Popups & Command Service

[Darkgecko]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:34:43 PM 11/4/2006

+ Scan result:



C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP127\A0010017.dll -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0015344.dll -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP151\A0025082.dll -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0033602.dll -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0049971.dll -> Adware.CommAd : Ignored.
C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\asappsrv.dll -> Adware.CommAd : Ignored.
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\Dxc.exe -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\DxcBho.dll -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\DxcCore.dll -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\FEF45133A5864983AD0D84EB5FC860CD -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKU\.DEFAULT\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKU\.DEFAULT\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-18\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-18\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-1659004503-854245398-725345543-1004\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-1659004503-854245398-725345543-1004\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-1659004503-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP126\A0008793.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP129\A0011037.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP129\A0012423.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP130\A0014137.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014292.dll -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP132\A0016036.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP132\A0016197.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP132\A0017421.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP132\A0017591.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP133\A0019072.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP137\A0020155.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP138\A0020604.dll -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP138\A0020641.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP138\A0020643.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP138\A0020716.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP140\A0022176.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP140\A0022369.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP140\A0022371.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP141\A0024286.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP148\A0024483.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP148\A0024485.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027311.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030481.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032203.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034930.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035798.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039680.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP181\A0039690.dll -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042010.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042013.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048594.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048597.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP207\A0050940.dll -> Adware.Mirar : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP207\A0050950.dll -> Adware.Mirar : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050577.dll -> Adware.PurityScan : Ignored.
C:\hijackthis\backups\backup-20061104-212217-892.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034918.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP171\A0035354.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050522.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050929.exe -> Adware.SaveNow : Ignored.
C:\Program Files\Deskbar -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014293.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP146\A0024450.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP152\A0027165.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027266.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030182.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP154\A0030745.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032189.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039677.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP181\A0039691.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP185\A0041023.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP186\A0041743.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042009.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP191\A0043329.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP195\A0043770.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP196\A0044083.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP197\A0044160.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP197\A0044161.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044237.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048593.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0049969.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050359.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050367.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050418.dll -> Adware.Softomate : Ignored.
HKU\S-1-5-21-1659004503-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP191\A0043333.exe -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP195\A0043657.exe -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044243.exe -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050028.exe -> Adware.SurfSide : Ignored.
C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[260] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[308] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[320] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[484] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[556] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[616] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[828] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
C:\Program Files\Common Files\rukr\rukrd\rukrc.dll -> Adware.TargetServer : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP127\A0009113.exe/empty_00000001 -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014299.exe/IUCMORE.DLL -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014299.exe/UCMTSAIE.DLL -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014299.exe/empty_00000001 -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014301.dll -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014307.dll -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014296.exe -> Downloader.Adload.di : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP137\A0020143.exe -> Downloader.Adload.di : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP137\A0020156.exe -> Downloader.Adload.di : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP138\A0020607.exe -> Downloader.Adload.di : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP138\A0020608.exe -> Downloader.Adload.di : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP140\A0022177.exe -> Downloader.Adload.di : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP141\A0023465.exe -> Downloader.Adload.di : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP145\A0024445.exe -> Downloader.Adload.di : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP146\A0024453.exe -> Downloader.Adload.di : Ignored.
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a43.exe -> Downloader.Adload.fu : Ignored.
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a44.exe -> Downloader.Adload.fu : Ignored.
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a45.exe -> Downloader.Adload.fu : Ignored.
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a46.exe -> Downloader.Adload.fu : Ignored.
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a48.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP137\A0020153.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP138\A0020715.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP140\A0022174.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP141\A0024288.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027313.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027314.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027315.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027316.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027317.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030475.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030476.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030477.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030483.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030484.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP154\A0032182.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP154\A0032183.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP154\A0032184.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032204.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032205.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032206.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032207.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032208.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032209.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP156\A0033995.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP156\A0033996.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP156\A0033997.exe -> Downloader.Adload.fu : Ignored.

 

[Darkgecko]

C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP157\A0034402.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP157\A0034403.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP157\A0034404.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP162\A0034882.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP162\A0034883.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP162\A0034884.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034924.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034925.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034926.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034927.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034928.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034929.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035786.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035787.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035788.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035795.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035796.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035797.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP173\A0036176.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP173\A0036177.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP173\A0036178.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP177\A0036612.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP177\A0036613.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP177\A0036614.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0038662.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0038663.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0038664.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039674.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039675.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039676.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP181\A0039799.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP181\A0039800.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP181\A0039801.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP186\A0041762.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042006.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042007.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042008.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042011.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042012.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042014.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042020.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042021.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042027.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042034.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0042046.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP195\A0043765.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP195\A0043766.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044579.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044580.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048292.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048293.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048294.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048295.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048590.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048591.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048592.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048595.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048596.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048598.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048604.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048605.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048611.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048618.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048631.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050355.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050356.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050357.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050358.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050360.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050496.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050497.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050498.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050499.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050500.exe -> Downloader.Adload.fu : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP126\A0008267.exe -> Downloader.Adload.gt : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP127\A0009111.exe -> Downloader.Adload.gt : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP130\A0013062.exe -> Downloader.Adload.gt : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027245.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027310.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0029069.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030096.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030178.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030480.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP154\A0030750.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP154\A0030755.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032192.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032193.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP156\A0033998.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP157\A0034006.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP158\A0034416.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035792.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP173\A0035839.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP178\A0038241.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0038323.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039678.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039679.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP181\A0039694.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP181\A0039695.exe -> Downloader.Adload.hg : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP183\A0040502.exe -> Downloader.Adload.hr : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP183\A0040634.exe -> Downloader.Adload.hr : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP185\A0041026.exe -> Downloader.Adload.hr : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP185\A0041027.exe -> Downloader.Adload.hr : Ignored.
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/drsmartload.exe -> Downloader.Adload.ht : Ignored.
C:\Documents and Settings\Monica\Local Settings\Temporary Internet Files\Content.IE5\FRBNF2UI\drsmartload[2].exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP201\A0044601.exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0048296.exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0049828.exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0049967.exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050361.exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050370.exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050493.exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050927.exe -> Downloader.Adload.ht : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP186\A0041746.exe -> Downloader.Adload.nad : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP186\A0041747.exe -> Downloader.Adload.nad : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP191\A0043332.exe -> Downloader.Adload.nad : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP195\A0043757.exe -> Downloader.Adload.nad : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP195\A0043767.exe -> Downloader.Adload.nad : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP196\A0044084.exe -> Downloader.Adload.nad : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP197\A0044158.exe -> Downloader.Adload.nad : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP197\A0044164.exe -> Downloader.Adload.nad : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044238.exe -> Downloader.Adload.nad : Ignored.

 

[Darkgecko]

C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044239.exe -> Downloader.Adload.nad : Ignored.
C:\Documents and Settings\Monica\Local Settings\Temporary Internet Files\Content.IE5\7TVH0K2M\ac3[1].txt -> Downloader.Agent.awb : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP207\A0050942.dll -> Downloader.Agent.awb : Ignored.
C:\WINDOWS\system32\grsb21ae.dll_tobedeleted -> Downloader.Agent.awb : Ignored.
C:\WINDOWS\ΑppPatch\logonui.exe -> Downloader.PurityScan.cl : Ignored.
C:\WINDOWS\ΑppPatch\ΑppPatch\!update-4220.0000 -> Downloader.PurityScan.da : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP196\A0044082.dll -> Downloader.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP207\A0050943.dll -> Downloader.Small : Ignored.
C:\WINDOWS\system32\w001f008.dll_tobedeleted -> Downloader.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP185\A0041039.exe -> Downloader.Small.ajc : Ignored.
C:\Program Files\WindowsUpdate\hocew.dll -> Downloader.Small.ctp : Ignored.
C:\Program Files\Common Files\rukr\rukrd\vocabulary -> Downloader.TSUpdate.j : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP146\A0024452.exe -> Downloader.VB.afl : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP196\A0044088.exe -> Dropper.VB.mz : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044246.exe -> Dropper.VB.mz : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP126\A0008273.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP127\A0009973.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP185\A0041111.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP185\A0041446.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP187\A0043222.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP188\A0043240.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP195\A0043791.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044282.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0049780.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0050055.exe -> Hijacker.Small : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050495.exe -> Hijacker.Small : Ignored.
C:\Documents and Settings\Monica\Local Settings\Temporary Internet Files\Content.IE5\FRBNF2UI\wallpap[1].exe -> Hijacker.Small.jf : Ignored.
C:\Program Files\MSN Gaming Zone\kykekobyz.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\MSN\hohyh.html -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP126\A0008288.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP127\A0009974.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP128\A0010153.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP129\A0010596.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP129\A0011988.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP130\A0013588.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP130\A0013692.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0015337.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0015383.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP132\A0015758.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP132\A0017141.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP133\A0018774.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP133\A0018975.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP136\A0019110.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP137\A0020181.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP140\A0023093.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP143\A0024426.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0027261.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP153\A0030202.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP154\A0031853.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP154\A0031885.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0033585.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP156\A0033698.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP157\A0034128.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP162\A0034597.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP165\A0034950.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP171\A0035375.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035488.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP173\A0035886.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP177\A0036332.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0038362.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039398.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP184\A0040735.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP185\A0041038.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP195\A0043792.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP200\A0044283.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0049781.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP205\A0049838.exe -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP131\A0014295.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP134\A0019077.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP137\A0020146.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP138\A0020606.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP140\A0022163.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP141\A0023464.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP155\A0032191.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP158\A0034415.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP172\A0035801.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP173\A0035838.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP180\A0039682.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP181\A0039693.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP183\A0040653.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP185\A0041025.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP186\A0041745.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP191\A0043331.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050369.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050557.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP206\A0050670.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP207\A0050945.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.


::Report end



I notice they all say 'ignored' I was expecting them to say 'quarantined' as that was the option that I selected, but I wasn't watching the program when it finished.

 

[pskelley]

Exactly the question I was going to ask you. Most of this junk is in System Restore and we will clean that out before we finish. Just do not use System Restore or the junk will be back on the computer.

I can't proceed until I know the stuff not in System Restore was quarantined or deleted. I need this information and know of no way to get it without running AVG again.

Before you run it do this:
MANUAL INSTRUCTIONS FOR SYSTEM RESTORE
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

That will get rid of the C:\System Volume Information\_restore in the AVG log.
I really can't proceed until I know what AVG has removed and I see a HJT log after it has removed the junk.

Thanks

 

[pskelley]

Please make sure all instructions are followed exactly and post to let me know if you have a problem with the instructions:

Download and install the trial version of AVG Anti-Spyware.

The program should launch automatically after installation. If not, double-click the desktop icon.

Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

Update AVG's Definitions

- AVG automatically updates the spyware definitions if you are connected to the net during installation.
- As a precaution, click the "Update" icon from the main menu.
- Then click the "Start Update" button.
- When you receive the "Update successful" prompt, close AVG.
- Note: If you have any problems with the updater, you can Update AVG Manually.

Restart your computer in Safe Mode
- Restart your computer.
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
- Select the first option, to run Windows in Safe Mode.
- Further instructions on Safe Mode can be found here.

Scanning with AVG Anti-Spyware

- Open AVG Anti-Spyware and click the "Scanner" icon from the main menu.
- Click "Complete System Scan" to start scanning.
- When the scan completes, click "Recommended action" beneath the results window and select Quarantine.
- Then click the "Apply all actions" button to quarantine everything detected.
- Then click Save report > Save report as and save the Report-Scan.txt to your desktop. `

Close AVG Anti-Spyware and restart your machine to complete the removal process.

Thanks

 

[Darkgecko]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:14:44 AM 11/5/2006

+ Scan result:



C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\Program Files\DeluxeCommunications\FEF45133A5864983AD0D84EB5FC860CD -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-1659004503-854245398-725345543-1004\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-1659004503-854245398-725345543-1004\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-1659004503-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\hijackthis\backups\backup-20061104-212217-892.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\Cache -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\about.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\options.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\version.txt -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP3\A0000044.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\deskbar.exe -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
HKU\S-1-5-21-1659004503-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1659004503-854245398-725345543-1004\Dc2.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP3\A0000303.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Common Files\rukr\rukrd\rukrc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a43.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a44.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a45.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a46.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/mc44a48.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP3\A0000039.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Y05ZL5UU\drsmartload44a[1].exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\mc44a48.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Desktop\SDFix\backups\backups.zip/backups/drsmartload.exe -> Downloader.Adload.ht : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Temporary Internet Files\Content.IE5\FRBNF2UI\drsmartload[2].exe -> Downloader.Adload.ht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP3\A0000041.exe -> Downloader.Adload.ht : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Y05ZL5UU\drsmartload[1].exe -> Downloader.Adload.ht : Cleaned with backup (quarantined).
C:\drsmartload.exe -> Downloader.Adload.ht : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Temporary Internet Files\Content.IE5\7TVH0K2M\ac3[1].txt -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\grsb21ae.dll_tobedeleted -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\ΑppPatch\logonui.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\WINDOWS\ΑppPatch\ΑppPatch\!update-4220.0000 -> Downloader.PurityScan.da : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w001f008.dll_tobedeleted -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\WindowsUpdate\hocew.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Program Files\Common Files\rukr\rukrd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP3\A0000030.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1Z3CF6ZO\v1201[1].exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\v1201.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Temporary Internet Files\Content.IE5\FRBNF2UI\wallpap[1].exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\MSN Gaming Zone\kykekobyz.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\MSN\hohyh.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UY171DXK\wallpap[1].exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2FD29C4C-5495-4BC7-81AD-F21CD9F73203}\RP3\A0000275.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Cookies\monica@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.


::Report end

 

[Darkgecko]

Logfile of HijackThis v1.99.1
Scan saved at 8:27:01 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [grsb21ae] RUNDLL32.EXE w001f008.dll,n 006b21a80000000a001f008
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160811155375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160813055828
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

[Darkgecko]

I'm not currently getting any popups. I wasn't sure if I was supposed to turn Tea-Timer back on, but I went ahead and did it so my wife could use the computer, but I've left it off the net for now.

C:\WINDOWS\TW9uaWNhIEdyZWdvcnk doesnt exist, even though it shows up there in the HJT log :sad:

When I run SpyBot S&D it is still finding 'Network Monitor' and tries to shut it down, every time I run the program.

 

[pskelley]

I wasn't sure if I was supposed to turn Tea-Timer back on

No problem that you turned it on, but when you are running fixes of any kind, it will block those changes so turn it off. Looking at the log now, understand if the stuff is there, then we must find it and remove it. Please make sure you have followed all directions to enable all hidden files and folders.
http://www.bleepingcomputer.com/tutorials/tutorial62.html
Then you can use Search Companion to locate the files.
Start > Search > All Files and Folders
It can take time for Search Companion to do this, there are a lot of files for it to look at so be patient. Let's see what is left to do.

AVG Anti-Spyware <<< is this report run in Safe Mode? Did a good job, remember to delete the junk in that quarantine folder if you decide to keep the scanner.

Logfile of HijackThis v1.99.1 Scan saved at 8:27:01 AM, on 11/5/2006

We are making great progress, good job:bigthumb: Let's look at this item:

C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
CastleCops: Command Service (cmdService) X command.exe Adware

Try this first:
Open a command prompt (start run type cmd press enter) type
sc delete "cmdService"
press enter, type exit and press enter to exit the command prompt
(parenthesis must be there)

If that does not remove it, then I understand Ad-aware does, though reports of leftovers in the registry that Spybot picks up on have been occuring. I hear this has been fixed, so give it a try.
Here is a tutorial and the download like, it is a free program so DO NOT choose trials or paid for during the download. Once you have it installed, update and run it removing what it locates. It makes backups for you if needed.
http://www.bleepingcomputer.com/tutorials/tutorial48.html

Once that is done, then turn TeaTimer off and the Guard function in AVG Anti-Spyware:
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe and do this:

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [grsb21ae] RUNDLL32.EXE w001f008.dll,n 006b21a80000000a001f008
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
(should be gone)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

(this folder should be gone, but look anyway and delete it if there, you should know where to find it by now)
C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\

(search for this file and delete it, should be in the System32 folder)
w001f008.dll

(Related to Deluxe Communications, search for it and delete it)
dxclib303562752.dll

Run the ATF-Cleaner and then restart the computer. Post a new HJT log, let me know about any problems.

Thanks...Phil

I suggest you turn Spybot off of the auto mode, run the program every week or so or after a heavy surfing day. Once you turn it off, then remove the line from your HJT log.
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart

 

[Darkgecko]

That AVG Scan was in safe mode, yes. After running Ad-Aware and making those fixes, I ran HJT. When I ticked those 2 lines you mentioned, and clicked Fix Checked, the following came up:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: dxclib303562752.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

I then rebooted, started the resident shield and tea timer, and ran HJT again.


Logfile of HijackThis v1.99.1
Scan saved at 1:25:44 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DC25841-9CD6-E455-80FB-B6693F8CDCB3} - (no file)
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160811155375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160813055828
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

[pskelley]

Thanks for the feedback, I have seen that error popup before, may be a glitch in HJT? The program has not been updated in a while.

Dead line, remove with HJT: O2 - BHO: (no name) - {6DC25841-9CD6-E455-80FB-B6693F8CDCB3} - (no file)

Try HJT on this one again:
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
Here is what itt is: http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_POP.A
basic adware that says it is free but exacts a price in popups.

If you can't remove it with HJT, try this:
Internet Explorer > Tools > Options > Browsing History > Settings > View Objects. Try to Highlite and delete it from there.

TeaTimer will have to be turned off for the above. Beside that, this log looks clean, let's do this:
MANUAL INSTRUCTIONS FOR SYSTEM RESTORE
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

If you need these instructions:
http://filext.com/info/showthread.php?t=27
http://filext.com/flash/restorepoint.htm
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsetup/html/winmesr.asp

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

I will suggest you consider this free program from microsoft, unless you should purchase AVG Anti-Spyware:
http://www.microsoft.com/downloads/...E7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en

I am not seeing an Antivirus program running and that is cyber-suicide going online without one. Here are three that are free and I lean towards AVG Free from Grisoft:
http://free.grisoft.com/freeweb.php
http://www.avast.com/eng/avast_4_home.html
http://www.free-av.com/

In the Control Panel > Security Center > all three items should be showing green and on.

Let's give it 24 hours then post to let me know of any issues.

Thanks...Phil

 

[Darkgecko]

So far so good, I'm using the windows defender, and the AVG Free Edition. AVG didnt like alot of things after I installed it, but after removing all the infected files, and reinstalling what was removed, it seems to be working fine.

Thanks for your help, I've learned alot during the process, which is as beneficial as fixing the computer was

 

[pskelley]

You are so welcome, glad things are running better. You also have IE-7 installed and that will give you some additional protection. Make sure you review the information from those experts. I will ask tashi to close your topic as soon as time permits.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

 

[tashi]

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Cheers.