Laugesen
2013-06-07, 20:34
(Apologies if this is redundant to other posts, several of which I have read)
1. Using the current Spybot download I noted the log indicated several entries "Unable to store downloaded update information". Should I be concerned?
2. In any case, I ran a quick scan and then for thoroughness a deep scan. As other threads relate, my scan also found numerous "unknown ADS" and "no admin In ACL", most of which I suspect are harmless. But how to really know? Here is the log of the deep scan (evidently, since another log is labeled "quick scan" and detected no hidden files):
info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml: 0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\Scanned Documents\Image.jpg: 3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\Scanned Documents\Welcome Scan.jpg: 3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\My Kindle Content\Aesops-Fables.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\My Kindle Content\Pride-and-Prejudice.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\My Kindle Content\Treasure-Island.azw:uidStream:$DATA"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Roaming\Dance"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF237539BAD05437B9.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF2CF089CEA0B3166D.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF3AB340086BA708BD.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF685A3CA25757A081.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF8C1326D0DF88C477.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF94FD956426C2A55C.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DFA36E38CF1EB038AA.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DFDE4169BBFFA5B407.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DFF96E531FA9BE4898.TMP"
File:"No admin in ACL","C:\ProgramData\Desktop Pictures"
File:"No admin in ACL","C:\ProgramData\DirectoryService"
File:"No admin in ACL","C:\ProgramData\PKP_DLdw.DAT"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configee.stn"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxeu.xxb"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_1.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_2.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_4.txt"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\4cf6fa99f6fa828e.dat:66953f6e-68cb-4364-bfab-2a3f7467e05d:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\c8e09fd9e09fcbd6.dat:94c81a2a-1946-416f-9c6d-b32d0ad6720a:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\c8e09fd9e09fcbd6.dat:f0293248-5c94-4931-9ab6-7f2d2dfcf723:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\dc6ac3fd6ac3d306.dat:8592fc7d-2134-4176-840d-2811329c0124:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fa2001c02001853b.dat:014f0012-4404-494e-a6bc-f224d933fa3f:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fa8667cd866788c9.dat:502cb465-6cd0-4243-99af-861307014b44:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fa8667cd866788c9.dat:f835ac59-0910-4040-9912-6f3fb1d58a79:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fc5e74c55e747a6a.dat:032f3233-5bbf-410b-bc41-ef499bb60c4d:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fc5e74c55e747a6a.dat:121f9e6c-949d-4c04-bd17-bd1606806b5c:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\LAUGESENLAPTOP_20111122-000001\report.xml: Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
3. Here's another log, in part, concluding "fixing failed"--that can't be good?
Report generated: 2013-06-01 11:37 ---
7FaSSt: [SBI $A356ED68] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{38493F7F-2922-4C6C-9A9A-8DA2C940D0EE}
7FaSSt: [SBI $A356ED68] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{38493F7F-2922-4C6C-9A9A-8DA2C940D0EE}
7FaSSt: [SBI $4898F94D] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}
7FaSSt: [SBI $4898F94D] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}
7FaSSt: [SBI $B5EF44C2] IE toolbar (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
3. I downloaded the latest Spybot and ran the scans because it seems prudent to do, but primarily because I downloaded a browser backup program which installed a nuisance search tool bar, "Snap.do", which I cannot seem to block or remove, despite using Control Center to uninstall. Searching Spybot forums, I did see a relevant post by "Sandra" of "Team Spybot" on 4/19/13, wherein she instructed to "open the SDCleaner.exe". Where exactly is that file?
THANK YOU!
1. Using the current Spybot download I noted the log indicated several entries "Unable to store downloaded update information". Should I be concerned?
2. In any case, I ran a quick scan and then for thoroughness a deep scan. As other threads relate, my scan also found numerous "unknown ADS" and "no admin In ACL", most of which I suspect are harmless. But how to really know? Here is the log of the deep scan (evidently, since another log is labeled "quick scan" and detected no hidden files):
info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml: 0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\Scanned Documents\Image.jpg: 3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\Scanned Documents\Welcome Scan.jpg: 3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\My Kindle Content\Aesops-Fables.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\My Kindle Content\Pride-and-Prejudice.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Laugesen\Documents\My Kindle Content\Treasure-Island.azw:uidStream:$DATA"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Roaming\Dance"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF237539BAD05437B9.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF2CF089CEA0B3166D.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF3AB340086BA708BD.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF685A3CA25757A081.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF8C1326D0DF88C477.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DF94FD956426C2A55C.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DFA36E38CF1EB038AA.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DFDE4169BBFFA5B407.TMP"
File:"No admin in ACL","C:\Users\Laugesen\AppData\Local\Temp\~DFF96E531FA9BE4898.TMP"
File:"No admin in ACL","C:\ProgramData\Desktop Pictures"
File:"No admin in ACL","C:\ProgramData\DirectoryService"
File:"No admin in ACL","C:\ProgramData\PKP_DLdw.DAT"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configee.stn"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxeu.xxb"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_1.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_2.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_4.txt"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\4cf6fa99f6fa828e.dat:66953f6e-68cb-4364-bfab-2a3f7467e05d:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\c8e09fd9e09fcbd6.dat:94c81a2a-1946-416f-9c6d-b32d0ad6720a:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\c8e09fd9e09fcbd6.dat:f0293248-5c94-4931-9ab6-7f2d2dfcf723:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\dc6ac3fd6ac3d306.dat:8592fc7d-2134-4176-840d-2811329c0124:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fa2001c02001853b.dat:014f0012-4404-494e-a6bc-f224d933fa3f:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fa8667cd866788c9.dat:502cb465-6cd0-4243-99af-861307014b44:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fa8667cd866788c9.dat:f835ac59-0910-4040-9912-6f3fb1d58a79:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fc5e74c55e747a6a.dat:032f3233-5bbf-410b-bc41-ef499bb60c4d:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\chjw\fc5e74c55e747a6a.dat:121f9e6c-949d-4c04-bd17-bd1606806b5c:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\LAUGESENLAPTOP_20111122-000001\report.xml: Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
3. Here's another log, in part, concluding "fixing failed"--that can't be good?
Report generated: 2013-06-01 11:37 ---
7FaSSt: [SBI $A356ED68] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{38493F7F-2922-4C6C-9A9A-8DA2C940D0EE}
7FaSSt: [SBI $A356ED68] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{38493F7F-2922-4C6C-9A9A-8DA2C940D0EE}
7FaSSt: [SBI $4898F94D] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}
7FaSSt: [SBI $4898F94D] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}
7FaSSt: [SBI $B5EF44C2] IE toolbar (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
3. I downloaded the latest Spybot and ran the scans because it seems prudent to do, but primarily because I downloaded a browser backup program which installed a nuisance search tool bar, "Snap.do", which I cannot seem to block or remove, despite using Control Center to uninstall. Searching Spybot forums, I did see a relevant post by "Sandra" of "Team Spybot" on 4/19/13, wherein she instructed to "open the SDCleaner.exe". Where exactly is that file?
THANK YOU!