Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Opens Ads By Itself.(ad-a-w-a-r-e.com And Others)


  • This topic is locked This topic is locked
22 replies to this topic

#1 metalgeek

metalgeek

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 26 April 2006 - 01:53 AM

Hello. My Firefox keeps opening tabs on it's own(even while closed) that open ads. I also keep getting ads on my desktop like this:

Posted Image

The "tab ads" resize the window when I attempt to close them. Spybot and Ad-aware don't get rid of them, and AVG didn't do anything. I even tried a system restore.

I'm not very computer saavy, and I'm at my wits end with this. ANY help is appreciated.

My HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:50:25 PM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AIM\aim.exe
C:\Documents and Settings\Dane\My Documents\?asks\?srss.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win2F.tmp.exe
C:\Documents and Settings\Dane\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ioivi.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,skoatsv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\RACLE~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Qbnxti] C:\Documents and Settings\Dane\My Documents\?asks\?srss.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {36CC2E89-2662-23BD-307A-2E877D7DB2B2} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://grcam.eclipsed.net/activex/AMC.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://208.186.253.87/activex/AxisCamControl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\jt2407fqe.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\q4psle771h.dll
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\SYSTEM32\winbue32.dll

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:34 AM

Posted 26 April 2006 - 11:13 AM

Hello there,

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :thumbsup:

* You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls.
Understanding and using firewalls

* Download KillBox from here
Unzip the folder to your desktop.
Don't run it yet.

* I see you have Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
* Your Java is out of date and the older versions are being exploited by malware. It is the likely cause of your infection, so we need to get it patched up as soon as possible.
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp
* Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.
To Get rid of NewDotNet, go to:
Start > Control Panel > Add or Remove Programs and remove the following:
New.Net Applications or New.Net Domains (anything that says New.Net)
If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

* Open notepad and copy and paste next in it:

@ echo off
cd\
cd C:\Documents and Settings\Dane\My Documents
dir /x > C:\directory.txt
cd C:\WINDOWS
dir >> C:\directory.txt
start C:\directory.txt
exit

Save this as look.bat
Choose to save as all files.
This is how the batch must look afterwards: Posted Image
Doubleclick look.bat and copy the contents of the text file that opens back here.

* Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Start Killbox.exe
* Select the Delete on Reboot option.
* Click on the All Files button.
* Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\ioivi.exe
C:\WINDOWS\system32\skoatsv.exe
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\SYSTEM32\winbue32.dll
C:\WINDOWS\system32\q4psle771h.dll


* Go to the File menu of Killbox, and choose Paste from Clipboard.
NOTE: You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
* Click the Delete File button that is a red-and-white X. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this).

When you reboot, please Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ioivi.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,skoatsv.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\RACLE~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Qbnxti] C:\Documents and Settings\Dane\My Documents\?asks\?srss.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {36CC2E89-2662-23BD-307A-2E877D7DB2B2} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://grcam.eclipsed.net/activex/AMC.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://208.186.253.87/activex/AxisCamControl.cab
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\jt2407fqe.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\q4psle771h.dll
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\SYSTEM32\winbue32.dll


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

* Open Ewido anti-malware
Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

* Please reboot back to normal mode and please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.

*Download FindQool.zip save it to your C:\.

Extract (unzip) the files inside into their own folder called FindQool.
Read here how to unzip/extract properly:
Xp Compressed Explanation

This folder should be present on your C:\
In case it's not present there, move the FindQool folder to C:\ otherwise it won't work.
Then open the FindQool folder.
Locate and double-click the Qlocate.bat file to run it.

This will scan your system.
Wait until a text opens.

Please post back with:
1) New HJT log
2) Look.bat contents
3) Ewido log
4) Look2me-Destroyer Log
5) FindQoo log.

David

#3 metalgeek

metalgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 28 April 2006 - 04:25 AM

Thanks for responding! :thumbsup:

Here are the logs...





HIJACK THIS:

Logfile of HijackThis v1.99.1
Scan saved at 2:21:26 AM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dane\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ioivi.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,skoatsv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe



LOOK.BAT:

Volume in drive C has no label.
Volume Serial Number is C840-0034

Directory of C:\Documents and Settings\Dane\My Documents

04/25/2006 04:56 PM <DIR> .
04/25/2006 04:56 PM <DIR> ..
04/22/2006 12:42 AM 218 1SONGS~1.RTF 1songstodownload.rtf
02/10/2006 02:49 AM 10,725 2006MO~1.RTF 2006 Movies.rtf
10/26/2005 05:20 PM 2,108 50ISAB~1.RTF 50 is a butt..rtf
11/15/2005 05:54 AM 3,526 AMETAL~1.PXJ a metal cd.pxj
08/15/2005 04:26 PM 6,641 ACTUAL~1.RTF ACTUALquizzes.rtf
04/15/2005 07:33 PM 17,388,114 ALINTE~1.WMV AlInterviewsEminem.wmv
01/09/2005 11:33 PM 4,073 ANOTER~1.PXJ anoternewone.pxj
03/11/2005 04:28 AM 3,810 anotha1.pxj
05/03/2005 11:35 PM 4,265 ANOTHE~1.PXJ anothercdagain.pxj
03/28/2006 03:42 AM 4,070 ANOTHE~2.PXJ Anotheroneagain.pxj
09/09/2005 01:11 AM 3,600 ARCHEN~1.PXJ arch enemy live.pxj
10/17/2005 02:32 PM 1,307 ARTEKD~1.RTF ARTEK deck.rtf
01/12/2006 05:15 AM 2,142 ASIANM~1.RTF Asian movies.rtf
09/13/2004 09:25 PM 3,051 AUDIO_~1.PXJ Audio_040913_2125.pxj
09/14/2004 06:35 PM 3,400 AUDIO_~2.PXJ Audio_040914_1615.pxj
06/05/2005 01:59 AM 3,963 AUDIO_~3.PXJ Audio_050605_0159.pxj
04/21/2006 04:06 AM 934 babelist.rtf
04/23/2006 03:54 PM 1,032 BANDST~1.RTF bands to check out..rtf
02/02/2005 12:11 AM 8,993 biggie.rtf
01/14/2005 02:28 AM 2,918 BODOMS~1.PXJ bodomsample.pxj
04/16/2005 11:33 PM 2,995 BRANDO~1.PXJ brandons birthday.pxj
10/04/2005 08:08 PM 204 BRIANP~1.RTF brian peppers.rtf
08/20/2005 06:55 PM 506 BRUCEL~1.RTF bruceleeqoute.rtf
02/23/2005 01:53 PM 807,721 cardinfo.dat
06/16/2005 01:09 AM 1,419 CHANGI~1.RTF changing text.rtf
12/10/2005 10:31 PM 1,063 CHRIST~2.RTF Christmas '05.rtf
12/14/2004 03:06 PM 541 CHRIST~1.RTF christmaslist.rtf
10/13/2005 03:30 AM 4,500 CKYANA~1.PXJ cky an answer....pxj
02/28/2006 05:09 AM 4,385 CONTAC~1.RTF contacttables.rtf
02/05/2006 10:09 PM 8,894 COOLBO~1.RTF Cool Body Tricks.rtf
09/15/2004 06:44 PM <DIR> CORELU~1 Corel User Files
06/30/2005 06:37 PM 333 CORNYJ~1.RTF cornyjokethatwillslayall.rtf
09/14/2004 09:36 PM 2,470 dad.pxj
09/14/2004 11:37 PM 2,286 dad2.pxj
09/14/2004 11:39 PM 1,292 dad3.pxj
09/15/2004 05:38 PM 1,974 dad4.pxj
11/10/2004 03:34 PM 124 DATAIN~1.TXT Data Install.txt
10/03/2005 03:09 PM 4,934 DEBSAY~1.RTF DebsayingthatIrule..rtf
09/15/2004 09:32 PM 660 disc1.rtf
09/15/2004 09:43 PM 871 disc2.rtf
09/15/2004 09:53 PM 829 disc3.rtf
09/15/2004 09:59 PM 854 disc4.rtf
09/15/2004 10:20 PM 1,048 disc5.rtf
10/16/2001 12:37 PM 5 DISK1.ID
02/23/2005 01:54 PM 456 Distro.dat
03/31/2006 06:47 PM 192 DIVADO~1.RTF Diva dogs.rtf
03/02/2006 06:13 PM 4,184 DREAMB~1.RTF dream blog.rtf
06/19/2005 01:09 AM 30,323 DSC01396.jpg
06/21/2005 12:14 AM 197,763 DSC013~1.JPG DSC01396b.jpg
05/11/2005 01:37 AM 3,249 dumbgame.rtf
12/30/2004 04:22 PM 371 elves.rtf
06/17/2005 02:15 AM 7,856 EMORAN~1.RTF emo rant.rtf
05/31/2005 11:08 PM 485 EMODIE.rtf
02/23/2005 01:55 PM 412 Expan.dat
09/30/2005 08:12 PM <DIR> filelib
02/23/2005 01:55 PM 133 Format.dat
08/10/2005 11:23 PM 31,434 FRUITW~1.JPG fruitwrinkle.jpg
03/25/2005 12:49 AM 577 FUTREH~1.PXJ futreheavy.pxj
03/30/2006 03:52 AM 4,028 GOSHIN~1.PXJ goshineedtoquit.pxj
03/13/2006 12:25 AM 720 HALOWE~1.RTF haloweaponiam.rtf
10/10/2005 03:10 AM 4,572 HEFTYF~2.PXJ hefty fine trivium.pxj
09/25/2005 02:53 AM 4,714 HEFTYF~1.PXJ hefty fine.pxj
11/22/2005 01:58 AM 560 HOWTOD~1.RTF Howtodownloadvidsfromembeddedsites.rtf
01/16/2006 03:04 AM 269 HUMANF~1.RTF Human for sale.rtf
02/01/2006 12:41 AM 552 INFLAM~1.RTF In Flames Setlist.rtf
03/05/2006 10:58 PM <DIR> INCOMP~1 Incomplete
06/02/2005 08:28 PM 461 INEEDS~1.RTF ineedscicssors.rtf
11/05/2004 10:43 PM 4,325,476 instbde.zip
11/11/2004 08:03 PM 46,361 INVENT~1.TXT InventSave.txt
02/18/2005 09:46 PM 8,135 JAQUEL~1.DEK Jaqueline Windson.dek
04/01/2006 06:38 AM 288 LANDSP~1.RTF landspeeder.rtf
04/01/2006 02:24 AM 164 LIVEJA~1.RTF livejasmincoolbabe.rtf
11/04/2005 09:45 PM 1,977 LOVEME~1.RTF love me's phone number..rtf
10/18/2004 09:49 PM 3,366 mc.pxj
10/22/2004 12:56 AM 4,187 mc2.pxj
06/19/2005 01:47 PM 2,447 mcdonapp.rtf
05/24/2005 05:18 PM 1,170 MEANTE~1.RTF meanteacher.rtf
09/25/2005 10:57 PM 2,821 METALQ~1.RTF metal quizzes.rtf
03/31/2006 01:32 AM 3,247 MNEMIC~1.PXJ mnemicmix.pxj
12/09/2005 02:45 AM <DIR> MORPHE~2 Morpheus Playlists
12/09/2005 02:45 AM <DIR> MORPHE~1 Morpheus Shared
09/30/2004 08:32 PM <DIR> MYEBOO~1 My eBooks
04/25/2006 06:10 PM <DIR> MYMUSI~1 My Music
12/01/2004 07:38 PM <DIR> MYPHOT~1 My PhotoMix
04/25/2006 11:43 PM <DIR> MYPICT~1 My Pictures
08/25/2004 06:16 PM <DIR> MYPSP8~1 My PSP8 Files
04/23/2006 01:42 AM <DIR> MYRECE~1 My Received Files
01/04/2005 01:21 AM <DIR> MYWALL~1 My Wallpapers
07/13/2005 03:53 PM 3,687 MYSPAC~2.RTF myspace quizzes.rtf
06/29/2005 02:15 AM 160 MYSPAC~1.RTF myspacemetalprogress.rtf
02/28/2006 04:25 AM 917 MYSPAC~3.RTF myspaceprofilestuff.rtf
03/15/2005 12:28 AM 364 PASSWO~1.RTF password....rtf
04/22/2006 01:16 AM 240 PROFIL~1.RTF profile song results.rtf
02/01/2005 11:00 PM 2,852 RAMMST~1.PXJ rammstein- live in prauge1.pxj
02/01/2005 11:01 PM 1,040 RAMMST~2.PXJ rammstein- live in prauge2.pxj
02/23/2005 01:55 PM 442 Rules.dat
03/23/1999 11:12 AM 45,312 SETUP.EXE
10/16/2001 12:37 PM 63 SETUP.INI
04/08/1999 01:26 PM 81,342 SETUP.INS
10/16/2001 12:37 PM 606 SETUP.PKG
12/17/2005 06:15 AM 4,113 SOILWO~1.PXJ soilwork sampler.pxj
02/11/2006 03:34 AM 3,399 SOILWO~2.PXJ soilwork sampler2.pxj
04/25/2005 12:04 AM 3,960 SOUNTR~1.PXJ sountrackofmind.pxj
07/28/2005 03:49 AM 960 STEWIE~1.RTF stewienovel..rtf
04/25/2006 04:56 PM 112 STUPID~1.TXT stupidpopupcrap.txt
03/06/2006 02:51 AM 3,676 SYLLIV~1.PXJ syl live.pxj
11/17/2004 12:12 AM 4,654 TEAMBL~1.PXJ teambloodhound.pxj
11/04/2005 05:56 AM 4,560 TENACI~1.PXJ tenaciousd.pxj
02/19/2005 01:40 AM 1,229 TEPHER~1.RTF tepheroth.rtf
01/04/2006 02:49 AM 605 THEBES~1.RTF The best Chuck Norris.rtf
09/15/2004 08:38 PM 2,656 THESET~2.RTF the set insert.rtf
09/15/2004 07:09 PM 991 THESET~1.RTF the set.rtf
03/28/2005 06:44 PM 3,602 TOKYOW~1.PXJ tokyowarhearts.pxj
04/18/2006 04:01 PM 541 TORREN~1.RTF Torrentsimple.rtf
04/22/2006 05:10 AM 3,303 trivium.pxj
03/01/2005 03:25 PM 4,016,640 WARLOR~1.EXE WarlordCE.exe
10/08/2005 03:50 PM 4,300 WOOKIE~1.RTF wookie life debt.rtf
03/23/1999 11:12 AM 294,079 _INST32I.EX_
03/23/1999 11:12 AM 8,192 _ISDEL.EXE
10/16/2001 12:37 PM 3,832,090 _SETUP.1
03/23/1999 11:12 AM 6,128 _SETUP.DLL
10/16/2001 12:37 PM 219,713 _SETUP.LIB
04/27/2006 04:08 PM <DIR> ASKS~1 çasks
110 File(s) 31,558,276 bytes
15 Dir(s) 28,982,636,544 bytes free
Volume in drive C has no label.
Volume Serial Number is C840-0034

Directory of C:\WINDOWS

04/26/2006 03:04 PM <DIR> .
04/26/2006 03:04 PM <DIR> ..
04/27/2006 04:08 PM 0 0.LOG
07/17/2004 11:40 AM 19,528 002291_.tmp
09/09/2004 04:22 PM 35 A4W.INI
09/09/2004 04:22 PM <DIR> A4W_DATA
08/25/2004 05:51 PM <DIR> ADDINS
10/03/2004 01:56 PM <DIR> AppPatch
09/09/2004 04:26 PM 45,750 Aware40.mch
09/10/2004 08:19 PM 52 Blink.ini
08/29/2002 03:00 AM 1,272 Blue Lace 16.bmp
09/20/2004 05:16 PM <DIR> Cache
03/02/2006 12:03 AM 21,801 cdPlayer.ini
08/29/2002 03:00 AM 82,944 CLOCK.AVI
10/03/2004 01:51 PM 200 cmsetacl.log
10/17/2005 10:26 PM 17,632 Coffee Bean.bmp
12/17/2004 04:24 PM 1,450 COM+.log
04/26/2006 03:01 AM 147,541 COMSETUP.LOG
08/25/2004 05:51 PM <DIR> Config
08/25/2004 05:51 PM <DIR> Connection Wizard
09/03/2002 06:59 AM 0 CONTROL.INI
01/06/2004 09:59 PM 28,458 corelpf.lrs
08/25/2004 05:51 PM <DIR> Cursors
03/09/2005 12:31 AM <DIR> Debug
03/11/2005 01:08 AM 9 Debug.ini
06/10/2002 08:26 AM 787,512 DELL.BMP
08/25/2004 05:52 PM <DIR> DellPCH
08/29/2002 03:00 AM 2 DESKTOP.INI
08/25/2004 06:03 PM 58,209 DirectX.log
10/17/2004 05:50 PM 6,749 DJBDRV.LOG
03/14/2004 11:04 PM 98,352 dla.exe
09/20/2004 05:15 PM <DIR> Downloaded Installations
08/25/2004 05:51 PM <DIR> Driver Cache
10/03/2004 01:58 PM 743 DtcInstall.log
10/03/2004 01:35 PM <DIR> EHome
08/04/2004 12:56 AM 1,032,192 explorer.exe
08/29/2002 03:00 AM 80 EXPLORER.SCF
04/26/2006 03:01 AM 431,668 FaxSetup.log
08/29/2002 03:00 AM 16,730 FeatherTexture.bmp
04/24/2006 01:21 AM 30 Gnucleus.INI
08/29/2002 03:00 AM 17,336 Gone Fishing.bmp
08/29/2002 03:00 AM 26,582 Greenstone.bmp
03/24/2004 12:31 PM 143,360 GTRemove.exe
04/22/2006 01:27 AM <DIR> Help
05/26/2005 04:22 PM 10,752 hh.exe
09/08/2004 05:46 PM 800 hpinfo.lnk
03/03/2003 07:24 AM 33,792 ieuninst.exe
04/26/2006 03:01 AM 63,984 IIS6.LOG
10/03/2004 01:49 PM <DIR> IME
04/17/2006 03:02 AM 1,374 imsins.BAK
04/26/2006 03:01 AM 1,374 imsins.log
10/29/1998 04:45 PM 306,688 IsUninst.exe
05/11/2004 08:01 AM 19,089 KB817611.LOG
05/11/2004 08:01 AM 22,326 KB823182.LOG
05/11/2004 08:01 AM 21,602 KB825119.LOG
08/25/2004 06:09 PM 13,914 KB826939.log
05/11/2004 08:01 AM 22,656 KB826942.LOG
08/25/2004 06:08 PM 12,858 KB826959.log
08/25/2004 06:07 PM 2,439 KB828035.log
08/25/2004 06:07 PM 2,945 KB828741.log
10/12/2004 10:26 PM 7,226 KB834707.log
08/25/2004 06:07 PM 3,299 KB835732.log
08/25/2004 06:10 PM 17,713 KB837001.log
09/14/2004 07:29 PM 5,716 KB842773.log
02/13/2005 04:05 AM 13,135 KB867282.log
02/13/2005 04:04 AM 13,237 KB873333.log
12/15/2004 01:28 AM 10,121 KB873339.log
06/17/2005 03:03 AM 17,234 KB883939.log
02/13/2005 04:06 AM 17,446 KB885250.log
12/15/2004 01:28 AM 10,920 KB885835.log
12/15/2004 01:29 AM 10,136 KB885836.log
12/15/2004 01:28 AM 6,447 KB886185.log
02/13/2005 04:06 AM 17,286 KB887472.log
02/23/2005 02:40 AM 9,594 KB887742.log
02/13/2005 04:06 AM 17,198 KB888113.log
02/13/2005 04:03 AM 10,586 KB888302.log
06/17/2005 03:01 AM 11,023 KB890046.log
02/13/2005 04:04 AM 11,278 KB890047.log
01/12/2005 01:05 AM 9,669 KB890175.log
04/13/2005 10:32 PM 14,349 KB890859.log
04/13/2005 10:32 PM 16,542 KB890923.log
02/13/2005 04:05 AM 16,602 KB891781.log
06/17/2005 03:01 AM 26,034 KB893066.log
04/13/2005 10:32 PM 13,139 KB893086.log
08/10/2005 04:45 PM 18,608 KB893756.log
04/13/2005 10:31 PM 8,219 KB893803.log
05/19/2005 12:31 AM 7,738 KB893803v2.log
08/10/2005 04:44 PM 14,765 KB894391.log
06/17/2005 03:02 AM 11,187 KB896358.log
06/17/2005 03:03 AM 15,608 KB896422.log
08/10/2005 04:45 PM 18,023 KB896423.log
11/09/2005 04:02 AM 12,809 KB896424.log
06/17/2005 03:01 AM 10,189 KB896428.log
10/16/2005 03:01 AM 16,610 KB896688.log
08/10/2005 04:45 PM 19,465 KB896727.log
06/17/2005 03:01 AM 4,571 KB898458.log
06/29/2005 03:01 AM 6,852 KB898461.log
08/10/2005 04:46 PM 19,070 KB899587.log
08/10/2005 04:44 PM 14,847 KB899588.log
08/10/2005 04:45 PM 18,504 KB899591.log
04/26/2006 03:01 AM 12,243 KB900485.log
10/16/2005 03:01 AM 14,484 KB900725.log
10/16/2005 03:02 AM 22,949 KB901017.log
02/18/2006 04:02 AM 10,863 KB901190.log
07/14/2005 03:01 AM 11,037 KB901214.log
10/16/2005 03:01 AM 25,449 KB902400.log
07/14/2005 03:01 AM 3,834 KB903235.log
10/16/2005 03:00 AM 11,932 KB904706.log
10/16/2005 03:01 AM 14,504 KB905414.log
10/16/2005 03:00 AM 11,772 KB905749.log
12/17/2005 04:02 AM 32,467 KB905915.log
01/11/2006 04:01 AM 10,032 KB908519.log
04/17/2006 03:02 AM 15,572 KB908531.log
12/17/2005 04:02 AM 18,095 KB910437.log
04/17/2006 03:01 AM 14,644 KB911562.log
02/18/2006 04:02 AM 7,558 KB911564.log
02/18/2006 04:02 AM 7,787 KB911565.log
04/17/2006 03:00 AM 10,638 KB911567.log
02/18/2006 04:02 AM 11,572 KB911927.log
04/17/2006 03:01 AM 17,339 KB912812.log
01/06/2006 04:00 AM 11,059 KB912919.log
02/18/2006 04:01 AM 7,294 KB913446.log
04/24/2006 01:32 AM 0 keyboard131.dat
10/03/2004 01:49 PM <DIR> Media
08/25/2004 06:10 PM <DIR> Microsoft.NET
04/27/2006 04:07 PM 3,710 ModemLog_Intel® 537EP V9x DF PCI Modem.txt
02/06/2006 07:00 PM 3,774 mozver.dat
06/17/2005 03:09 AM <DIR> MSAGENT
08/25/2004 05:51 PM <DIR> MSAPPS
08/29/2002 03:00 AM 1,405 MSDFMAP.INI
04/26/2006 03:01 AM 21,469 MSGSOCM.LOG
11/04/2004 09:55 PM 4,684 msnavpklog.txt
09/09/2004 10:24 PM 2 msoffice.ini
08/25/2004 05:51 PM <DIR> MUI
09/13/2004 09:03 PM 45,056 NCUNINST.EXE
03/05/2006 02:29 AM 183,296 NDNuninstall7_22.exe
04/24/2006 01:33 AM 53 nnleon.dat
09/19/2005 03:32 PM <DIR> Noslip
08/04/2004 12:56 AM 69,120 notepad.exe
08/25/2004 06:13 PM 335 nsreg.dat
09/09/2004 09:47 PM 590 nsw.log
04/27/2006 11:21 PM 481,262 ntbtlog.txt
04/26/2006 03:01 AM 89,979 ntdtcsetup.log
04/26/2006 03:01 AM 222,825 OCGEN.LOG
04/26/2006 03:01 AM 23,437 OCMSN.LOG
04/15/2005 03:42 PM 140 ODBC.INI
09/03/2002 06:59 AM 4,161 ODBCINST.INI
07/07/2003 10:41 AM 33,792 oeuninst.exe
10/03/2004 11:30 PM 2,558 OEWABLog.txt
08/25/2004 05:51 PM <DIR> Offline Web Pages
09/03/2002 07:05 AM 52 OOBEACT.LOG
01/06/2006 02:30 AM 0 OpPrintServer.INI
05/11/2004 08:02 AM 780 ORUN32.INI
05/11/2004 08:02 AM 203,055 ORUN32.ISU
04/27/2006 04:16 PM 349 paxya.dll
02/20/2005 03:11 AM <DIR> PCHealth
10/03/2004 01:49 PM <DIR> peernet
04/24/2006 01:32 AM 232,749 pf78.exe
08/29/2002 03:00 AM 65,954 Prairie Wind.bmp
04/27/2006 04:16 PM <DIR> Prefetch
10/03/2004 01:49 PM <DIR> provisioning
05/11/2004 07:59 AM 7,432 Q327979.LOG
05/11/2004 08:00 AM 14,504 Q328213.LOG
05/11/2004 08:00 AM 16,590 Q329112.LOG
08/25/2004 06:09 PM 19,197 q329623.log
05/11/2004 07:58 AM 4,491 Q329909.LOG
05/11/2004 07:58 AM 543 Q331060.LOG
05/11/2004 07:59 AM 8,853 Q811789.LOG
08/25/2004 06:07 PM 9,051 q812415.log
05/11/2004 07:59 AM 13,034 Q813862.LOG
05/11/2004 08:00 AM 16,359 Q816486.LOG
05/11/2004 07:59 AM 11,849 Q816981.LOG
05/11/2004 08:00 AM 18,478 Q817472.LOG
03/02/2006 12:52 AM 1,409 QTFont.for
08/04/2004 12:56 AM 146,432 regedit.exe
08/25/2004 06:00 PM <DIR> RegisteredPackages
12/17/2004 04:07 PM <DIR> Registration
09/03/2002 07:05 AM 8,192 REGLOCS.OLD
09/08/2004 05:34 PM 2,242 REGOPT.LOG
08/25/2004 06:23 PM <DIR> REPAIR
08/25/2004 05:51 PM <DIR> Resources
08/29/2002 03:00 AM 17,362 Rhododendron.bmp
08/29/2002 03:00 AM 26,680 River Sumida.bmp
08/29/2002 03:00 AM 65,832 Santa Fe Stucco.bmp
04/27/2006 04:18 PM 32,618 SchedLgU.Txt
10/08/2004 12:52 AM <DIR> SECURITY
10/03/2004 01:45 PM <DIR> ServicePackFiles
10/03/2004 01:50 PM 3,631 sessmgr.setup.log
02/04/2006 04:22 AM 831,488 Setup1.exe
09/14/2004 07:29 PM 192,476 SETUPACT.LOG
04/26/2006 10:08 PM 663,205 setupapi.log
09/15/2004 08:48 PM 2,939,488 setupapi.log.0.old
09/08/2004 05:33 PM 143 SETUPERR.LOG
10/03/2004 01:58 PM 856,478 SETUPLOG.TXT
09/15/2004 08:48 PM <DIR> ShellNew
04/24/2006 01:32 AM 38,650 sk02.exe
08/04/2004 12:56 AM 32,866 slrundll.exe
08/25/2004 06:23 PM 61 smscfg.ini
10/17/2005 10:26 PM 66,548 Soap Bubbles.bmp
06/30/2005 10:58 PM <DIR> SoftwareDistribution
02/18/2006 04:09 AM 29,770 spupdsvc.log
10/03/2004 01:45 PM <DIR> SRCHASST
02/04/2006 04:22 AM 73,216 ST6UNST.EXE
09/03/2002 06:53 AM 0 Sti_Trace.log
09/10/2004 12:25 AM <DIR> Sun
10/03/2004 01:55 PM 410,104 svcpack.log
01/12/2006 02:13 PM 98,304 SYSC00.exe
04/25/2006 09:14 PM <DIR> SYSTEM
04/25/2006 01:48 AM 281 SYSTEM.INI
08/29/2002 03:00 AM 15,360 TASKMAN.EXE
04/27/2006 04:08 PM <DIR> Temp
11/07/2004 06:03 PM 16 Temp.ini
04/26/2006 03:01 AM 167,310 TSOC.LOG
08/29/2002 03:00 AM 94,784 TWAIN.DLL
08/25/2004 06:16 PM <DIR> TWAIN_32
08/04/2004 12:56 AM 50,688 twain_32.dll
08/29/2002 03:00 AM 49,680 TWUNK_16.EXE
08/29/2002 03:00 AM 25,600 TWUNK_32.EXE
12/08/2000 10:59 PM 122,880 UnGins.exe
01/12/2006 02:25 PM 49,152 unin101.exe
03/23/1999 11:12 AM 299,520 uninst.exe
01/27/2006 11:20 AM 479 Uninst2.htm
12/10/2005 05:01 AM 107,132 UninstallFirefox.exe
10/10/2005 04:29 PM 510 Unist1.htm
01/27/2006 11:10 AM 53,248 uni_eh.exe
11/10/1999 10:05 AM 86,016 unvise32qt.exe
06/25/1999 10:55 AM 149,504 UNWISE.EXE
04/24/2006 01:34 AM 78,336 unwn.exe
04/17/2006 03:02 AM 29,154 updspapi.log
09/03/2002 06:56 AM 36 VB.INI
09/03/2002 06:56 AM 37 VBADDIN.INI
08/29/2002 03:00 AM 18,944 VMMREG32.DLL
05/11/2004 08:02 AM 13,590 VMUNINST.LOG
04/24/2006 01:34 AM 0 wallpap.exe
10/03/2004 01:41 PM <DIR> Web
04/27/2006 04:18 PM 216 WIADEBUG.LOG
04/27/2006 04:18 PM 49 WIASERVC.LOG
10/03/2004 01:51 PM 503 WIN.INI
01/27/2006 11:43 AM 135,168 win320840-9353297.exe
09/08/2004 07:39 PM 836 Windows Update.log
04/27/2006 04:18 PM 1,478,504 WindowsUpdate.log
08/29/2002 03:00 AM 256,192 WINHELP.EXE
08/04/2004 12:56 AM 283,648 winhlp32.exe
08/25/2004 06:13 PM 138 wininit.ini
10/05/2005 09:21 PM <DIR> WinSxS
04/22/2006 02:28 AM 167,888 wmsetup.log
02/10/2006 12:37 AM 316,640 WMSysPr9.prx
08/25/2004 06:14 PM 299,552 WMSysPrx.prx
12/12/1989 10:10 AM 616,240 wtjvcmf.exe_tobedeleted
08/25/2004 06:10 PM 7,030 XPSP1HFM.LOG
04/19/2006 01:05 AM 39,424 YAXUninst.exe
08/29/2002 03:00 AM 9,522 Zapotec.bmp
08/29/2002 03:00 AM 707 _DEFAULT.PIF
04/24/2006 05:31 PM <DIR> ?icrosoft.NET
04/19/2006 01:05 AM <DIR> ?racle
211 File(s) 17,745,606 bytes
44 Dir(s) 28,982,628,352 bytes free

EWIDO LOG:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:36:13 AM, 4/28/2006
+ Report-Checksum: 1907D0CF

+ Scan result:

[656] C:\WINDOWS\system32\nftfxperf.dll -> Adware.Look2Me : Error during cleaning
[816] C:\WINDOWS\system32\nftfxperf.dll -> Adware.Look2Me : Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052404.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052405.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052406.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052407.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052408.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052409.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052410.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052411.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052412.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052413.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052414.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052415.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052416.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052417.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052418.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052419.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052420.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052421.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052422.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052423.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052424.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052425.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052426.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052427.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052428.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052429.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052430.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052431.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052432.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052433.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052434.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052435.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052436.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052437.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052438.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052439.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052440.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052441.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052442.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052443.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052444.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052445.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052446.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052447.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052448.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052449.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052450.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052451.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052452.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052453.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052454.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052455.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052456.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052457.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052458.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052459.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052460.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052461.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052462.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052463.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052464.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052465.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052466.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052467.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052468.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052469.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052470.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052471.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052472.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052473.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052474.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052475.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052476.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052477.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052478.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052479.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052480.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052481.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052482.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052483.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052484.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052485.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052486.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052487.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052488.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052489.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052490.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052491.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052492.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052493.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052494.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052495.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052496.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052497.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052498.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052499.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052500.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052501.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052502.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052503.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052504.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052505.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052506.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052507.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052508.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052509.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052510.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052511.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052512.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052513.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052514.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052515.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052516.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052517.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052518.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052519.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052520.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052521.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052522.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052523.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052524.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052525.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052526.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052527.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052528.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052529.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052530.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052531.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052532.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052533.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052534.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052535.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052536.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052537.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052538.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052539.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052540.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052541.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052542.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052543.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052544.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052545.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052546.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052547.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052548.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052549.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052550.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052551.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052552.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052553.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052554.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052555.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052556.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052557.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052558.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052559.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052560.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052561.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052562.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052563.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052564.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052565.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052566.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052567.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052568.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052569.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052570.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052571.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052572.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052573.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052574.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052575.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052576.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052577.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052578.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052579.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052580.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052581.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052582.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052583.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052584.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052585.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052586.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052587.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052588.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052589.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052590.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052591.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052592.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052593.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052594.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052595.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052596.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052597.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052598.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052599.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052600.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052601.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052602.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052603.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052604.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052605.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052606.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052607.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052608.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052609.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052610.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052611.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052612.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052613.exe -> Worm.VB.ca : Cleaned with backup
C:

#4 metalgeek

metalgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 28 April 2006 - 04:33 AM

oops...here's the rest...

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052614.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052615.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052616.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052617.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052618.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052619.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052620.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052621.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052622.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052623.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052624.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052625.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052626.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052627.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052628.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052629.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052630.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052631.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052632.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052633.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052634.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052635.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052636.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052637.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052638.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052639.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052640.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052641.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052642.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052643.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052644.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052645.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052646.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052647.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052648.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052649.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052650.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052651.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052652.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052653.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052654.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052655.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052656.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052657.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052658.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052659.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052660.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052661.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052662.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052663.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052664.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052665.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052666.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052667.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052668.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052669.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052670.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052671.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052672.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052673.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052674.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052675.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052676.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052677.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052678.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052679.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052680.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052681.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052682.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052683.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052684.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052685.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052686.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052687.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052688.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052689.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052690.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052691.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052692.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052693.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052694.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052695.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052696.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052697.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052698.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052699.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052700.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052701.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052702.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052703.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052704.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052705.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052706.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052707.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052708.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052709.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052710.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052711.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052712.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052713.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052714.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052715.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052716.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052717.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052718.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052719.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052720.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052721.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052722.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052723.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052724.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052725.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052726.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052727.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052728.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052729.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052730.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052731.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052732.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052733.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052734.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052735.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052736.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052737.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052738.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052739.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052740.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052741.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052742.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052743.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052744.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052745.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052746.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052747.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052748.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052749.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052750.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052751.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052752.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052753.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052754.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052755.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052756.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052757.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052758.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052759.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052760.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052761.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052762.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052763.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052764.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052765.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052766.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052767.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052768.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052769.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052770.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052771.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052772.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052773.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052774.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052775.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052776.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052777.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052778.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052779.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052780.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052781.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052782.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052783.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052784.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052785.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052786.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052787.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052788.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052789.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052790.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052791.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052792.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052793.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052794.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052795.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052796.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052797.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052798.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052799.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052800.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052801.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052802.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052803.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052804.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052805.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052806.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052807.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052808.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052809.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052810.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052811.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052812.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052813.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052814.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052815.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052816.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052817.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052818.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052819.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052820.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052821.exe -> Worm.VB.ca : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0052822.exe -> Worm.VB.an : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP538\A0053345.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP538\A0053355.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP538\A0053446.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053451.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053473.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053475.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053476.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053512.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053519.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053555.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053563.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053688.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0053697.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0053739.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0053741.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0053758.exe -> Trojan.Agent.qt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0053760.exe -> Hijacker.Agent.hi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0053805.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0053956.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0053957.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0053989.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0053990.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0054989.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0055081.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0055085.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055298.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055299.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055305.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055313.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055314.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055315.dll -> Downloader.Agent.agw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055316.dll -> Trojan.Agent.qt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055317.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055322.dll -> Downloader.Agent.agw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055323.dll -> Trojan.Agent.qt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055324.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055326.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055327.exe -> Adware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055328.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055331.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055336.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055370.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055374.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055381.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\SYSTEM32\byackbox.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\crmpatui.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\csprops.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DBDRM.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\guard.tmp_tobedeleted -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\h04m0ah1ed4.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\hp55CD.tmp -> Downloader.Zlob.lt : Cleaned with backup
C:\WINDOWS\SYSTEM32\hp8214.tmp -> Downloader.Zlob.lt : Cleaned with backup
C:\WINDOWS\SYSTEM32\hpA582.tmp -> Downloader.Zlob.lt : Cleaned with backup
C:\WINDOWS\SYSTEM32\KLDLA.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mvnul9591.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ncdll.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\r06u0aj9edo.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ubiplat.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wdgvu.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\SYSTEM32\xenadot.dll -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Temp\bilcecfd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\cfejlkmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\Cookies\dane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\dane@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\WINDOWS\Temp\eaaegmmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\edmkmpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ejdbfcgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\fecelagd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jdlhanmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jjpmcomd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lgldhdgd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\X7R0JOVS\rdgUS2404[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Temp\win1CA.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win2C.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win2F.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win79.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\winD6.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup
C:\WINDOWS\win320840-9353297.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\wtjvcmf.exe_tobedeleted -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup


::Report End

LOOK2me:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/28/2006 1:58:04 AM

Infected! C:\WINDOWS\system32\dnlq0135e.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055387.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055388.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055389.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055391.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055393.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055394.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055395.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055396.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055405.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055409.dll
Infected! C:\WINDOWS\SYSTEM32\cwmrepl.dll
Infected! C:\WINDOWS\SYSTEM32\dnlq0135e.dll
Infected! C:\WINDOWS\SYSTEM32\fpr0039me.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\dnlq0135e.dll
C:\WINDOWS\system32\dnlq0135e.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055387.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055387.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055388.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055388.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055389.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055389.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055391.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055391.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055393.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055393.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055394.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055394.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055395.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055395.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055396.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055396.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055405.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055405.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055409.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0055409.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\cwmrepl.dll
C:\WINDOWS\SYSTEM32\cwmrepl.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\dnlq0135e.dll
C:\WINDOWS\SYSTEM32\dnlq0135e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\fpr0039me.dll
C:\WINDOWS\SYSTEM32\fpr0039me.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8112C7F1-27A6-454E-BFC5-325E6A7E0009}"
HKCR\Clsid\{8112C7F1-27A6-454E-BFC5-325E6A7E0009}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{73C3F66E-C2F5-48AA-9251-C07B9A11A119}"
HKCR\Clsid\{73C3F66E-C2F5-48AA-9251-C07B9A11A119}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9F64BF8C-6B42-4B73-A818-78C7D9F779CD}"
HKCR\Clsid\{9F64BF8C-6B42-4B73-A818-78C7D9F779CD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{27E17104-C51B-473F-BF56-2D8F50027E91}"
HKCR\Clsid\{27E17104-C51B-473F-BF56-2D8F50027E91}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6426B5FD-7325-4816-9F2A-3664B57D7334}"
HKCR\Clsid\{6426B5FD-7325-4816-9F2A-3664B57D7334}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A62E27BA-4B61-4DD9-9F1A-C66936367AB5}"
HKCR\Clsid\{A62E27BA-4B61-4DD9-9F1A-C66936367AB5}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

QOOL:

Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check "vdd REG_MULTI_SZ \0"

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\virtualdevicedrivers
vdd REG_MULTI_SZ \0
.....
End vxd check
Please post this in the forum

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:34 AM

Posted 28 April 2006 - 12:31 PM

Hi metalgeek

Please download and run the following tool:
http://www.visualtour.com/downloads/xp_fix.exe

Then please run FindQoo once more and post the log it creates.
David

#6 metalgeek

metalgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 28 April 2006 - 05:12 PM

Here you go...

Fri 04/28/2006
Running from: C:\FindQool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.

Known file names

MD5 Check....
C:\WINDOWS\system32\wdgvu.dat
C:\WINDOWS\system32\rfqrin.exe
C:\WINDOWS\system32\ioivi.exe
C:\WINDOWS\system32\xmqsavg.dll
C:\WINDOWS\system32\skoatsv.exe

Files found with locate com.
C:\WINDOWS\SYSTEM32\SKOATSV.EXE
C:\WINDOWS\SYSTEM32\XMQSAVG.DLL
C:\WINDOWS\SYSTEM32\WDGVU.DAT
C:\WINDOWS\SYSTEM32\RFQRIN.EXE
C:\WINDOWS\SYSTEM32\IOIVI.EXE
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\JMDSP.EXE
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
04/28/2006 12:04 AM 127,488 jmdsp.exe
...

HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}

...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
"qwujil"="C:\\WINDOWS\\system32\\rfqrin.exe reg_run"
HKCU
"ntclk"="C:\\WINDOWS\\system32\\rfqrin.exe reg_run"
...

Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
shell REG_SZ Explorer.exe, C:\WINDOWS\system32\ioivi.exe
userinit REG_SZ C:\WINDOWS\SYSTEM32\Userinit.exe,skoatsv.exe
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:34 AM

Posted 28 April 2006 - 05:23 PM

Hey metalgeek!

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :thumbsup:

* Download KillBox from here
Unzip the folder to your desktop.
Don't run it yet.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ioivi.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,skoatsv.exe


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}]

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

* Start Killbox.exe
* Select the Delete on Reboot option.
* Click on the All Files button.
* Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\wdgvu.dat
C:\WINDOWS\system32\rfqrin.exe
C:\WINDOWS\system32\ioivi.exe
C:\WINDOWS\system32\xmqsavg.dll
C:\WINDOWS\system32\skoatsv.exe
C:\WINDOWS\SYSTEM32\SKOATSV.EXE
C:\WINDOWS\SYSTEM32\XMQSAVG.DLL
C:\WINDOWS\SYSTEM32\WDGVU.DAT
C:\WINDOWS\SYSTEM32\RFQRIN.EXE
C:\WINDOWS\SYSTEM32\IOIVI.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\jmdsp.exe
C:\WINDOWS\system32\nftfxperf.dll


* Go to the File menu of Killbox, and choose Paste from Clipboard.
NOTE: You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
* Click the Delete File button that is a red-and-white X. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

The infection you have is PurityScan, which does a pretty nasty trick of useing ? question marks to hide letters of folders. We have to delete 5 rogue folders in your C:\Windows folder. Please navigate to this folder now.

The folders you are looking for do not actually have question marks in them when you see them in the folder, and will have a letter in place of them. So I want you to find and delete the following folders in your C:\Windows directory:

?racle <--most likely to be 'Oracle'
?icrosoft.NET <--most likely to be 'Microsoft.NET'

So the question mark will be replaced by a letter that most likely creates a work. Eg in ?icrosoft.NET the questions marks will most likely hide the 'M' to make the folder name 'Microsoft.NET'. In addition, the
?racle will mostly have the question mark in replace of a 'O' to make the word tasks. Pretty simple I suppose.
If you get two folders under the same name, eg if you find two folders named "Microsoft.NET" then please leave them and let me know those folder names. I'm pretty sure you won't find any duplicated but let me know if you do. This infection is pretty new so i'm still getting used to it, so if you don't really understand then let me know and i'll get someone to try and explain it a bit better for you :flowers:

Please reboot your computer and post a new Hijackthis log.
David

#8 metalgeek

metalgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 28 April 2006 - 06:01 PM

There are 2 folders named "Microsoft.NET". One says that it is empty, the other says that it is 40.1 MB.
There's only one "Oracle".

Should I delete the one Oracle?(that sounds funny)

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:34 AM

Posted 29 April 2006 - 04:58 AM

Excellent and thanks for posting that info.
Please delete the Oracle folder and the Microsoft.NET folder that doesn't contain anything. Then please continue with the instructions.
David :thumbsup:

#10 metalgeek

metalgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 29 April 2006 - 05:14 PM

Alright, new HJT:

Logfile of HijackThis v1.99.1
Scan saved at 3:07:01 AM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Dane\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ioivi.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,skoatsv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:34 AM

Posted 02 May 2006 - 12:11 PM

Alrighty, let's get down to business.

Download Brute Force Uninstaller to your C:\
  • Unzip it to a folder of its own (C:\BFU). So BFU should be on your root. In most cases this is C:\
  • Download qoofix.bat (rightclick on this link and choose save as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • After the PC has restarted please post another hijackthis log.
David

#12 metalgeek

metalgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 02 May 2006 - 05:03 PM

New HJT:

Logfile of HijackThis v1.99.1
Scan saved at 2:58:52 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Dane\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [qwujil] C:\WINDOWS\system32\rfqrin.exe reg_run
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ntclk] C:\WINDOWS\system32\rfqrin.exe reg_run
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:34 AM

Posted 03 May 2006 - 10:27 AM

Hey there,
Please run FindQool again and post its log.
David

#14 metalgeek

metalgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 03 May 2006 - 04:16 PM

:thumbsup:

Wed 05/03/2006
Running from: C:\FindQool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.

Known file names

MD5 Check....

Files found with locate com.
C:\WINDOWS\SYSTEM32\RFQRIN.EXE
C:\WINDOWS\SYSTEM32\IOIVI.EXE
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
...


...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
"qwujil"="C:\\WINDOWS\\system32\\rfqrin.exe reg_run"
HKCU
"ntclk"="C:\\WINDOWS\\system32\\rfqrin.exe reg_run"
...

Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
shell REG_SZ Explorer.exe
userinit REG_SZ C:\WINDOWS\system32\Userinit.exe,
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:34 AM

Posted 04 May 2006 - 10:45 AM

Hello there,

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :thumbsup:

* Please delete any previous versions of Killbox you had.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

O4 - HKLM\..\Run: [qwujil] C:\WINDOWS\system32\rfqrin.exe reg_run
O4 - HKCU\..\Run: [ntclk] C:\WINDOWS\system32\rfqrin.exe reg_run


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

* Download KillBox from here
- Click killbox.exe.
- Select the option "Delete on reboot".
- Click the button: All Files (!important!)
- Now it should flash green.

Now copy the next bold part:

C:\WINDOWS\system32\RFQRIN.EXE
C:\WINDOWS\system32\IOIVI.EXE
C:\WINDOWS\system32\rfqrin.exe


- Open 'file' in the killboxmenu on top and choose Paste from clipboard
- Then press the button that looks like a red circle with a white X in it.
- Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
- If you don't get that message, reboot manually.
- Your computer should reboot now.

Ignore the errors you'll get after reboot, that's normal, they will be gone after performing next steps..

Please post back with a new Hijackthis log.
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users