Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: HiJack this Log(Resolved)

  1. 02-26-2007, 05:52 PM #1
    fishingaddictsinc
    fishingaddictsinc is offline Junior Member
    Join Date
    Jan 2007
    Posts
    22

    HiJack this Log(Resolved)

    I need help interpreting my HJT log. Please tell me what is safe to remove and what I should keep. thank you.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:48:32 PM, on 2/26/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\AnalyzeThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.rd.yahoo.com/p/hpq/desk/*h....hpq.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172519090245
    O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\fppq0375e.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    Reply With Quote Reply With Quote
  2. 02-26-2007, 06:18 PM #2
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Before we give any fixes with HJT it is absolutely necessary to follow all of the clean up steps given in this link
    HJT is not a cleaning tool essentially, it is a scanning and locator tool. Most bad items noted by the HJT scan require other cleaning steps, just fixing them with HJT doesn't fix the underlying problem. Once you have completed all the steps in the above link then run a NEW HJT scan and post it back here along with other logs resulting from AVG Anti-spy, online scans and items found by other anti-spy programs which cannot be fixed. We will then go from there.
    Judy

    P.S. was this HJT scan done in normal mode?
    Reply With Quote Reply With Quote
  3. 02-26-2007, 06:29 PM #3
    fishingaddictsinc
    fishingaddictsinc is offline Junior Member
    Join Date
    Jan 2007
    Posts
    22
    Judy,
    Okay I have updated Microsoft, ran scans with AVG anitvirus, AVG antispyware, Adaware, spybot SD, Immunized with Spybot, installed/ran spyware blaster, used Trojan hunter, and finally I ran HiJackthis to see what was left. I followed this instructions that the link provided and i have done them all except a scan in safe mode. Which I will do immediately and return here with a fresh HJT log.
    Reply With Quote Reply With Quote
  4. 02-26-2007, 06:34 PM #4
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    give me the AVG anti-spy log also

    Okay I have updated Microsoft, ran scans with AVG anitvirus, AVG antispyware, Adaware, spybot SD, Immunized with Spybot, installed/ran spyware blaster, used Trojan hunter, and finally I ran HiJackthis to see what was left. I followed this instructions that the link provided and i have done them all except a scan in safe mode. Which I will do immediately and return here
    Can you tell me exactly WHEN you did this scanning? I see no evidence of Trojan Hunter in your log. And how could you have done all of that within 30 minutes?
    Reply With Quote Reply With Quote
  5. 02-26-2007, 08:02 PM #5
    fishingaddictsinc
    fishingaddictsinc is offline Junior Member
    Join Date
    Jan 2007
    Posts
    22
    Judy,
    I do have some experience with removing malware, although my Kung fu is not nearly as good as yours. That is how I got all of that done so quickly. I had a good idea of what to do already.

    I installed Trojan Hunter after the first HJT log, so you are correct it did not show up.

    I ran ATF cleaner and AVG in safe mode. AVG anti-virus did not find anything. System Restore is turned off because the link in your first post instructed me to do so.

    Here is the HJT log:
    Logfile of HijackThis v1.99.1
    Scan saved at 5:57:23 PM, on 2/26/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\AnalyzeThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.rd.yahoo.com/p/hpq/desk/*h....hpq.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172519090245
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



    here is AVG anti-spyware:
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:13:32 PM 2/26/2007

    + Scan result:



    C:\Documents and Settings\Owner\Local Settings\Temp\bw2.com -> Adware.AdURL : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034338.exe -> Adware.AdURL : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0034355.exe -> Adware.AdURL : Marked for delete on rebootUnkown Error
    C:\WINDOWS\icont.exe -> Adware.AdURL : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036691.exe -> Adware.Agent : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036693.exe -> Adware.Agent : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0033318.dll -> Adware.E2Give : Marked for delete on rebootUnkown Error
    C:\Installer.exe -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0030681.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031681.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031701.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031720.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031735.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0032058.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033242.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0033319.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034009.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034271.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034286.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034317.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034332.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0035365.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0036372.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0036384.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0036392.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0036404.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0036413.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0036421.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP26\A0036454.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP27\A0036469.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036643.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036644.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036645.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036646.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036647.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036648.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036649.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036650.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036651.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036652.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036653.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036654.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036655.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036656.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036657.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036658.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036659.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036660.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036661.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036662.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036663.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036664.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036665.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036666.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036667.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036668.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036669.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036670.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036671.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036698.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036746.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036751.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\WINDOWS\system32\donwsock.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\WINDOWS\system32\fascfgwz.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\WINDOWS\system32\iosecsvc.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    [1452] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    [1560] C:\WINDOWS\system32\pgrfts.dll -> Adware.Look2Me : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDQ3STIV\freeprodtb[2].exe -> Adware.Maxifiles : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5IJ8LAN\freeprodtb[1].exe -> Adware.Maxifiles : Marked for delete on rebootUnkown Error
    C:\Program Files\Common Files\Windows\services32.exe -> Adware.Maxifiles : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031688.exe -> Adware.Maxifiles : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034337.exe -> Adware.Maxifiles : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDQ3STIV\mm63[1].ocx -> Adware.MediaMotor : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031714.ocx -> Adware.MediaMotor : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031742.ocx -> Adware.MediaMotor : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP27\A0036474.exe -> Adware.MediaMotor : Marked for delete on rebootUnkown Error
    C:\WINDOWS\mm63.ocx -> Adware.MediaMotor : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036688.dll -> Adware.Mirar : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036747.dll -> Adware.Mirar : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036748.dll -> Adware.Mirar : Marked for delete on rebootUnkown Error
    C:\WINDOWS\Temp\NNBar_VCSetup_876029.exe -> Adware.Mirar : Marked for delete on rebootUnkown Error
    C:\NNSCAA638.EXE -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\Program Files\NewDotNet -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP13\A0031908.dll -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP13\A0031909.exe -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0032062.exe -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP27\A0036471.dll -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036689.exe -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036750.dll -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    HKU\S-1-5-21-1768073591-513241150-4028654814-1003\Software\New.net -> Adware.NewDotNet : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036742.exe -> Adware.SaveNow : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031711.dll -> Adware.Softomate : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033212.dll -> Adware.Softomate : Marked for delete on rebootUnkown Error
    C:\WINDOWS\Downloaded Program Files\Install.dll -> Adware.SpywareStorm : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP27\A0036473.dll -> Adware.Sud : Marked for delete on rebootUnkown Error
    C:\WINDOWS\system32\0ce8rglo.dll -> Adware.Sud : Marked for delete on rebootUnkown Error
    C:\Program Files\Common Files\VCClient\VCMain.exe -> Adware.SurfSideKick : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0033309.dll -> Adware.Ucmore : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0033310.dll -> Adware.Ucmore : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0033312.lnk -> Adware.Ucmore : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0033313.lnk -> Adware.Ucmore : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036694.exe/IUCMORE.DLL -> Adware.Ucmore : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036694.exe/UCMTSAIE.DLL -> Adware.Ucmore : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036694.exe/empty_00000001 -> Adware.Ucmore : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033227.exe -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033231.dll -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033232.exe -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033234.inf -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033238.exe -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033239.dll -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033240.dll -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033241.exe -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036740.inf -> Adware.WebHancer : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDQ3STIV\unstall[1].exe -> Adware.Zango : Marked for delete on rebootUnkown Error
    C:\WINDOWS\unstall.exe -> Adware.Zango : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031762.exe -> Adware.Zestyfind : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033077.com -> Adware.Zestyfind : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036744.exe -> Adware.Zestyfind : Marked for delete on rebootUnkown Error
    C:\WINDOWS\system32\TFTP3712 -> Backdoor.Rbot : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP27\A0036472.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036633.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036634.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036635.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036636.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036637.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036638.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036639.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036640.exe -> Backdoor.SdBot.xd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033128.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033132.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033136.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033140.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033144.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033148.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033152.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033156.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033160.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033164.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033168.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033204.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036632.exe -> Downloader.Adload.j : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036677.exe -> Downloader.Adload.l : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036623.exe -> Downloader.ConHook.n : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036770.exe/is.exe -> Downloader.ConHook.n : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036673.dll -> Downloader.Dyfuca : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP27\A0036475.exe -> Downloader.Dyfuca.ei : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036678.exe -> Downloader.Dyfuca.ei : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036628.exe -> Downloader.IstBar.nn : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OS2XDERJ\bizz[1].htm -> Downloader.Psyme.di : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036621.exe -> Downloader.Qoologic.at : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036672.dll -> Downloader.Qoologic.at : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036620.exe -> Downloader.Small : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036617.exe -> Downloader.Small.bmx : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036626.exe -> Downloader.Small.buy : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036676.exe -> Downloader.Small.buy : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036622.exe -> Downloader.Small.cam : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036642.exe -> Downloader.Small.cbd : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036627.exe -> Downloader.TSUpdate.o : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0032106.ocx -> Downloader.VB.ov : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036675.ocx -> Downloader.VB.ov : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031686.exe -> Downloader.VB.ri : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031708.exe -> Downloader.VB.ri : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031739.exe -> Downloader.VB.ri : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0032105.exe -> Downloader.VB.ri : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034333.exe -> Downloader.VB.ri : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036625.exe -> Downloader.VB.rl : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033131.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033135.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033139.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033143.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033147.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033151.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033155.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033159.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033163.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033167.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033171.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033207.exe -> Downloader.VB.sh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036619.exe -> Downloader.VB.vr : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036674.exe -> Downloader.VB.vr : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036679.exe -> Downloader.VB.vv : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036618.exe -> Downloader.VB.ya : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KXAN012F\keyboard1[1].exe -> Downloader.VB.ys : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036684.exe -> Downloader.VB.ys : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5IJ8LAN\director_install[1].exe -> Dropper.Agent.aac : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5IJ8LAN\drdata[1].avi -> Dropper.Agent.aac : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ34HI7\director_install[1].exe -> Dropper.Agent.aac : Marked for delete on rebootUnkown Error
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ34HI7\drdata[1].avi -> Dropper.Agent.aac : Marked for delete on rebootUnkown Error
    C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe -> Dropper.Agent.aac : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP12\A0031687.exe -> Dropper.Agent.aac : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0034336.exe -> Dropper.Agent.aac : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036686.exe -> Dropper.Agent.aac : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036771.exe -> Dropper.Small.qn : Marked for delete on rebootUnkown Error
    C:\WINDOWS\newfrn.exe -> Hijacker.Small : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0033328.dll -> Hijacker.Small.jf : Marked for delete on rebootUnkown Error
    C:\WINDOWS\system32\DH9013.exe -> Hijacker.Small.jf : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036682.exe -> Hijacker.StartPage.ahg : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036683.exe -> Hijacker.StartPage.ahg : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036631.exe -> Hijacker.VB.kc : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036680.exe -> Hijacker.VB.kc : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036681.exe -> Hijacker.VB.kc : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP27\A0036476.exe -> Hijacker.VB.li : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036641.exe -> Logger.VB.eh : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP15\A0033252.exe -> Trojan.Delf.og : Marked for delete on rebootUnkown Error
    C:\Program Files\Common Files\VCClient\VCUpdate.exe -> Trojan.Download.h : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036624.exe -> Trojan.LowZones.c : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP28\A0036770.exe/low.exe -> Trojan.LowZones.c : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033129.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033133.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033137.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033141.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033145.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033149.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033153.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033157.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033161.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033165.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033169.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP14\A0033205.exe -> Trojan.LowZones.g : Marked for delete on rebootUnkown Error
    C:\WINDOWS\teller2.chk -> Trojan.Small : Marked for delete on rebootUnkown Error


    ::Report end

    I know that most likely I will have to turn system restore back on and scan with AVG anti-spyware again. Thank you for your help judy.
    Reply With Quote Reply With Quote
  6. 02-26-2007, 08:07 PM #6
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    System Restore is turned off because the link in your first post instructed me to do so.
    Whoops!
    Here is what the link actually says....
    "You will need to flush your restore points AFTER the fixing process has been completed to ensure that no malware is preserved. This is done by disabling and then re-enabling System Restore as per the above link."

    Let me go through your log and I will be back ASAP. By the way, did you reboot AFTER doing the AVG scan? If you haven't can you do so now please and run a new AVG scan and post me that new log?
    Reply With Quote Reply With Quote
  7. 02-26-2007, 08:34 PM #7
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Your operating system is way out of date, you should have XP SP2. Can I ask, why you have so few items running at Start Up? I know, that is odd to ask but normally I am saying to somebody..."why do you have all these unnecessary start up items?"
    What are you using for a firewall?
    Reply With Quote Reply With Quote
  8. 02-26-2007, 08:46 PM #8
    fishingaddictsinc
    fishingaddictsinc is offline Junior Member
    Join Date
    Jan 2007
    Posts
    22
    Judy,
    Windows updates were done before anything else and we were told that the systme is up to date. Sounds like I need to go back to Microsoft and keep updating?

    So few items on start up? Well I am not the first person to try fixing this computer. Other people have disabled this or that but there are no windows' errors so I did not worry about it.

    Firewall is the standard that windows uses but I am thinking about using Zone Alarm because I use it at home and it does pretty good.

    Here is my new AVG log:
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 6:46:08 PM 2/26/2007

    + Scan result:



    C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned.


    ::Report end

    this scan is with system restore on.
    Reply With Quote Reply With Quote
  9. 02-26-2007, 09:15 PM #9
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    You do need to update to XP SP2, this system only has SP 1 on it.
    I think that things look pretty good. Are you satisfied that all is running as it should be?
    You can continue to run the Windows Firewall, I do and am satisfied with it. I also have SpywareBlaster on my system and have it's Restricted sites enabled, I Immunize with Spybot also, but that is it. I have my anti-virus running all the time, Windows Firewall and that is it. I scan weekly with Spybot and AdAwareSE, every few weeks with AVG Anti-spy and that is it.
    Here are comments from a fellow I respect on another forum concerning the Windows Firewall, I have run nothing but for well over two years and have had no problems whatsoever...here is what he has to say..

    Windows Firewall blocks only incoming stuff whereas third-party firewalls (such as Zonealarm and Sygate) block both incoming and outgoing stuff. This means that were you to inadvertently allow a trojan to be installed, WF would not prevent it from calling home with whatever information it had managed to harvest from your computer (passwords, monitored keystrokes, etc, etc). So, in theory, a third-party utility will offer a greater level of security than WF. However ...

    ... simply adopting safe surfing practices (not downloading applications from warez sites or via file-sharing utilities, not installing no-cost applications from little-known developers, etc, etc, etc) and running a good antivirus utility should be sufficient to prevent any trojans or other unwanted items from finding their way onto your computer and so a bi-directional firewall is, IMO, of less importance than many people seem to think.

    Furthermore, look back over old threads and you'll find few (if any) instances of a person being "stung" as a result of using WF - but you'll find significantly more threads relating to problems caused by the use of a third-party firewall (botched updates, etc).

    There is, however, no "one size fits all" answer here. Should you use your computer for online banking/shopping and should it be shared with file-sharing children, then it might not be a bad idea to install a third-party firewall. OTOH, if you trust the other users to surf sensibly, then WF is probably perfectly sufficient for your needs.
    Reply With Quote Reply With Quote
  10. 02-28-2007, 06:53 PM #10
    fishingaddictsinc
    fishingaddictsinc is offline Junior Member
    Join Date
    Jan 2007
    Posts
    22
    Judy,
    Thank you yet again.

    The computer is working much better.




    ---fishingaddictsinc
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules