ActiveX not initialized

Hi Susan,

Were you able to get rid of the files you couldn't delete?

Regards - Charles

 

No not yet. But I was able to download all the windows updates so I am now running the cleaning tools again and see if that helps.
Thanks,
Susan

 

new HJT Log

Hi, I have made so much progress I thought I should share a new HJT log. I finally got Housecalls to run the whole way and deleted 16 trojans WOW!!!
So now I am able to move about fairly quickly and I am not so worried.
So... Can you check my new HJT Log?
Thanks a bunch,
Susan

Logfile of HijackThis v1.99.1
Scan saved at 11:12:09 PM, on 9/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\X3watch\x3watch.exe
C:\WINDOWS\System32\cmprops3.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\??chost.exe
C:\Program Files\ahad\ubae.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\StarOffice6.0\program\soffice.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\admin\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:83
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {149FED42-03DE-5E25-D58F-5A404FECFD93} - C:\WINDOWS\System32\gvcvpkim.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {ADB8BC48-58D7-5026-DC6F-04C5377A479F} - C:\WINDOWS\System32\epmc.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [pyW] C:\documents and settings\admin\local settings\temp\pyW.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [8b1d7d4f4420] C:\WINDOWS\System32\cmprops3.exe
O4 - HKLM\..\Run: [cae3c3415538] C:\WINDOWS\System32\cnbjmon9.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Urhtwtz] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [Utoc] C:\Program Files\ahad\ubae.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://housecall60.trendmicro.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128115043109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer2005ScannerInstall.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)

 

please download Ewido security suite it is a free version of the program.

1. Install Ewido security suite
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you may get a warning "Database could not be found! ". Click OK. We will fix this in a moment.
   
6. You will need to update Ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display "Update successful ")

If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Close Ewido for now.

Click start then run and type services.msc, then hit enter. Locate Microsoft SSL, right click and choose properties. Stop the service, then set startup type to disabled. Click Apply then OK. Close the services window.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

O2 - BHO: (no name) - {149FED42-03DE-5E25-D58F-5A404FECFD93} - C:\WINDOWS\System32\gvcvpkim.dll (file missing)
O2 - BHO: (no name) - {ADB8BC48-58D7-5026-DC6F-04C5377A479F} - C:\WINDOWS\System32\epmc.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [pyW] C:\documents and settings\admin\local settings\temp\pyW.exe
O4 - HKLM\..\Run: [8b1d7d4f4420] C:\WINDOWS\System32\cmprops3.exe
O4 - HKLM\..\Run: [cae3c3415538] C:\WINDOWS\System32\cnbjmon9.exe
O4 - HKCU\..\Run: [Urhtwtz] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [Utoc] C:\Program Files\ahad\ubae.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)


Reboot to safe mode.

Open HijackThis to the misc tools section. Click the Delete an NT Service button. Type in ssl and click OK. You should get a succeeded message. Close HijackThis.

Enable viewing of hidden files and folders. Locate and delete the following files.

C:\WINDOWS\System32\cmprops3.exe
C:\WINDOWS\System32\cnbjmon9.exe
C:\WINDOWS\System32\ssl.exe

You should have two of the following files.

C:\WINDOWS\System32\svchost.exe

One of them is rouge. Check the properties of each to see if you can determine which is the real MS file and delete the rogue. If unsure, do nothing with it (them) and let me know.


Delete the following folder in Program Files.

C:\Program Files\ahad

Open C:\documents and settings\admin\local settings\temp, select all and delete.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Close Internet Options. Then, still in the control panel, open the Java Plug-in, click the cache tab and then clear.
Open Add/Remove Programs and uninstall all Sun Java.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.


[*]Open Ewido and click on scanner
[*]Click on Complete System Scan and the scan will begin.
[*]While the scan is in progress you will be prompted to clean files, click OK
[*]When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
[*]Once the scan has completed, there will be a button located on the bottom of the screen named Save report
[*]Click Save report.
[*]Save the report .txt file to your desktop.
[/list]Now close Ewido security suite.

Reboot to normal mode and go to the Sun Java Website and update your JRE. Current is 1.4.2_09

Scan the pc with Panda ActiveScan. When complete, click Save Report and post the contents of that log, along with the log from Ewido and a new HJT log.

 

Well I did for the most part what you said. All the way to deleting ssl.exe filethere wasn't one. Nor was there 2 svchost.exe.
Then I had an error that I could not compress old files.no matter what I clicked or didn't click.
I did everything after that and here is what I got.

HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 1:20:59 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\StarOffice6.0\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Documents and Settings\admin\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:83
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [8b1d7d4f4420] C:\WINDOWS\System32\cmprops3.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://housecall60.trendmicro.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128115043109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer2005ScannerInstall.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

Ewido report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:15:29 PM, 10/11/2005
+ Report-Checksum: 1CF19026

+ Scan result:

C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047211.exe -> Spyware.AdSrve : Cleaned with backup
C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047212.exe -> Spyware.AdSrve : Cleaned with backup
C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047213.exe -> Spyware.VB : Cleaned with backup
C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047214.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047215.exe -> Spyware.UrlSpy : Cleaned with backup
C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047216.exe -> Spyware.UrlSpy : Cleaned with backup


::Report End


And Panda Activescan:

Incident Status Location

Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP706\A0047188.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047208.exe
Adware:Adware/IEDriver No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047211.exe
Adware:Adware/IEDriver No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047212.exe
Adware:Adware/IEDriver No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047213.exe
Adware:Adware/Look2Me No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047214.exe
Spyware:Spyware/UrlSpy No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047215.exe
Spyware:Spyware/UrlSpy No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP707\A0047216.exe
Adware:Adware/Comet No disinfected C:\System Volume Information\_restore{286248A0-7170-4807-BEA1-C3F56A7CF7CF}\RP679\A0044931.inf
Adware:Adware Program No disinfected C:\WINDOWS\Downloaded Program Files\WildApp.inf
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\basesrv0.exe
Thanks,
Susan