Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surf Sidekick 3 And I Think Other Stuff


  • This topic is locked This topic is locked
49 replies to this topic

#1 ayo_sato

ayo_sato

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 23 March 2006 - 02:53 PM

I have deleted it using the tutuorial in the other form and it keeps coming back. Also, when i delete it my computer still runs slow. I can not use my internet explorer, I have to use Opera or Firefox. For the last week, I have used adaware and spybot everyday and everday it finds 100 plus things to delete. I dont know much about computers. Any help would be appreciated. Here is my Hijack log.



Logfile of HijackThis v1.99.1
Scan saved at 11:51:32 AM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\mousepad5.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\zxvjclpA.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\eee2.exe
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\2320202A272328.exe
C:\WINDOWS\sys09158040590.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WNSXS~1\mshta.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\10b2.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\=NOI.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\limewire\limewire.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [zxvjclpA] C:\WINDOWS\zxvjclpA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe
O4 - HKLM\..\Run: [54f6] C:\windows\eee2.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [A19E9EA8A5A1A6A3] 2320202A272328.exe
O4 - HKLM\..\Run: [sys09158040590] C:\WINDOWS\sys09158040590.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [Scbu] "C:\PROGRA~1\WNSXS~1\mshta.exe" -vt yazr
O4 - HKCU\..\Run: [Gybcyca] C:\Program Files\Common Files\s?mbols\m?config.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: repairs303169560.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\mgc40u.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by ayo_sato, 23 March 2006 - 05:32 PM.


BC AdBot (Login to Remove)

 


#2 ayo_sato

ayo_sato
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 23 March 2006 - 05:34 PM

Edit* sorry didnt see the bump rule

Edited by ayo_sato, 23 March 2006 - 06:22 PM.


#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:44 AM

Posted 23 March 2006 - 08:19 PM

Hi Ayo_Sato, :thumbsup:



I am sorry I have bad news for you. :flowers: This a computer riddled with infection. There are several things going on but the most important one is Rbot. You have W32/Rbot-CKM which runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels, evidenced by this line in your hijackthis:

O4 - HKLM\..\Run: [csr] csrrs.exe

You also have an adult-content dialler, in addition to SurfSideKick, Alcra, Webhancer and some other adware and trojans. In all honesty, if this were my computer I would reformat and start afresh.

This is our standard warning in such cases:

You are strongly advised to do the following immediately:

1. Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.

and do what ever else seems appropriate.


Here is some more to read:

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

#4 ayo_sato

ayo_sato
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 23 March 2006 - 08:32 PM

I really realy dont want to reformat my computer, is that my only option?

#5 ayo_sato

ayo_sato
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 23 March 2006 - 08:35 PM

Also, I used ewido and it dropped my memory usage from the high 70s back to around the 30s 40s where it usually is. Dont know what that means, just thought you should know.

Latest

Logfile of HijackThis v1.99.1
Scan saved at 11:51:48 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\mousepad5.exe
C:\WINDOWS\zxvjclpA.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\sys09158040590.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\PROGRA~1\WNSXS~1\mshta.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [zxvjclpA] C:\WINDOWS\zxvjclpA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [sys09158040590] C:\WINDOWS\sys09158040590.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [Scbu] "C:\PROGRA~1\WNSXS~1\mshta.exe" -vt yazr
O4 - HKCU\..\Run: [Gybcyca] C:\Program Files\Common Files\s?mbols\m?config.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: __delete_on_reboot__svchost.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\mgc40u.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by ayo_sato, 24 March 2006 - 02:53 AM.


#6 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:44 AM

Posted 24 March 2006 - 07:49 AM

Hi Ayo_Sato,

I really realy dont want to reformat my computer, is that my only option?


Your only option is not formatting and reinstalling. We can clean the computer to the best we can, but you have to keep in mind that we can never guarantee that the computer will be safe once you had a keylogger in there with backdoor capabilities, which you had. As long as you know that and are willing to take the risk, we can go ahead and clean it.

I see that you've been working hard and was able to manage to get rid of some of the malware. Let's continue if you want to clean it.

Please go to Start>Control Panel>Add/Remove Programs and remove the following programs, if there:


Media Gateway


==================

Download ATF Cleaner by Atribune and save it to your Desktop.

=================

I see that you've downloaded Ewido and Spysweeper. Please update them to be used later.

=================

Adaware and Spybot are excellent programs, but running them at the startup will slow down your computer. Along with Spysweeper, that may be the reason for your memory usage. Please open them and reconfigure them not to do that.

===================

" Download Brute Force Uninstaller.
" Unzip it to a folder of it's own (c:\BFU).
" Read here how to unzip/extract properly:
" http://metallica.geekstogo.com/xpcompressedexplanation.html
"
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover.
Save it in the folder you made earlier (c:\BFU).

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\p2pnetwork.bfu
Press execute and let it do itís job.
"
Wait for the complete script execution box to popup and press OK.
"
Press exit to terminate the BFU program.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

===============================
  • Close all open Explorer windows and browsers
  • Run HijackThis
  • Click on the Scan button and when complete
  • Put a check beside all of the items listed below
  • Click on the "Fix Checked" button
  • When complete and all files removed, close the application.

R3 - Default URLSearchHook is missing
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [zxvjclpA] C:\WINDOWS\zxvjclpA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [sys09158040590] C:\WINDOWS\sys09158040590.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [Scbu] "C:\PROGRA~1\WNSXS~1\mshta.exe" -vt yazr
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\mgc40u.dll (file missing)


===============================

Make sure that you can see hidden files
" Click Start
" Open My Computer
" Select the Tools menu and click Folder Options
" Select the View Tab
" Under the Hidden files and folders heading select Show hidden files and folders
" Uncheck the Hide protected operating system files (recommended) option
" Click Yes to confirm
" Click OK

==========================

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Look in here for more information.

==========================

Delete the following files and folders, using Windows Explorer, if found:

C:\WINDOWS\sys09158040590.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\zxvjclpA.exe
C:\windows\keyboard5.exe
C:\windows\mousepad5.exe
C:\windows\newname5.exe

C:\Program Files\MediaGateway
C:\Program Files\winupdates
C:\PROGRAM FILES\WNSXS~1 <== it should be a folder starting with these letters

=======================

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Opera :
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu

===========================

Still in Safe Mode,

Run Ewido.
Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says 'Perform action with all infections' then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close Ewido-Anti-Malware.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!

==========================

Reboot your computer in Normal Mode.


==============================

Run Webroot's SpySweeper

=========================

Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
==========================

Post back the logs from:

SpySweeper,
Ewido
Kaspersky
and a new HijackThis log, please.

Edited by amateur, 24 March 2006 - 07:54 AM.


#7 ayo_sato

ayo_sato
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 25 March 2006 - 07:34 AM

Amateur,

Sorry it took so long to reply, I tried to follow ur intructions exactly but had some problems. I was unable to dl "Alcra Remover", when I right clicked and saved- it was just a web page to some forum. I then searched the forum for "Alcra Remover" and found it but when I tried to dl it, it said it wasnt allowed because of some security thing. Maybe you know what that is? Also, I ran Webroot Spysweeper but could not find where to save the log. Would like to thank you in advance for all your help. Here all the Ewido
Kaspersky and a new HijackThis logs.

Ewido

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:24:24 PM, 3/24/2006
+ Report-Checksum: 3B5BA161

+ Scan result:

:mozilla.6:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.7:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.8:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.9:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Euroclick : Error during cleaning
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Euroclick : Error during cleaning
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Euroclick : Error during cleaning
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Euroclick : Error during cleaning
:mozilla.22:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.23:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.24:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.26:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.27:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.28:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.37:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.38:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.39:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.40:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.41:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.42:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.44:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.45:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.64:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.103:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Overture : Error during cleaning
:mozilla.108:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.121:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.122:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.123:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.124:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.130:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.131:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.132:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.133:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.134:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.135:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.136:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.137:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.138:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.139:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.140:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.141:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.142:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.143:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.144:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.156:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.157:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.158:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.159:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.160:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.161:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.162:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.163:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.164:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.165:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.166:C:\Program Files\support.com\backup\co\cookies.txt\18137_50d58c639_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.42:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.43:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning
:mozilla.44:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Valueclick : Error during cleaning
:mozilla.45:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Valueclick : Error during cleaning
:mozilla.47:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning
:mozilla.49:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.50:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.51:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.52:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.53:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.60:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.61:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.62:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.63:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.64:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.65:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.66:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.67:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.68:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.69:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.70:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.71:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.72:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.73:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.75:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning
:mozilla.76:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning
:mozilla.77:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning
:mozilla.78:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning
:mozilla.106:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning
:mozilla.118:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.119:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.120:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.126:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.127:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.128:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.131:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.132:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.133:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.134:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.135:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.136:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.137:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.138:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.139:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.140:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.141:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.144:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tradedoubler : Error during cleaning
:mozilla.154:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.163:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.164:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.165:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.166:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.167:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning
:mozilla.168:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.169:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.170:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.171:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.172:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.173:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning
:mozilla.174:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.175:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.176:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.179:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.180:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.181:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.182:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.191:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.192:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.197:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.198:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.199:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.200:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.218:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning
:mozilla.221:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning
:mozilla.229:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.230:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning
:mozilla.231:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.232:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.237:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.238:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.239:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.240:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.241:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.244:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning
:mozilla.254:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning
:mozilla.255:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning
:mozilla.272:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning
:mozilla.273:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning
:mozilla.274:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning
:mozilla.275:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning
:mozilla.276:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.277:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.278:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.279:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.284:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.297:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.298:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.299:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.300:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.308:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Googleadservices : Error during cleaning
:mozilla.314:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adtech : Error during cleaning
:mozilla.315:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adtech : Error during cleaning
:mozilla.323:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Revenue : Error during cleaning
:mozilla.324:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Valueclick : Error during cleaning
:mozilla.327:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.328:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.329:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.330:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.331:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.332:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.334:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Targetnet : Error during cleaning
:mozilla.335:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Targetnet : Error during cleaning
:mozilla.337:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.338:C:\Program Files\support.com\backup\co\cookies.txt�92;46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.339:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.340:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.341:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.342:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.343:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.344:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.345:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.346:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Paycounter : Error during cleaning
:mozilla.347:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.353:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.355:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Clickzs : Error during cleaning
:mozilla.356:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Clickzs : Error during cleaning
:mozilla.373:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexlist : Error during cleaning
:mozilla.374:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Sexlist : Error during cleaning
:mozilla.377:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Masterstats : Error during cleaning
:mozilla.380:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.389:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.390:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.391:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.392:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.398:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.410:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.425:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.426:C:\Program Files\support.com\backup\co\cookies.txt\46890_5bfed4e67_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.33:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning
:mozilla.38:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.39:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.42:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning
:mozilla.43:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.44:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.45:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.46:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.49:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning
:mozilla.50:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.51:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.53:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.54:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.55:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.59:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.60:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.61:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.62:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.63:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.64:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.65:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.66:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.67:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.68:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.69:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.70:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.71:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.72:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.73:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.85:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.86:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.87:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.88:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.90:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.91:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.92:C:\Program Files\support.com\backup\co\cookies.txt\9726_535256a46_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning


::Report End

Kaspersky

KASPERSKY ON-LINE SCANNER REPORT
Saturday, March 25, 2006 12:12:57 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/03/2006
Kaspersky Anti-Virus database records: 183913


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects 89089
Number of viruses found 25
Number of infected objects 645
Number of suspicious objects 0
Duration of the scan process 01:13:34

Infected Object Name Virus Name Last Action
C:\Program Files\Common Files\Yazzle1119OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0004193.exe/data0012/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0004193.exe/data0012 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0004193.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010196.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010196.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010196.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010217.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010217.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010222.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010287.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010287.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010287.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010317.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010317.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010318.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010440.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010440.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010440.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010457.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010457.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010458.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011443.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011443.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011443.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011518.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011518.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011518.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011532.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011532.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011565.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011565.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011565.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011579.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011579.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011583.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011621.exe Infected: Trojan-Downloader.Win32.Adload.af skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011673.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011673.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011746.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011746.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011746.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011752.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011768.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011768.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011789.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011789.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011789.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011819.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011819.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011820.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011871.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011871.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011871.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011877.exe Infected: Trojan-Downloader.Win32.VB.zg skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011885.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011885.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011886.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011954.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011954.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011954.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011966.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011966.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011967.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011995.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011995.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011995.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012008.exe Infected: Trojan-Downloader.Win32.VB.zg skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012018.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012018.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012019.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012038.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012038.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012038.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012049.exe Infected: Trojan-Downloader.Win32.VB.zg skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012060.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012060.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012064.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012087.exe Infected: Trojan-Downloader.Win32.Adload.af skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013038.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013038.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013038.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013047.exe Infected: Trojan-Downloader.Win32.VB.zg skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013057.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013057.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013060.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014038.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014038.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014038.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014092.exe Infected: Trojan-Downloader.Win32.Adload.af skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014093.exe Infected: Trojan-Downloader.Win32.VB.zg skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014103.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014104.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014105.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014106.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014107.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014108.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014109.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014110.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014111.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014112.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014113.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014114.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014115.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014116.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014117.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014118.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014119.exe Infected: Trojan-Dropper.Win32.VB.lu skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014120.exe Infec

Edited by ayo_sato, 25 March 2006 - 07:36 AM.


#8 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:44 AM

Posted 25 March 2006 - 08:52 AM

Hi Ayo_Sato,

Alcra Remover" and found it but when I tried to dl it, it said it wasnt allowed because of some security thing.

Your security settings may have prevented it. Let me see the HijackThis log first and if needed, we'll run it again. Please do the following:

Go to Add/Remove Programs and remove the following program, if there:

C:\Program Files\support.com\

======================

Boot into Safe mode following my earlier instructions.

======================

Then, using Windows Explorer, navigate and delete the following folders and files: if there: (Make sure that you can see hidden files, as instructed earlier)

C:\Program Files\support.com

C:\Program Files\Common Files\Yazzle1119OinAdmin.exe


=======================

Reboot in Normal Mode

=======================

Update Spysweeper (it has updated again yesterday) and run it again, save the log to a location you can find.

Post a new HijackThis log and the Spysweeper log, please.

#9 ayo_sato

ayo_sato
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 25 March 2006 - 07:15 PM

Amateur,

Again, I can find where it allows you to save a log on Spysweeper. Sorry. Here is the latest HijackThis log. Edit* Just realized that in my last post I didnt post the HijackThis log, sorry about that.

Logfile of HijackThis v1.99.1
Scan saved at 4:14:07 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\sys01580405901.exe
C:\WINDOWS\errorhandler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [sys01580405901] C:\WINDOWS\sys01580405901.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gybcyca] C:\Program Files\Common Files\s?mbols\m?config.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by ayo_sato, 25 March 2006 - 07:18 PM.


#10 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:44 AM

Posted 25 March 2006 - 09:30 PM

Hi Ayo_Sato,

The spysweeper log should be in the Spysweeper folder in the Program Files directory. If you can find it, post it. If not, don't worry.

We'll need to disable spysweeper so that it will not interfere with the HJT fix.

1. Open Spysweeper and click on Options > Program Options and uncheck "load at windows startup".
2. On the left click "shields" and then uncheck everything there.
3. Uncheck "home page shield".
4. Uncheck "automatically restore default without notification".
5. Exit the program.

You can re-enable these when we are finished here.

=======================

Download and unzip BFUzip from HERE.

Run the program and click the Web button as shown here:

Posted Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html


======================

Now, run HijackThis. Close all windows and browsers except HijackThis.

Click on Open Misc Tools
Click on Delete a File On Reboot
Click once on the file below to select it:

C:\WINDOWS\sys01580405901.exe

do the same for this one:

C:\WINDOWS\errorhandler.exe

Click on the Back button to exit Process Manager

Now, back at the main screen of HijackThis, click on Scan and put a check in front of the following

R3 - Default URLSearchHook is missing

O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)

O4 - HKLM\..\Run: [sys01580405901] C:\WINDOWS\sys01580405901.exe

O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe


======================

Please download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version 1.0.6.)

If it's NOT the version 1.0.6, can you then uninstall your current version/delete folder: C:\Program Files\Lavasoft & empty recycle bin. Finally install the latest version.

Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lavasoft.de.edgesuite.net/public/defs.zip

Download Lavasoft's VX2 Cleaner plug-in HERE
  • Install the VX2 Cleaner
  • Start Ad-Aware SE
  • Go to "Plug-ins"
  • Select the VX2 Cleaner plug-in and click "Run Tool" (Before running the VX2 Cleaner, make sure other anti-virus or anti-spyware applications are closed.)
  • Click "OK" when asked if you want to execute this tool.
  • If your computer isn't infected, click "Close".
If your computer is infected;
  • Select "Clean"
  • Reboot your system.
  • Scan your computer with Ad-Aware:

    Set up the Configurations as follows:
    • Click the Gear wheel at the top of the Ad-Aware window
    • Click General > Safety & Settings: Check (Green) all three.
    • Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
    Click on "Proceed"
    Click on "Scan Now"
    Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
    Select "Search for low-risk threats"
    Run the scanner using the Full Scan (Perform full system scan) mode.
    When the scan has completed, select Next.
    In the Scanning Results window, select the "Scan Summary" tab.
    Check the box next to every "target family" for removal.
    Click "Next", Click "OK".
  • Reboot your computer again
  • Run a second scan (With Ad-aware & VX2 Cleaner) to make sure the files have been removed from your computer
Post a fresh HiJackThis log once done. :thumbsup:

#11 ayo_sato

ayo_sato
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 26 March 2006 - 04:18 PM

Amateur,

Was able to do everything you told me to do. Here is the lastest log.

Logfile of HijackThis v1.99.1
Scan saved at 1:17:23 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gybcyca] C:\Program Files\Common Files\s?mbols\m?config.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#12 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:44 AM

Posted 26 March 2006 - 04:30 PM

Hi Ayo_Sato,

It's looking much better. Almost there, but not quite yet.

If you re-enabled Spysweeper, please disable it like you did before. Since Spysweeper is a trial version, you may even like to remove it from Add/Remove Programs in Control Panel, unless you want to pay for it and keep it.

============================

Press Ctrl-Alt-Del once to bring up the End Task dialogue. Highlight "WINSERVS" and select End Task. (It may take a few moments for a "not responding" warning to appear. Press End Task again.) Do the same for any occurrence of "WINSERVN", if it exists.

Clickspring provides the following uninstaller to remove PurityScan: http://www.purityscan.com/ps_uninstaller.exe
or
http://www.purityscan.com/uninstall.html

Run the Uninstaller per instructions. Answer any questions carefully.

============================

Scan with HijackThis and put a checkmark against the following entry, if still there:

O4 - HKCU\..\Run: [Gybcyca] C:\Program Files\Common Files\s?mbols\m?config.exe

Close all browsers and windows except HijackThis and click on Fix checked.

============================

Using Windows Explorer, navigate to and delete the following folders, if found:

C:\Program Files\Common Files\ s?mbols
C:\Program Files\Webroot <==== if you uninstalled it.

============================

Run ATF Cleaner

============================

Run Ewido again. Save the report.

============================

Run Kaspersky and save the report.

============================

Post back the Ewido log, Kaspersky scan results and a new HijackThis log please. Let me know the computer is running now.

Edited by amateur, 26 March 2006 - 09:20 PM.


#13 ayo_sato

ayo_sato
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 28 March 2006 - 01:42 AM

Amateur,

Computer is running alot better now, but still a little slower than before. Here are the logs you asked for.

Ewido

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:17:00 PM, 3/27/2006
+ Report-Checksum: 9829D3E6

+ Scan result:

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\UE.exe -> Adware.MediaTickets : Cleaned with backup


::Report End

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, March 27, 2006 10:35:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/03/2006
Kaspersky Anti-Virus database records: 184451
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 88435
Number of viruses found: 27
Number of infected objects: 648
Number of suspicious objects: 0
Duration of the scan process: 01:07:30

Infected Object Name / Virus Name / Last Action
C:\Program Files\Common Files\Yazzle1119OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\WіnSxS\mshta.exe Infected: Trojan-Downloader.Win32.PurityScan.w skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0004193.exe/data0012/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0004193.exe/data0012 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0004193.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010196.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010196.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010196.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010217.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010217.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010222.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010287.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010287.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010287.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010317.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010317.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010318.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010440.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010440.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010440.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010457.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010457.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0010458.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011443.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011443.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011443.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011518.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011518.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011518.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011532.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011532.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011565.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011565.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011565.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011579.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011579.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011583.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011621.exe Infected: Trojan-Downloader.Win32.Adload.af skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011673.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011673.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011675.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011746.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011746.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011746.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011752.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011768.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011768.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011789.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011789.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011789.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011819.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011819.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011820.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011871.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011871.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011871.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011877.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011885.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011885.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011886.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011954.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011954.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011954.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011966.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011966.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011967.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011995.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011995.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0011995.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012008.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012018.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012018.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012019.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012038.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012038.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012038.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012049.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012060.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012060.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012064.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0012087.exe Infected: Trojan-Downloader.Win32.Adload.af skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013038.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013038.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013038.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013047.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013057.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013057.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0013060.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014038.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014038.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014038.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014092.exe Infected: Trojan-Downloader.Win32.Adload.af skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014093.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014103.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014104.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014105.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014106.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014107.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014108.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014109.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014110.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014111.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014112.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014113.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014114.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014115.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014116.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014117.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014118.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014119.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014120.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014121.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014122.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014123.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014124.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014125.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014126.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014127.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014128.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014129.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014130.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014131.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014132.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014133.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014134.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014135.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014136.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014137.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014138.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014139.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014140.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014141.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014142.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014143.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014144.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014145.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014146.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014147.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014148.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014149.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014150.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014151.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014152.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014153.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014154.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014155.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014156.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014157.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014158.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014159.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014160.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014161.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014162.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014163.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014164.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014165.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014166.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014167.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014168.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014169.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014170.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014171.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014172.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014173.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014174.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014175.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014176.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014177.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014178.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014179.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014180.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014181.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014182.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014183.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014184.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014185.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014186.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014187.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014188.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014189.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014190.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014191.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014192.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014193.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014194.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014195.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014196.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014197.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014198.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014199.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014200.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014201.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014202.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014203.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014204.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014205.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014206.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014207.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014208.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014209.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014210.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014211.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014212.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014213.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014214.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014215.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014216.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014217.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014218.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014219.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014220.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014221.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014222.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014223.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014224.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014225.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014226.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014227.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014228.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014229.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014230.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014231.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014232.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014233.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014234.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014235.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014236.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014237.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014238.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014239.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014240.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014241.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014242.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014243.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014244.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014245.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014246.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014247.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014248.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014249.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014250.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014251.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014252.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014253.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014254.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014255.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014256.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014257.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014258.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014259.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014260.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014261.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014262.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014263.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014264.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014265.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014266.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014267.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014268.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014269.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014270.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014271.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014272.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014273.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014274.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014275.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014276.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014277.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014278.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014279.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014280.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014281.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014282.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014283.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014284.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014285.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014286.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014287.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014288.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014289.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014290.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014291.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014292.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014293.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014294.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014295.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014296.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014297.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014298.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014299.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014300.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014301.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014302.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014303.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014304.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014305.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014306.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014307.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014308.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014309.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014310.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014311.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014312.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014313.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014314.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014315.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014316.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014317.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014318.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014319.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014320.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014321.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014322.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014323.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014324.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014325.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014326.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014327.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014328.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014329.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014330.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014331.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014332.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014333.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014334.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014335.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014336.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014337.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014338.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014339.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014340.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014341.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014342.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014343.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014344.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014345.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014346.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014347.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014348.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014349.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014350.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014351.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014352.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014353.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014354.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014355.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014356.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014357.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014358.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014359.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014360.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014361.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014362.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014363.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014364.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014365.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014366.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014367.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014368.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014369.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014370.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014371.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014372.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014373.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014374.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014375.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014376.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014377.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014378.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014379.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014380.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014381.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014382.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014383.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014384.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014385.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014386.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014387.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014388.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014389.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014390.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014391.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014392.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014393.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014394.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP35\A0014395.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_res

#14 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:44 AM

Posted 28 March 2006 - 06:11 AM

Can you give me a new HijackThis log, please?

#15 ayo_sato

ayo_sato
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 28 March 2006 - 06:46 AM

Weird. I swore I put it in, second time that happened. Is there a post limit or something? Sorry about that again. Here it is-

Logfile of HijackThis v1.99.1
Scan saved at 3:43:24 AM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Program Files\Burn4Free Toolbar\v2.0.0.4\Burn4Free_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138751145\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users