Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

z1.adserver is the most anoying thing ever![RESOLVED]


  • This topic is locked This topic is locked

#1
death to z1.adserver

death to z1.adserver

    Member

  • Member
  • PipPip
  • 11 posts
Hi

I had some ads from z1.adserver.com before but it wasn't that bad so I just left it alone. Now I get one every minute and it's driving me completly insane! I did a search on it and it brought me here. So could anyone please help me and save my sanity (as far as that's possible).

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 17:07:23, on 05/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [Ins3DT] D:\INSTALL4\INS3DT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitezez32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\netherlands.exe -N
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\netherlands.exe -N
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113312607421
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.n...cabs/cssweb.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A71EB1-DB38-44B0-A73D-25523C17A3FC}: NameServer = 62.45.45.45 62.45.46.46
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
  • 0

Advertisements


#2
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Hello death to z1.adserver and welcome to GeeksToGo. :tazz:

Step 1
Download this tool : LQfix.zip
Unzip it to your Desktop.
Don't use it yet!

IMPORTANT! Reboot the computer into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter').

Doubleclick LQfix.bat that you saved on your desktop before.
A dos window will open and close again, that is normal.


Step 2
While still in Safe Mode, open HijackThis, run a scan, then check the following:

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\netherlands.exe -N
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\netherlands.exe -N
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab


With all other programs and browsers closed, click fix checked.


Step 3
Please set your computer to show all files.
  • Double-click My Computer.
  • Click the Tools menu, and then click Folder Options.
  • Click the View tab.
  • Clear "Hide file extensions for known file types."
  • Under the "Hidden files" folder, select "Show hidden files and folders."
  • Clear "Hide protected operating system files."
  • Click Apply, and then click OK.
You will need to reverse this process when all steps are done.


Step 4
Please delete the following file:

C:\WINDOWS\system32\netherlands.exe

Reboot normally now.


Step 5
I couldn't find any information on this file. Do you know what it is? Right click on the file and choose 'properties', than on the 'version' tab note what the "Company" and "Version" are.

D:\INSTALL4\INS3DT.EXE

If you still are unsure what this file is, please submit it to the following links for a scan.
http://www.kaspersky.com/scanforvirus
http://virusscan.jotti.org/


Step 6
Scan with HijackThis. Post the new log as a reply to this thread.
Please let us know of any complications you had and how the computer is behaving.
  • 0

#3
death to z1.adserver

death to z1.adserver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the help my pc seems to have cleared up pretty well. I'm now an hour past following your instructions and I've seen no pop-ups or any warning of infection by a trojan. If anything comes up after all I'll post it. Now for the log:

Logfile of HijackThis v1.99.1
Scan saved at 17:06:16, on 05/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [Ins3DT] D:\INSTALL4\INS3DT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113312607421
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.n...cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A71EB1-DB38-44B0-A73D-25523C17A3FC}: NameServer = 62.45.45.45 62.45.46.46
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Edit: I forgot about the file you asked me to check out. Well, if there was one. Turns out it's nowhere to be found. Pretty strange but as long as I don't get problems I'm nog worrying about it.

Edited by death to z1.adserver, 29 May 2005 - 10:59 AM.

  • 0

#4
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Step 1
Open HijackThis, run a scan, then check the following:

O4 - HKLM\..\Run: [Ins3DT] D:\INSTALL4\INS3DT.EXE

With all other programs and browsers closed, click fix checked.


Step 2
Click on this link http://www.downloads...org/KillBox.zip to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it.
Start Killbox and click on Tools < Delete Temp Files. When that finishes, copy and paste the following line into the Full Path of File to Delete box in Killbox, and click the red button with the white X on it.

D:\INSTALL4\INS3DT.EXE

If it tells you it either could not be found or could not be deleted, put a mark next to "Delete on Reboot". Copy and paste the file into the file name box, When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the YES button.
If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.


Step 3
Scan with HijackThis. Post the new log as a reply to this thread.
Please let us know of any complications you had and how the computer is behaving.
  • 0

#5
death to z1.adserver

death to z1.adserver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The killbox program told me te file couldn't be found and when I tried the ''delete on reboot'' option it gave me the "PendingFileRenameOperations Registry Data has been Removed by External Process!" message. There's nothing new so I'll just post the log:

Logfile of HijackThis v1.99.1
Scan saved at 8:45:25, on 05/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113312607421
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.n...cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A71EB1-DB38-44B0-A73D-25523C17A3FC}: NameServer = 62.45.45.45 62.45.46.46
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
  • 0

#6
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Your new log appears clean. :tazz:

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK twice, and then click Yes when you are prompted to restart the computer.
4. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore'


I suggest that you get these programs to help keep the computer clean:

Spyware Blaster - Blocks bad ActiveX items from installing on your computer. Spyware Blaster runs silently in the background.
SpywareGuard - Real-time protection from spyware installation attempts
ie-spyad - Puts over 8,000 bad URLs into your restricted sites for Internet Explorer.
Google Toolbar - Blocks many unwanted pop-ups in Internet Explorer.
Firefox - 'Safer' alternative to the Internet Explorer web browser.

Here are three very good and free malware scanners:

Spybot Search and Destroy 1.3
AdAware SE v1.06
Set-up Instructions for Spybot S&D and Adaware SE
a² Free Trojan Remover

If you have them already, check to make sure that they are the newest version.

Update these regularly.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep Windows and your Anti-virus updated.
  • 0

#7
death to z1.adserver

death to z1.adserver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the help I haven't seen a pop-up for days now :tazz: . I also had a trojan I thought was gone but it seems to be back. It's called troj_startpag.qy. Do you think that a² can remove it without it coming back?

Edit: Just thought I should add this. After following the instructions in your first post the trojan was gone for a little while so could it be I was a little too late with cleaning up the system restore?

Edited by death to z1.adserver, 30 May 2005 - 11:00 AM.

  • 0

#8
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Please run the scan with and reboot when done.
Post a fresh HijackThis log as a reply to this thread so I can see if anything new shows up. I'm off to work now so I'll check in later tonight.
  • 0

#9
death to z1.adserver

death to z1.adserver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Two trojans were found by a² and are deleted. Here's the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 21:30:02, on 05/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113312607421
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.n...cabs/cssweb.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
  • 0

#10
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Your new log still appears clean. Let's try another scan to see if anything is hiding on the computer.

Click here to download mwavscan.
  • Double-click it to run it.
  • Read then accept the agreement.
  • Check Drive, and select all local drives, scan all files, then press 'scan'. (This may take a while and will not fix anything)
  • Once it finds something, it will prompt you so click OK.
  • When it is completed, anything found will be displayed in the lower pane.
  • Highlight it, copy it (CTRL+C), and paste (CTRL+V) it in your next reply.

  • 0

Advertisements


#11
death to z1.adserver

death to z1.adserver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dlmax Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP1.DIR\LMPRINT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08A60ACF-5B9E-489A-BED5-8DDDAA7211D6}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D20508E-59B9-4602-9CF9-49387E9D9BEB}" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{471A13E6-8188-47F9-B35E-277DE04FF2E2}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E022A40-7CC4-4EBA-A143-8D5C3B8838DB}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB1D8565-40E9-4616-984D-98465687E82C}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD2069F5-4ECD-48E0-A478-2D0E34D6DC32}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B69003B3-C55E-4b48-836C-BC5946FC3B28}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBBFCB14-3B21-491c-9E2A-B0F3D50F83FD}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7F152AA-2FE1-4cfa-9838-6782BF85C929}" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D8CB10E7-601A-4176-B6B5-CEFA244D4DEA}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF66AFC9-C61D-404a-B535-64FBF91D420F}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3A3B1D9-5675-43c0-BF04-37BE11939FB7}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB7199AB-79BF-11d2-8D94-0000F875C541}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\2HJG9432\dir63665106[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\4P27CLQN\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\98CNHLK5\cnt[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\9JNVLPSE\a570a97b[1].js infected by "Trojan-Downloader.JS.WinAD.c" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\CPA30DY3\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\CPA30DY3\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\CPA30DY3\X100172nl[1].exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\Q74XA9O7\free[1].htm infected by "Trojan.JS.Seeker-based" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\S5IBKXMB\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\Content.IE5\YJ8RQH87\wow[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\2HJG9432\dir63665106[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\4P27CLQN\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\98CNHLK5\cnt[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\9JNVLPSE\a570a97b[1].js infected by "Trojan-Downloader.JS.WinAD.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\CPA30DY3\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\CPA30DY3\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\CPA30DY3\X100172nl[1].exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\Q74XA9O7\free[1].htm infected by "Trojan.JS.Seeker-based" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\S5IBKXMB\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\YJ8RQH87\wow[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\A4MDXXR3\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\MCYLLC0H\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\O36M2975\X100172nl[1].exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\TCPE6GKU\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\TCPE6GKU\netherlands[2].exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\100.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\101.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\102.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\13A.tmp infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\14.tmp infected by "Trojan-Downloader.Win32.Small.xk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1F.tmp infected by "Trojan-Dropper.Win32.Small.nm" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2291.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2292.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2293.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2294.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2295.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22E9.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22EA.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22EB.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22EC.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22ED.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22F5.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22F6.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22F7.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22F8.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22F9.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22FA.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22FB.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22FC.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22FD.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22FE.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\22FF.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2300.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2301.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2302.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2303.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2304.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2305.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2306.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2307.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2308.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2309.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\230A.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\230B.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\230C.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\230D.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\230E.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\230F.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2310.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2311.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2312.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2313.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2314.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2315.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2316.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2317.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2318.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2319.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\231A.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\231B.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\231C.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\231D.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\231E.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\231F.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2320.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2321.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2322.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2323.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2324.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2325.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2326.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2327.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2328.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2329.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\232A.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\232B.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\232C.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\232D.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\232E.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\232F.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2330.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2331.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2332.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2333.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2334.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2335.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2336.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2337.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2338.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2339.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\233A.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\233D.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2340.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2341.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2344.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\27.tmp tagged as "not-a-virus:AdWare.DlMax.a". Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\28.tmp infected by "Trojan-Downloader.Win32.Stubby.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2B.tmp infected by "Trojan-Downloader.Win32.Small.xk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2C.tmp tagged as "not-a-virus:AdWare.DlMax.a". Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2D.tmp infected by "Trojan-Downloader.Win32.Stubby.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2F.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\3.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\30.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\32.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\4.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\5.tmp infected by "Trojan-Downloader.Win32.Small.xk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\6.tmp infected by "Trojan-Downloader.Win32.Small.xk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\62.tmp infected by "Trojan-Downloader.Win32.Small.xk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\63.tmp infected by "Trojan-Downloader.Win32.Small.xk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\7.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\71.tmp infected by "Trojan-Downloader.Win32.Small.aqt" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\8.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\80.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\9.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\A.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\A6.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\AF.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\B.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\B0.tmp infected by "Trojan-Downloader.Win32.Small.aqt" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\BF.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C0.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C1.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C2.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C3.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C4.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C6.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C7.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\C8.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\CA.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\CC.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\CD.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\CE.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\CF.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D0.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D1.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D2.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D3.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D4.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D5.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D6.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D7.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\D9.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\DB.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\E.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\EF.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\F0.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\F3.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\F4.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\F5.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\F6.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\F8.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\F9.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\FA.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\FB.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\FC.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\FD.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\FE.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\FF.tmp infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1659004503-688789844-839522115-1003\Dc333.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008385.dll infected by "Trojan-Downloader.Win32.IstBar.ik" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008386.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008387.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008388.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008389.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008391.exe tagged as "not-a-virus:AdWare.ToolBar.ISearch.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008399.exe infected by "Trojan-Clicker.Win32.Delf.bz" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008409.dll tagged as "not-a-virus:AdWare.AdMir.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008411.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008413.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008414.exe tagged as "not-a-virus:AdWare.180Solutions.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008419.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008423.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008514.exe tagged as "not-a-virus:AdWare.ToolBar.ISearch.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP90\A0008884.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP90\A0008885.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP91\A0008943.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP92\A0008985.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP92\A0009002.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP93\A0009015.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009442.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009444.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009447.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009449.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.af". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009451.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP99\A0009535.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002009.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002020.exe tagged as "not-a-virus:AdWare.Sahat.m". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002022.srg tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002023.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002034.exe infected by "Trojan-Clicker.Win32.Delf.bz" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002035.exe tagged as "not-a-virus:AdWare.ToolBar.ISearch.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002036.exe tagged as "not-a-virus:AdWare.Wintol.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002038.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002039.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002042.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002043.dll tagged as "not-a-virus:AdWare.AdMir.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002044.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002046.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002049.exe infected by "Trojan-Downloader.Win32.Wintool.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002056.exe infected by "Trojan-Downloader.Win32.Small.asf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002057.vxd tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002058.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002059.srg tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002060.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002067.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002068.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002069.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002072.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002073.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002075.exe tagged as "not-a-virus:AdWare.Wintol.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002076.dll tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002080.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002099.exe infected by "Trojan-Downloader.Win32.Agent.ex" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002105.dll infected by "Trojan-Downloader.Win32.IstBar.ik" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002107.dll tagged as "not-a-virus:AdWare.WebSearch.ae". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002108.exe tagged as "not-a-virus:AdWare.WebSearch.ae". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002109.dll tagged as "not-a-virus:AdWare.WebSearch.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002182.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003276.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003457.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003479.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\cssweb.dll tagged as "not-a-virus:AdWare.CSSWeb.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KXMBOD2R\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken

Is it just me or does this look pretty bad?
  • 0

#12
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
It's not that bad. Most of the items are already quarantined or are backed up in System Restore which we will flush when done.

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • Click Run Cleaner to run the program.
  • Caution : It is not recommended to use the 'Issues' tab as it is known to find legitimate items.
  • After it has completed it's process, click Exit.
Click on this link http://www.downloads...org/KillBox.zip to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry:

C:\WINDOWS\Downloaded Program Files\cssweb.dll


Check the option for "Delete on Reboot". Click the button with the red circle with a white X in it. Click 'yes'. When asked to reboot choose 'yes'.
If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.


Delete all quarantined items from Trend Micro Antivirus.

Scan again with mwavscan and post the new results.
  • 0

#13
death to z1.adserver

death to z1.adserver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All done. Here are the new results:

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dlmax Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\cssweb.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\cssweb.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP1.DIR\LMPRINT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08A60ACF-5B9E-489A-BED5-8DDDAA7211D6}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D20508E-59B9-4602-9CF9-49387E9D9BEB}" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{471A13E6-8188-47F9-B35E-277DE04FF2E2}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E022A40-7CC4-4EBA-A143-8D5C3B8838DB}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB1D8565-40E9-4616-984D-98465687E82C}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD2069F5-4ECD-48E0-A478-2D0E34D6DC32}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B69003B3-C55E-4b48-836C-BC5946FC3B28}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBBFCB14-3B21-491c-9E2A-B0F3D50F83FD}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C81B5180-AFD1-41a3-97E1-99E8D254DB98}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\cssweb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7F152AA-2FE1-4cfa-9838-6782BF85C929}" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D8CB10E7-601A-4176-B6B5-CEFA244D4DEA}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF66AFC9-C61D-404a-B535-64FBF91D420F}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3A3B1D9-5675-43c0-BF04-37BE11939FB7}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB7199AB-79BF-11d2-8D94-0000F875C541}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\A4MDXXR3\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\MCYLLC0H\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\O36M2975\X100172nl[1].exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\TCPE6GKU\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\TCPE6GKU\netherlands[2].exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP100\A0009660.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008385.dll infected by "Trojan-Downloader.Win32.IstBar.ik" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008386.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008387.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008388.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008389.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008391.exe tagged as "not-a-virus:AdWare.ToolBar.ISearch.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008399.exe infected by "Trojan-Clicker.Win32.Delf.bz" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008409.dll tagged as "not-a-virus:AdWare.AdMir.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008411.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008413.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008414.exe tagged as "not-a-virus:AdWare.180Solutions.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008419.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008423.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP85\A0008514.exe tagged as "not-a-virus:AdWare.ToolBar.ISearch.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP90\A0008884.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP90\A0008885.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP91\A0008943.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP92\A0008985.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP92\A0009002.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP93\A0009015.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009442.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009444.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009447.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009449.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.af". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP98\A0009451.exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
File C:\System Volume Information\_restore{9BF3FDE1-1F07-4EB5-B7C0-AB2A0C73B08B}\RP99\A0009535.exe infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002009.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002020.exe tagged as "not-a-virus:AdWare.Sahat.m". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002022.srg tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002023.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002034.exe infected by "Trojan-Clicker.Win32.Delf.bz" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002035.exe tagged as "not-a-virus:AdWare.ToolBar.ISearch.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002036.exe tagged as "not-a-virus:AdWare.Wintol.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002038.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002039.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002042.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002043.dll tagged as "not-a-virus:AdWare.AdMir.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002044.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002046.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002049.exe infected by "Trojan-Downloader.Win32.Wintool.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002056.exe infected by "Trojan-Downloader.Win32.Small.asf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002057.vxd tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002058.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002059.srg tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002060.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002067.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002068.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002069.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002072.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002073.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002075.exe tagged as "not-a-virus:AdWare.Wintol.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002076.dll tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002080.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002099.exe infected by "Trojan-Downloader.Win32.Agent.ex" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002105.dll infected by "Trojan-Downloader.Win32.IstBar.ik" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002107.dll tagged as "not-a-virus:AdWare.WebSearch.ae". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002108.exe tagged as "not-a-virus:AdWare.WebSearch.ae". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002109.dll tagged as "not-a-virus:AdWare.WebSearch.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002182.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003276.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003457.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003479.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KXMBOD2R\netherlands[1].exe tagged as not-a-virus:Dialer.Win32.Agent.e. No Action Taken.
  • 0

#14
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Just a few items that do not want to go away easily.

Start Pocket Killbox, select the Delete on Reboot option.
In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure!):

C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\A4MDXXR3\netherlands[1].exe
C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\MCYLLC0H\netherlands[1].exe
C:\Documents and Settings\Guup.JEROEN\Local Settings\Temporary Internet Files\Content.IE5\O36M2975\X100172nl[1].exe
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\TCPE6GKU\netherlands[1].exe
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\TCPE6GKU\netherlands[2].exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KXMBOD2R\netherlands[1].exe


Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered, press the YES button at both prompts so that your computer restarts.
If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.


Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK twice, and then click Yes when you are prompted to restart the computer.
4. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore'


Scan again with mwavscan and post the new results.
  • 0

#15
death to z1.adserver

death to z1.adserver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The new results:

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dlmax Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\cssweb.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\cssweb.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP1.DIR\LMPRINT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08A60ACF-5B9E-489A-BED5-8DDDAA7211D6}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D20508E-59B9-4602-9CF9-49387E9D9BEB}" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{471A13E6-8188-47F9-B35E-277DE04FF2E2}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E022A40-7CC4-4EBA-A143-8D5C3B8838DB}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB1D8565-40E9-4616-984D-98465687E82C}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD2069F5-4ECD-48E0-A478-2D0E34D6DC32}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B69003B3-C55E-4b48-836C-BC5946FC3B28}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBBFCB14-3B21-491c-9E2A-B0F3D50F83FD}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C81B5180-AFD1-41a3-97E1-99E8D254DB98}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\cssweb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7F152AA-2FE1-4cfa-9838-6782BF85C929}" refers to invalid object "C:\Program Files\Common Files\Oem Common\robj1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D8CB10E7-601A-4176-B6B5-CEFA244D4DEA}" refers to invalid object "C:\Program Files\Common Files\Oem Common\bayesobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF66AFC9-C61D-404a-B535-64FBF91D420F}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3A3B1D9-5675-43c0-BF04-37BE11939FB7}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB7199AB-79BF-11d2-8D94-0000F875C541}" refers to invalid object "C:\Program Files\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002009.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002020.exe tagged as "not-a-virus:AdWare.Sahat.m". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002022.srg tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002023.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002034.exe infected by "Trojan-Clicker.Win32.Delf.bz" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002035.exe tagged as "not-a-virus:AdWare.ToolBar.ISearch.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002036.exe tagged as "not-a-virus:AdWare.Wintol.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002038.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002039.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002042.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002043.dll tagged as "not-a-virus:AdWare.AdMir.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002044.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002046.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002049.exe infected by "Trojan-Downloader.Win32.Wintool.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002056.exe infected by "Trojan-Downloader.Win32.Small.asf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002057.vxd tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002058.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002059.srg tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002060.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002067.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002068.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002069.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002072.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002073.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002075.exe tagged as "not-a-virus:AdWare.Wintol.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002076.dll tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002080.exe tagged as "not-a-virus:AdWare.BargianBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002099.exe infected by "Trojan-Downloader.Win32.Agent.ex" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002105.dll infected by "Trojan-Downloader.Win32.IstBar.ik" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002107.dll tagged as "not-a-virus:AdWare.WebSearch.ae". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002108.exe tagged as "not-a-virus:AdWare.WebSearch.ae". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002109.dll tagged as "not-a-virus:AdWare.WebSearch.aa". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0002182.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003276.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003457.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{C8EE718B-B9DB-424F-A761-CDC867BC6C69}\RP12\A0003479.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

It still scanned system restore directories. Does that mean the restore points didn't get deleted? I hope I didn't do it wrong or something.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP