.

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Dec 12 13:46:26 2008

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 200815th January 2009, 8:31 am

more_horiz
Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

............................................................................................

Please be a GeekPolice fan on Facebook!

Spyware Guard 2008 Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

descriptionSpyware Guard 2008 EmptyRe: Spyware Guard 2008

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum