Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Respawning Processes


  • This topic is locked This topic is locked
14 replies to this topic

#1 Charlamagne

Charlamagne

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 07 April 2007 - 01:57 PM

Hello, my name is Chuck. I've been dealing with this problem for about 3 weeks now. It started off with letting me stay on my computer for intervals of two hours at a time then it would lock up. I noticed processes called iexplore.exe & IEXPL0RE.exe that would respawn and take up memory. I did some searching on it and found it was a trojan but information was scare and I found i could not trust so many of these programs that claim they'll remove it. After talking to a friend he recommended me to stop by Bleepingcomputer, and it has already help a bit.

Actions that i have taken so far is pretty much scans with Norton (but i feel norton doesn't do its job), Adaware scans, and AVG 7.5. After i loaded AVG i felt problems only increased though, it would "Heal" many .exe that were probably infected but now those programs are lost. So i just resorted to Restoring my PC. which i did, but problems resurfaced within a few hours. New repawning process showed up called, dgd4bs.exe (huh?). And now i come to BleepingComputer after a half hour after the 2nd try at Restoring my PC

I appreciate any help in advance, already very thankful to find this forum.


Logfile of HijackThis v1.99.1
Scan saved at 5:39:57 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Logo1_.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/divx/divx6/new/en?rcv=1...dist=divxdotcom
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Program Files\Internet Explorer\IEXPL0RE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:45 PM

Posted 09 April 2007 - 01:34 PM

Hello Chuck,

I am SifuMike and I will be helping you. :thumbsup:

Looks like you have some viruses on your computer.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586-p.exe to install the newest version.

******************

Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It all depends on the number of files on your computer.

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

******************

Download ATF (Atribune Temp File) Cleaner by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.


1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the BitDefender log, the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.

Edited by SifuMike, 09 April 2007 - 01:46 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Charlamagne

Charlamagne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 10 April 2007 - 03:18 PM

!! yes, allright.
atm on a friend's laptop for posting (. . )

anywhos glad to see a reply, plus going to add the current state of my PC. I've restored my PC a 3rd time. New problem that has come up is once i reach past the Login to Windows, i get to my desktop but no icons, no start button, nothing shows up except background. the way i've been getting around it is going to task manager and ending the explorer.exe process and runing a new one. that fixes it temporarily but i still have the respawning process problems. going to head onto my PC now and take your advice into action! wish me luck o_o

edit: add: ok im at the stage for bitdefender, however. this virus shut down my computer 2hrs into the 8hr disinfection process :thumbsup:, just instant shutdown... anyways i takes 3-7 tries [of manually shutdown/then hitting power button] for it to at least get to the wallpaper w/o explorer screen. guess the only question i could ask at this point [and if an answer comes fast enough :3] is if i should try the next step ahead of bitdefender

for now i am going to try to do select locations to scan with bitdefender in the meantime

Edited by Charlamagne, 10 April 2007 - 08:49 PM.


#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:45 PM

Posted 10 April 2007 - 09:42 PM

Hi Chuck,

If you cant get BitDefender to run to completion, then use Panda ActiveScan
Note: This Scanner is for Internet Explorer Only!
Once you are on the Panda site click the Scan your PC button
[*]A new window will open...click the Check Now button
[*]Enter your Country
[*]Enter your State/Province
[*]Enter your e-mail address and click send
[*]Select either Home User or Company
[*]Click the big Scan Now button
[*]If it wants to install an ActiveX component allow it
[*]It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes, so be patient)
[*]When download is complete, click on Local Disks to start the scan
[*]When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Please post the contents of Panda scan

Edited by SifuMike, 10 April 2007 - 09:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Charlamagne

Charlamagne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 11 April 2007 - 09:12 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:16:36 AM 4/11/2090

+ Scan result:



C:\Program Files\Common Files\Ruango\Player.dll -> Adware.Agent : No action taken.
C:\WINDOWS\system32\4fdantos.dll -> Adware.Agent : No action taken.
C:\WINDOWS\system32\FP30PY.dll -> Adware.Agent : No action taken.
C:\WINDOWS\system32\player.dll -> Adware.Agent : No action taken.
C:\WINDOWS\inf\Itntern.exe -> Adware.AlexaBar : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002210.dll -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004312.exe -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006404.sys -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006411.sys -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006632.sys -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007048.sys -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009838.sys -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013713.sys -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015021.sys -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015090.sys -> Adware.Baidu : No action taken.
C:\WINDOWS\system32\drivers\usb8028x.sys -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006428.dll -> Adware.BDSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006436.dll -> Adware.BDSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001682.dll -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004310.exe -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004370.dll -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006413.exe -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006485.dll -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006642.dll -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006643.dll -> Adware.BHO : No action taken.
C:\WINDOWS\system32\FP30IE.dll -> Adware.BHO : No action taken.
C:\WINDOWS\system32\FP30SVR.exe -> Adware.BHO : No action taken.
C:\WINDOWS\system32\drivers\203.exe -> Adware.BHO : No action taken.
C:\WINDOWS\system32\gb01.exe -> Adware.BHO : No action taken.
C:\Program Files\ifhb\axsa.dll -> Adware.Boran : No action taken.
C:\Program Files\ifhb\vsul.dll -> Adware.Boran : No action taken.
C:\Program Files\ifhb\vvxo.dll -> Adware.Boran : No action taken.
C:\Program Files\ifhb\xxwq.dll -> Adware.Boran : No action taken.
C:\Program Files\yjww\owjj.dll -> Adware.Boran : No action taken.
C:\Program Files\yjww\qyll.dll -> Adware.Boran : No action taken.
C:\Program Files\yjww\tboo.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001274.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001275.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001276.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001277.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001679.EXE -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004328.exe -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006505.exe -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006506.EXE -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006636.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009677.exe -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009690.EXE -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009691.EXE -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013701.EXE -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0014994.exe -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015014.EXE -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015067.EXE -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015068.EXE -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015118.exe -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015142.exe -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015143.exe -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015164.exe -> Adware.Boran : No action taken.
C:\WINDOWS\ad_1498.exe -> Adware.Boran : No action taken.
C:\WINDOWS\system32\ad_1485.exe -> Adware.Boran : No action taken.
C:\WINDOWS\system32\ad_1567.exe -> Adware.Boran : No action taken.
C:\WINDOWS\system32\k6397892463.exe -> Adware.Boran : No action taken.
C:\WINDOWS\system32\k6397928553.exe -> Adware.Boran : No action taken.
C:\WINDOWS\system32\k6397969643.exe -> Adware.Boran : No action taken.
C:\WINDOWS\system32\k6397996363.exe -> Adware.Boran : No action taken.
C:\~de1C.tmp -> Adware.Boran : No action taken.
C:\~de38.tmp -> Adware.Boran : No action taken.
C:\~de7A.tmp -> Adware.Boran : No action taken.
C:\~de8D.tmp -> Adware.Boran : No action taken.
C:\~deF.tmp -> Adware.Boran : No action taken.
C:\Program Files\Ƹͨ\CaiF.dll -> Adware.Caifu : No action taken.
C:\Program Files\Ƹͨ\fcai.dll -> Adware.Caifu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001286.dll -> Adware.Caifu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001287.dll -> Adware.Caifu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006399.dll -> Adware.Caifu : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003243.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004298.exe -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006415.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006416.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006423.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006426.exe -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006431.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006432.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006433.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006442.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006444.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006445.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006450.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006451.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006452.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006659.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006663.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015044.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015049.exe -> Adware.CDN : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015057.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015062.exe -> Adware.CDN : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015088.exe -> Adware.Cdn : No action taken.
C:\WINDOWS\bdb.exe -> Adware.CDN : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006424.exe -> Adware.CDNHelper : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006454.exe -> Adware.CDNHelper : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006661.exe -> Adware.CDNHelper : No action taken.
C:\Program Files\Common Files\zs.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001681.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002212.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002215.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002216.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002217.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002218.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004323.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006401.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006409.sys -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006417.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006418.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006419.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006421.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006422.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006429.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006435.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006440.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006441.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006460.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006657.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006660.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006662.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006981.sys -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006982.sys -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015045.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015046.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015047.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015048.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015050.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015051.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015058.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015059.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015060.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015061.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015063.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015064.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015105.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015127.exe -> Adware.Cdnup : No action taken.
C:\WINDOWS\Temp\~az14y98.exe -> Adware.Cdnup : No action taken.
C:\WINDOWS\system32\setup.exe.tmp -> Adware.Cdnup : No action taken.
C:\Program Files\Common Files\do.exe -> Adware.Cinmus : No action taken.
C:\WINDOWS\bdc.exe -> Adware.Cinmus : No action taken.
C:\WINDOWS\system32\drivers\acpidisk.sys -> Adware.Cinmus : No action taken.
HKLM\SOFTWARE\ieagent -> Adware.ClearSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} -> Adware.Generic : No action taken.
C:\WINDOWS\system32\ieagent.exe -> Adware.IEAgent : No action taken.
C:\WINDOWS\system32\drivers\javascript.drv -> Adware.Mokead : No action taken.
C:\WINDOWS\system32\javascript.dll -> Adware.Mokead : No action taken.
C:\Documents and Settings\Me\Start Menu\Programs\backups\backup-20060729-105948-607.dll -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015244.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009839.dll -> Adware.Newweb : No action taken.
C:\WINDOWS\20289.exe -> Adware.NewWeb : No action taken.
C:\WINDOWS\system32\MyFavor32.dll -> Adware.Newweb : No action taken.
C:\WINDOWS\system32\MyFavor64.dll -> Adware.Newweb : No action taken.
C:\WINDOWS\system32\fsknyh17.dll -> Adware.Newweb : No action taken.
C:\WINDOWS\system32\inxkgs16.dll -> Adware.Newweb : No action taken.
C:\Program Files\Common Files\dm.exe -> Adware.WSearch : No action taken.
C:\Program Files\DeskAdTop\DeskUn.exe -> Adware.WSearch : No action taken.
C:\Program Files\DeskAdTop\Mrup.exe -> Adware.WSearch : No action taken.
C:\Program Files\DeskAdTop\deskipn.dll -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001843.exe -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001844.exe -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006403.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006410.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006631.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007047.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009837.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013712.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015020.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015073.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015089.sys -> Adware.WSearch : No action taken.
C:\WINDOWS\8.tmp -> Adware.WSearch : No action taken.
C:\WINDOWS\system32\drivers\usb8028.sys -> Adware.WSearch : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015285.dll -> Adware.YsBweb : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015286.dll -> Adware.YsBweb : No action taken.
C:\Program Files\DeskAdTop\Run.dll -> Adware.Zhongsou : No action taken.
C:\Program Files\DeskAdTop\fshook.dll -> Adware.Zhongsou : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003222.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004254.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004282.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004311.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004360.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006382.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006392.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006668.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006669.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006675.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP4\A0006683.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP4\A0006684.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP4\A0006685.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009662.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009666.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009676.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009680.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009682.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009688.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013661.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013664.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013689.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013694.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013695.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0014970.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0014972.DLL -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0014990.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0014991.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0014997.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015000.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015002.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015126.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015131.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015132.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015169.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015170.exe -> Backdoor.Agent.ahj : No action taken.
C:\WINDOWS\system32\1D3E9EB2.EXE -> Backdoor.Agent.ahj : No action taken.
C:\WINDOWS\system32\8FE9A30A.exe -> Backdoor.Agent.ahj : No action taken.
C:\WINDOWS\system32\93A3A6B6.DLL -> Backdoor.Agent.ahj : No action taken.
C:\WINDOWS\system32\93A3A6B6.EXE -> Backdoor.Agent.ahj : No action taken.
C:\WINDOWS\system32\k6397996405.exe -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006915.EXE/systemt.exe -> Backdoor.Agent.alh : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015182.exe/systemt.exe -> Backdoor.Agent.alh : No action taken.
C:\WINDOWS\SERVICES.EXE/systemt.exe -> Backdoor.Agent.alh : No action taken.
C:\WINDOWS\system32\ffyupe32.dll -> Backdoor.Agent.fo : No action taken.
C:\WINDOWS\system32\mtei32.dll -> Backdoor.Agent.fo : No action taken.
C:\WINDOWS\Temp\D942903C.exe -> Backdoor.Hupigon : No action taken.
C:\WINDOWS\G_Server2007.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\WINDOWS\system32\max1d1641.exe -> Dialer.GBDialer.i : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006458.exe -> Downloader.Adload.jm : No action taken.
C:\WINDOWS\system32\drivers\ndcia.sys -> Downloader.Agent.bcc : No action taken.
C:\WINDOWS\system32\trtbc.dll -> Downloader.Agent.bcc : No action taken.
[1068] C:\WINDOWS\system32\trtbc.dll -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006398.dll -> Downloader.Agent.bcd : No action taken.
C:\WINDOWS\system32\lsanp.dll -> Downloader.Agent.bcd : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006437.exe -> Downloader.Agent.bls : No action taken.
C:\WINDOWS\updater.exe -> Downloader.Agent.bls : No action taken.
C:\WINDOWS\g.exe -> Downloader.Banload.anp : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001678.exe -> Downloader.Delf.bas : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004308.exe -> Downloader.Delf.bas : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006998.exe -> Downloader.Delf.bas : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015116.exe -> Downloader.Delf.bas : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015175.exe -> Downloader.Delf.bas : No action taken.
C:\WINDOWS\system32\11761056252.exe -> Downloader.Delf.bas : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003219.DLL -> Downloader.Delf.qz : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004252.DLL -> Downloader.Delf.qz : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004280.DLL -> Downloader.Delf.qz : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004358.DLL -> Downloader.Delf.qz : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006380.DLL -> Downloader.Delf.qz : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009661.DLL -> Downloader.Delf.qz : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007040.dll -> Downloader.QQHe.ft : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009856.dll -> Downloader.QQHe.ft : No action taken.
C:\WINDOWS\system32\wbem\ocmor.dll -> Downloader.QQHe.ft : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004303.exe -> Downloader.QQHelper.es : No action taken.
C:\WINDOWS\system32\s_hh2.exe -> Downloader.QQHelper.es : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003210.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003244.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004243.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004271.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004317.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004320.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004349.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0005371.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006370.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006390.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006391.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006483.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006492.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006648.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006987.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006991.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006999.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007000.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007647.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0008647.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009647.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0010648.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0011647.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0012647.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013647.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013956.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0014956.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015029.dll -> Downloader.Small : No action taken.
C:\WINDOWS\996.exe -> Downloader.Small : No action taken.
C:\WINDOWS\bdf.exe -> Downloader.Small : No action taken.
C:\WINDOWS\hy1002.exe -> Downloader.Small : No action taken.
C:\WINDOWS\jubao139.exe -> Downloader.Small : No action taken.
C:\WINDOWS\system32\bind_50099.exe -> Downloader.Small : No action taken.
C:\WINDOWS\system32\bind_50201.exe -> Downloader.Small : No action taken.
C:\WINDOWS\system32\wbem\yqqzxsdo.dll -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009727.exe -> Downloader.Small.cwj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013724.exe -> Downloader.Small.cwj : No action taken.
C:\ryjb.exe -> Downloader.Small.cwj : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013718.exe -> Downloader.Small.eji : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003220.DLL -> Downloader.Small.ejw : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004253.DLL -> Downloader.Small.ejw : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004281.DLL -> Downloader.Small.ejw : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004359.DLL -> Downloader.Small.ejw : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006381.DLL -> Downloader.Small.ejw : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009665.DLL -> Downloader.Small.ejw : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006993.exe -> Downloader.Small.nsq : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006985.exe -> Downloader.Small.nsw : No action taken.
C:\Program Files\WindowsUpdate\2.exe -> Dropper.Agent.atn : No action taken.
C:\Program Files\WindowsUpdate\4.exe -> Dropper.Agent.atn : No action taken.
C:\Program Files\WindowsUpdate\5.exe -> Dropper.Agent.atn : No action taken.
C:\Program Files\WindowsUpdate\6.exe -> Dropper.Agent.atn : No action taken.
C:\Program Files\Common Files\CPUSH\Uninst.exe -> Dropper.BHO.av : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001680.exe -> Dropper.BHO.av : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006397.exe -> Dropper.BHO.av : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006644.exe -> Dropper.BHO.av : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0015106.exe -> Dropper.BHO.av : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001692.exe -> Hijacker.Agent.io : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001700.exe -> Hijacker.Agent.io : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001701.dll -> Hijacker.Agent.io : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0013726.exe -> Hijacker.Agent.is : No action taken.
C:\WINDOWS\system32\tcpipmon.exe -> Hijacker.Agent.is : No action taken.
C:\WINDOWS\~tmp332.exe -> Logger.Agent.pn : No action taken.
D:\mplay.com -> Logger.Agent.pn : No action taken.
D:\myplayer.com -> Logger.Agent.pn : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : No action taken.
:mozilla.507:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.212:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.34:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.35:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.36:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.37:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.38:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.39:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.40:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.42:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.43:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.44:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.45:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.46:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.47:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.508:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.51:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.780:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.799:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.881:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.239:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.399:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.779:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.478:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.479:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.480:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.481:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.482:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.483:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.703:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.704:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.781:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.791:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.839:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.840:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.923:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.925:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.926:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.453:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.454:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.455:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.456:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.457:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.458:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.459:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.460:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.105:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.106:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.107:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.109:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.110:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.111:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.119:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.120:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.625:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.626:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.544:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.563:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.564:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.558:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.578:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.579:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.493:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.494:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.495:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.496:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.876:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Centrport : No action taken.
:mozilla.877:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Centrport : No action taken.
:mozilla.604:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.605:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.354:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.355:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.363:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.501:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.673:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.937:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Dealtime : No action taken.
:mozilla.113:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.591:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.318:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.319:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.84:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.85:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.86:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.87:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.88:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.89:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.90:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.91:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.140:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.144:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.218:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.498:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.396:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.397:C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\ihtyl57j.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.581:C:\Documents and Settings\Me\Application Data&

Edited by Charlamagne, 11 April 2007 - 09:14 PM.


#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:45 PM

Posted 11 April 2007 - 09:23 PM

Hi Chuck,

C:\Program Files\Common Files\Ruango\Player.dll -> Adware.Agent : No action taken.
C:\WINDOWS\system32\4fdantos.dll -> Adware.Agent : No action taken.
C:\WINDOWS\system32\FP30PY.dll -> Adware.Agent : No action taken.
C:\WINDOWS\system32\player.dll -> Adware.Agent : No action taken.
C:\WINDOWS\inf\Itntern.exe -> Adware.AlexaBar : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002210.dll -> Adware.Baidu : No action taken.



The AVG antispyware log shows the bad stuff and if you look at the end of each line you will see "No action taken". This is because you did not set it up correctly, so all the bad stuff is still there. Please reread the instructions, reboot to the Safe Mode and run the scan again. :thumbsup:

Click "Complete System Scan" to start.

IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. <======

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the AVG Anti-Spyware 7.5 log, the BitDefender or Panda scan log and a fresh Hijackthis log.

Edited by SifuMike, 11 April 2007 - 09:24 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Charlamagne

Charlamagne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 April 2007 - 03:16 PM

heh im not that dumb :flowers: yea i saved the log first >< then applied the changes so it's pretty much applied for all and all is quarantined. however i was dumb enough to not save the bitdefender log :thumbsup:, so i'll do another bitdefender run while waiting for your next post and put that up

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:45 PM

Posted 12 April 2007 - 03:22 PM

After you post the BitDefender log, then post a fresh Hijackthis log and I will see what is left to fix. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Charlamagne

Charlamagne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 April 2007 - 06:43 PM

BitDefender Online Scanner







Scan report generated at: Wed, Apr 12, 2090 - 18:54:13









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;















Statistics

Time


00:00:00

Files


1089724

Folders


15504

Boot Sectors


3

Archives


20274

Packed Files


76106







Results

Identified Viruses


67

Infected Files


1876

Suspect Files


57

Warnings


0

Disinfected


876

Deleted Files


1057







Engines Info

Virus Definitions


485660

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\All Users\Templates\temp.exe


Infected with: Trojan.Muldrop.BX

C:\Documents and Settings\All Users\Templates\temp.exe


Disinfection failed

C:\Documents and Settings\All Users\Templates\temp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp501


Infected with: Trojan.BHO.AT

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp501


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp501


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\S1YR8XU7\71640[1].exe


Suspected of: GenPack:Generic.Malware.Bdldg.789BFC6C

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\S1YR8XU7\71640[1].exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\S1YR8XU7\71640[1].exe


Deleted

C:\Emulators\PS One\JustD3DXDLLJune\DXSETUP.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Emulators\PS One\JustD3DXDLLJune\DXSETUP.exe


Disinfection failed

C:\Emulators\PS One\JustD3DXDLLJune\DXSETUP.exe


Deleted

C:\Emulators\PS One\psxfin.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Emulators\PS One\psxfin.exe


Disinfection failed

C:\Emulators\PS One\psxfin.exe


Deleted

C:\Emulators\PS One\utils\cdztool.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Emulators\PS One\utils\cdztool.exe


Disinfection failed

C:\Emulators\PS One\utils\cdztool.exe


Deleted

C:\hp\drivers\hpiz486\setup\CCC\AccessDeniedUtility.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\CCC\AccessDeniedUtility.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\CCC\AccessDeniedUtility.exe


Deleted

C:\hp\drivers\hpiz486\setup\CCC\FixErr1714.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\CCC\FixErr1714.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\CCC\FixErr1714.exe


Deleted

C:\hp\drivers\hpiz486\setup\CCC\HPZlgc01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\CCC\HPZlgc01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\CCC\HPZlgc01.exe


Deleted

C:\hp\drivers\hpiz486\setup\CCC\HPZprs01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\CCC\HPZprs01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\CCC\HPZprs01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZapd01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZapd01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZapd01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZarp01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZarp01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZarp01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZcdl01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZcdl01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZcdl01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZchk01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZchk01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZchk01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZddv01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZddv01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZddv01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZdui01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZdui01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZdui01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZdxs01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZdxs01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZdxs01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZgat01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZgat01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZgat01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZlgc01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZlgc01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZlgc01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZmsi01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZmsi01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZmsi01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZnet01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZnet01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZnet01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZnfx01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZnfx01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZnfx01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZnop01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZnop01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZnop01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZopt01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZopt01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZopt01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZpnp01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZpnp01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZpnp01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZprl01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZprl01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZprl01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZpsc01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZpsc01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZpsc01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZpsl01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZpsl01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZpsl01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZrcv01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZrcv01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZrcv01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZrein01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZrein01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZrein01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZsaf01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZsaf01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZsaf01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZscr01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZscr01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZscr01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZshl01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZshl01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZshl01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZsui01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZsui01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZsui01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZtim01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZtim01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZtim01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZwis01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZwis01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZwis01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZwrp01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZwrp01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZwrp01.exe


Deleted

C:\hp\drivers\hpiz486\setup\HPZwup01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\HPZwup01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\HPZwup01.exe


Deleted

C:\hp\drivers\hpiz486\setup\mdfix01.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\mdfix01.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\mdfix01.exe


Deleted

C:\hp\drivers\hpiz486\setup\usbready.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\usbready.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\usbready.exe


Deleted

C:\hp\drivers\hpiz486\setup\wis\Win2K_XP\instmsi.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\wis\Win2K_XP\instmsi.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\wis\Win2K_XP\instmsi.exe


Deleted

C:\hp\drivers\hpiz486\setup\wis\Win9x\instmsi.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hpiz486\setup\wis\Win9x\instmsi.exe


Disinfection failed

C:\hp\drivers\hpiz486\setup\wis\Win9x\instmsi.exe


Deleted

C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe


Disinfection failed

C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe


Deleted

C:\hp\drivers\printers\deskjet\CopyInf.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\printers\deskjet\CopyInf.exe


Disinfection failed

C:\hp\drivers\printers\deskjet\CopyInf.exe


Deleted

C:\hp\drivers\printers\deskjet\hpbvspst.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\printers\deskjet\hpbvspst.exe


Disinfection failed

C:\hp\drivers\printers\deskjet\hpbvspst.exe


Deleted

C:\hp\drivers\printers\deskjet\hpzglu10.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\printers\deskjet\hpzglu10.exe


Disinfection failed

C:\hp\drivers\printers\deskjet\hpzglu10.exe


Deleted

C:\hp\drivers\printers\deskjet\program files\HP\Digital Imaging\bin\hpqpprop.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\printers\deskjet\program files\HP\Digital Imaging\bin\hpqpprop.exe


Disinfection failed

C:\hp\drivers\printers\deskjet\program files\HP\Digital Imaging\bin\hpqpprop.exe


Deleted

C:\hp\drivers\printers\deskjet\program files\HP\hp deskjet 3840 series\START.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\printers\deskjet\program files\HP\hp deskjet 3840 series\START.exe


Disinfection failed

C:\hp\drivers\printers\deskjet\program files\HP\hp deskjet 3840 series\START.exe


Deleted

C:\hp\drivers\printers\deskjet\util\common\hpfpdi10.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\printers\deskjet\util\common\hpfpdi10.exe


Disinfection failed

C:\hp\drivers\printers\deskjet\util\common\hpfpdi10.exe


Deleted

C:\hp\drivers\printers\deskjet\util\common\hpzghl10.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\printers\deskjet\util\common\hpzghl10.exe


Disinfection failed

C:\hp\drivers\printers\deskjet\util\common\hpzghl10.exe


Deleted

C:\hp\drivers\printers\deskjet\util\common\hpzpin10.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\drivers\printers\deskjet\util\common\hpzpin10.exe


Disinfection failed

C:\hp\drivers\printers\deskjet\util\common\hpzpin10.exe


Deleted

C:\hp\KBD\KBD.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\hp\KBD\KBD.exe


Disinfection failed

C:\hp\KBD\KBD.exe


Deleted

C:\MSOffice\Office\FASTBOOT.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\MSOffice\Office\FASTBOOT.EXE


Disinfection failed

C:\MSOffice\Office\FASTBOOT.EXE


Deleted

C:\MSOffice\Office\MSOW.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\MSOffice\Office\MSOW.EXE


Disinfection failed

C:\MSOffice\Office\MSOW.EXE


Deleted

C:\MSOffice\Office\Setup\ACME.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\MSOffice\Office\Setup\ACME.EXE


Disinfection failed

C:\MSOffice\Office\Setup\ACME.EXE


Deleted

C:\MSOffice\Powerpnt\PPTVIEW.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\MSOffice\Powerpnt\PPTVIEW.EXE


Disinfection failed

C:\MSOffice\Powerpnt\PPTVIEW.EXE


Deleted

C:\MSOffice\Powerpnt\PPVISEX.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\MSOffice\Powerpnt\PPVISEX.EXE


Disinfection failed

C:\MSOffice\Powerpnt\PPVISEX.EXE


Deleted

C:\My Downloads\Backup crack\MOHAA.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\My Downloads\Backup crack\MOHAA.exe


Disinfection failed

C:\My Downloads\Backup crack\MOHAA.exe


Deleted

C:\My Downloads\DAEMON\Add-ons\daemon347.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\My Downloads\DAEMON\Add-ons\daemon347.exe


Disinfection failed

C:\My Downloads\DAEMON\Add-ons\daemon347.exe


Deleted

C:\My Downloads\DAEMON\Add-ons\starport.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\My Downloads\DAEMON\Add-ons\starport.exe


Disinfection failed

C:\My Downloads\DAEMON\Add-ons\starport.exe


Deleted

C:\My Downloads\DAEMON\Add-ons\starwind.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\My Downloads\DAEMON\Add-ons\starwind.exe


Disinfection failed

C:\My Downloads\DAEMON\Add-ons\starwind.exe


Deleted

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\id3-tag for VirtualDJ v2.01\id3-tag for VirtualDJ v2.01 - Setup.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\id3-tag for VirtualDJ v2.01\id3-tag for VirtualDJ v2.01 - Setup.exe


Disinfection failed

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\id3-tag for VirtualDJ v2.01\id3-tag for VirtualDJ v2.01 - Setup.exe


Deleted

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\VirtualDJ v2.01 - Crack.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\VirtualDJ v2.01 - Crack.exe


Disinfection failed

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\VirtualDJ v2.01 - Crack.exe


Deleted

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\VirtualDJ v2.01 - Install.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\VirtualDJ v2.01 - Install.exe


Disinfection failed

C:\My Downloads\Virtual DJ v2.01\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\VirtualDJ v2.01 - Install.exe


Deleted

C:\Python22\Lib\site-packages\pythonwin\Pythonwin.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Python22\Lib\site-packages\pythonwin\Pythonwin.exe


Disinfection failed

C:\Python22\Lib\site-packages\pythonwin\Pythonwin.exe


Deleted

C:\Python22\Lib\site-packages\win32\pythonservice.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Python22\Lib\site-packages\win32\pythonservice.exe


Disinfection failed

C:\Python22\Lib\site-packages\win32\pythonservice.exe


Deleted

C:\Python22\Lib\site-packages\win32\win32popenWin9x.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Python22\Lib\site-packages\win32\win32popenWin9x.exe


Disinfection failed

C:\Python22\Lib\site-packages\win32\win32popenWin9x.exe


Deleted

C:\Python22\python.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Python22\python.exe


Disinfection failed

C:\Python22\python.exe


Deleted

C:\Python22\pythonw.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Python22\pythonw.exe


Disinfection failed

C:\Python22\pythonw.exe


Deleted

C:\Python22\Removepywin32.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Python22\Removepywin32.exe


Disinfection failed

C:\Python22\Removepywin32.exe


Deleted

C:\Python22\UNWISE.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Python22\UNWISE.EXE


Disinfection failed

C:\Python22\UNWISE.EXE


Deleted

C:\Python22\w9xpopen.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\Python22\w9xpopen.exe


Disinfection failed

C:\Python22\w9xpopen.exe


Deleted

C:\rising.exe


Suspected of: GenPack:Generic.Malware.Bdldg.B541AFD7

C:\rising.exe


Disinfection failed

C:\rising.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP0\A0000112.rbf


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP0\A0000112.rbf


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP0\A0000113.rbf


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP0\A0000113.rbf


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000160.rbf


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000160.rbf


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000161.rbf


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000161.rbf


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000162.rbf


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000162.rbf


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000163.rbf


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000163.rbf


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000172.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000172.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000175.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000175.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000178.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000178.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000337.EXE


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000337.EXE


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000405.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000405.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000417.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000417.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000418.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000418.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000433.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000433.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000474.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000474.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000475.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0000475.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001670.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001670.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001671.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001671.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001689.exe=>(RAR Sfx o)=>cone.exe


Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001689.exe=>(RAR Sfx o)=>cone.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001689.exe=>(RAR Sfx o)=>cone.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001689.exe=>(RAR Sfx o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001689.exe=>(RAR Sfx o)=>SSG.exe


Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001689.exe=>(RAR Sfx o)=>SSG.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001689.exe=>(RAR Sfx o)=>SSG.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001689.exe=>(RAR Sfx o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001702.exe


Infected with: Dropped:Adware.Baidubar.J

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001702.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001702.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001703.exe


Suspected of: GenPack:Generic.Malware.Bdldg.DB861875

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001703.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0001703.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002199.exe


Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002199.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002199.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002203.exe


Infected with: Trojan.Downloader.Barbs.A

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002203.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002204.exe


Infected with: MemScan:Trojan.Agent.Small.K

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002204.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002204.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002206.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002206.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002206.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002207.exe


Infected with: Dropped:Win32.Worm.Viking.LP

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002207.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002207.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002213.exe=>(NSIS o)=>lzma_nsis0001


Infected with: Trojan.Downloader.Agent.AOG

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002213.exe=>(NSIS o)=>lzma_nsis0001


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002213.exe=>(NSIS o)=>lzma_nsis0001


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0002213.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003225.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003225.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003225.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003226.dll


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003226.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003226.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003232.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003232.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0003232.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004256.dll


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004256.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004256.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004264.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004264.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004264.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004284.dll


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004284.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004284.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004290.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004290.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004290.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004291.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004291.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004291.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004292.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004292.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004292.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004295.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004295.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004295.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004299.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004299.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004299.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004300.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004300.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004300.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004301.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004301.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004301.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004309.exe


Infected with: Trojan.Downloader.Delf.NMS

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004309.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004309.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004314.exe


Suspected of: Trojan.Downloader.Gen

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004314.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004314.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004315.exe


Infected with: DeepScan:Generic.Dld.ADL.7943187A

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004315.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004315.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004319.exe


Suspected of: GenPack:Generic.Malware.Bdldg.B064B6E8

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004319.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004319.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004321.exe=>(NSIS o)=>lzma_solid_nsis0001=>(NSIS o)=>lzma_nsis0001


Infected with: Trojan.Downloader.Agent.AOG

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004321.exe=>(NSIS o)=>lzma_solid_nsis0001=>(NSIS o)=>lzma_nsis0001


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004321.exe=>(NSIS o)=>lzma_solid_nsis0001=>(NSIS o)=>lzma_nsis0001


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004321.exe=>(NSIS o)=>lzma_solid_nsis0001=>(NSIS o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004324.exe


Suspected of: BehavesLike:Win32.Malware

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004324.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004324.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004325.exe


Infected with: Trojan.Downloader.Barbs.A

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004325.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004329.exe


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004329.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004329.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004330.exe


Infected with: MemScan:Trojan.Agent.Small.K

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004330.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004330.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004331.exe


Infected with: Dropped:Win32.Worm.Viking.LP

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004331.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004331.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004333.exe=>(NSIS o)=>lzma_solid_nsis0001


Infected with: Trojan.Rootkit.AV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004333.exe=>(NSIS o)=>lzma_solid_nsis0001


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004333.exe=>(NSIS o)=>lzma_solid_nsis0001


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004333.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004333.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Downloader.AUX

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004333.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004333.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004333.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004345.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004345.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004345.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004362.dll


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004362.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0004362.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006383.dll


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006383.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006383.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006393.exe=>(NSIS o)=>lzma_solid_nsis0001


Infected with: Trojan.Rootkit.AV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006393.exe=>(NSIS o)=>lzma_solid_nsis0001


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006393.exe=>(NSIS o)=>lzma_solid_nsis0001


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006393.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006393.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Downloader.AUX

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006393.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006393.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006393.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006395.EXE


Suspected of: GenPack:Generic.Malware.Bdldg.B064B6E8

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006395.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006395.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006400.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006400.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006400.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006408.exe


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006408.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006408.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006425.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006425.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006425.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006438.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006438.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006438.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006453.exe


Infected with: Dropped:Win32.Worm.Viking.LP

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006453.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006453.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006455.dll


Infected with: Trojan.Clicker.Soso.A

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006455.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006455.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006481.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006481.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006481.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006482.exe


Infected with: MemScan:Trojan.Agent.Small.K

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006482.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006482.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006484.exe


Infected with: DeepScan:Generic.Dld.ADL.3AAD2F84

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006484.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006484.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006493.exe


Infected with: Trojan.Downloader.Barbs.A

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006493.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006495.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006495.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006495.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006496.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006496.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006496.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006497.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006497.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006497.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006502.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006502.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006502.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006503.exe


Infected with: Dropped:Adware.Baidubar.J

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006503.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP2\A0006503.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006507.exe


Infected with: Backdoor.Awq.B

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006507.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006507.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP3\A0006509.exe


Infected with: Backdoor.Awq.B

C:\System Volume Information\

#10 Charlamagne

Charlamagne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 April 2007 - 06:48 PM

Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006932.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006932.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006933.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006933.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006933.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006934.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006934.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006934.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006935.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006935.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006936.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006936.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006936.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006937.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006937.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006937.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006938.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006938.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006938.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006939.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006939.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006939.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006940.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006940.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006940.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006941.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006941.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006941.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006942.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006942.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006942.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006943.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006943.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006943.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006944.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006944.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006944.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006945.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006945.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006945.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006946.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006946.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006946.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006947.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006947.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006948.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006948.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006948.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006949.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006949.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006949.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006950.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006950.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006950.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006951.EXE


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006951.EXE


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006952.EXE


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006952.EXE


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006953.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006953.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006953.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006954.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006954.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006954.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006955.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006955.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006955.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006956.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006956.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006956.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006957.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006957.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006957.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006958.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006958.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006958.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006959.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006959.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006959.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006960.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006960.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006960.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006961.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006961.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006961.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006962.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006962.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006963.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006963.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006964.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006964.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006965.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006965.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006966.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006966.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006966.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006967.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006967.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006967.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006968.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006968.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006968.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006969.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006969.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006969.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006970.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006970.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006970.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006971.exe


Infected with: Generic.Malware.SYddld.515AC76A

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006971.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006971.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006973.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006973.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006974.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006974.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006974.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006975.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006975.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006975.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006976.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006976.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006976.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006977.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006977.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006977.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006978.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006978.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006979.exe


Infected with: Trojan.Muldrop.BX

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006979.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006979.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006983.exe


Suspected of: Trojan.Downloader.Gen

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006983.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006983.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006984.exe


Infected with: Trojan.Downloader.Harnig.XB

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006984.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006984.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006986.exe


Suspected of: GenPack:Generic.Malware.Bdld.B3FCB966

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006986.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006986.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006988.exe


Infected with: Trojan.Downloader.Harnig.XB

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006988.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006988.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006994.exe


Suspected of: GenPack:Generic.Malware.Bdldg.789BFC6C

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006994.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006994.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006995.exe


Infected with: Trojan.Downloader.Delf.NMS

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006995.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006995.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006996.exe


Infected with: Backdoor.Awq.B

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006996.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006996.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006997.exe


Infected with: DeepScan:Generic.Dld.ADL.B51A4987

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006997.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0006997.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007001.exe


Infected with: Trojan.Downloader.Harnig.XB

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007001.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007001.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007002.exe


Infected with: MemScan:Trojan.Agent.Small.K

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007002.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007002.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007003.exe


Suspected of: GenPack:Generic.Malware.Bdldg.789BFC6C

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007003.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007003.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007004.exe


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007004.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007004.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007005.exe


Suspected of: GenPack:Generic.Malware.Bdldg.A055FD1A

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007005.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007005.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007006.exe


Suspected of: Trojan.Downloader.Gen

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007006.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007006.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007007.exe


Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007007.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007007.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007009.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007009.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007010.EXE


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007010.EXE


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007011.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007011.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007012.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007012.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007013.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007013.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007013.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007014.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007014.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007015.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007015.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007015.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007016.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007016.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007016.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007017.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007017.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007017.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007018.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007018.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007018.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007019.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007019.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007019.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007020.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007020.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007020.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007021.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007021.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007021.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007022.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007022.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007022.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007023.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007023.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007023.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007024.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007024.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007024.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007025.exe


Infected with: Trojan.Isbar.384

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007025.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007025.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007026.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007026.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007027.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007027.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007028.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007028.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007029.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007029.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007030.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007030.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007031.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007031.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007032.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007032.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007033.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007033.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007034.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007034.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007035.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007035.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007036.exe


Suspected of: Trojan.Downloader.Gen

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007036.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007036.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007039.exe


Infected with: Trojan.Dldr.Qqhelper.O

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007039.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007039.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007052.exe=>(NSIS o)=>bzip2_solid_nsis0003


Detected with: Adware.Baidubar.J

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007052.exe=>(NSIS o)=>bzip2_solid_nsis0003


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007052.exe=>(NSIS o)=>bzip2_solid_nsis0003


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0007052.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009660.DLL


Infected with: MemScan:Backdoor.Hupigon.CFK

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009660.DLL


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009660.DLL


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009663.exe


Infected with: Win32.Worm.Viking.LP

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009663.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009663.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009663.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009663.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009667.dll


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009667.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009667.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009678.EXE


Suspected of: GenPack:Generic.Malware.Bdldg.789BFC6C

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009678.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009678.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009683.exe


Suspected of: Trojan.Downloader.Gen

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009683.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009683.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009699.dll


Infected with: Trojan.BHO.AT

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009699.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009699.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009702.dll


Infected with: Trojan.BHO.AT

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009702.dll


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009702.dll


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009707.exe


Infected with: Backdoor.Hupigon.BV

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009707.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009707.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009722.exe


Infected with: Trojan.Muldrop.BX

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009722.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009722.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009723.exe


Suspected of: Trojan.Downloader.Gen

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009723.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009723.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009724.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009724.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009725.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009725.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009726.exe


Infected with: Win32.Worm.Viking.LR

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009726.exe


Disinfected

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009728.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009728.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009728.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009729.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009729.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009729.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009730.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009730.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009730.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009731.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009731.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009731.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009732.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009732.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009732.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009733.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009733.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009733.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009734.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009734.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009734.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009735.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009735.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009735.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009736.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009736.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009736.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009737.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009737.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009737.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009738.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009738.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009738.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009739.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009739.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009739.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009740.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009740.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009740.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009741.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009741.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009741.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009742.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009742.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009742.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009743.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009743.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009743.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009744.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009744.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009744.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009745.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009745.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009745.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009746.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009746.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009746.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009747.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009747.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009747.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009748.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009748.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009748.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009749.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009749.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009749.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009750.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009750.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009750.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009751.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009751.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009751.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009752.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009752.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009752.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009753.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009753.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009753.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009754.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009754.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009754.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009755.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009755.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009755.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009756.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009756.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009756.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009757.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009757.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009757.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009758.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009758.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009758.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009759.EXE


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009759.EXE


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009759.EXE


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009760.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009760.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009760.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009761.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009761.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009761.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009762.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009762.exe


Disinfection failed

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009762.exe


Deleted

C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0009763.exe


Infected with: GenPack:Win32.Worm.Viking.IZ

C:\System Volume Information&

#11 Charlamagne

Charlamagne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 April 2007 - 06:49 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:36:45 PM, on 4/12/2090
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bitdefender.com/scan8/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eqibbs.com/adc_do.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesear...esearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customse...msearch-en.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/divx/divx6/new/en?rcv=1...dist=divxdotcom
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\WINDOWS\HKCMD1.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: (no name) - {9a0d5d29-2bd4-40f7-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\40f7cfsb.dll
O2 - BHO: (no name) - {bcb15f09-1bf4-4fda-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4fdantos.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CPPIE Class - {C6844939-C324-41E0-84D0-D42F8DA5EBAD} - C:\WINDOWS\system32\hbcmd.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 1bf4 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4fdantos.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [User01] C:\Program Files\Internet Explorer\SVCHOST.EXE
O4 - HKLM\..\Run: [winform] C:\WINDOWS\winform.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [ctfm0n.exe] c:\windows\system32\mscore\mscore.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\HKCMD3.exe] C:\WINDOWS\system32\HKCMD3.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\HKCMD4.exe] C:\WINDOWS\system32\HKCMD4.exe
O4 - HKLM\..\Run: [edxbi7c] rundll32.exe C:\WINDOWS\cydbtdo.dll _start@16
O4 - HKLM\..\Run: [44hammrb] rundll32.exe C:\WINDOWS\2kk3iqgojl.dll _start@16
O4 - HKLM\..\RunOnce: [nwoxcc84] %systemroot%\system32\Rundll32.exe %systemroot%\system32\nwoxcc84.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [nahkuv37] %systemroot%\system32\Rundll32.exe %systemroot%\system32\nahkuv37.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [ds16ga] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ds16ga.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ƹͨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\Ƹͨ\caif.dll (file missing) (HKCU)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: advwhes - C:\WINDOWS\SYSTEM32\WshRrn.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: sclgntfys - C:\WINDOWS\sclgntfys.dll
O21 - SSODL: CDRecorder036 - {A3BC5E20-0235-1ABF-9CE1-00AA00512036} - C:\WINDOWS\system32\mtei32.dll (file missing)
O23 - Service: 1D3E9EB2 - Unknown owner - C:\WINDOWS\system32\1D3E9EB2.EXE (file missing)
O23 - Service: 4AD367B5 - Unknown owner - C:\WINDOWS\system32\4AD367B5.EXE (file missing)
O23 - Service: 807E4F4 - Unknown owner - C:\WINDOWS\system32\807E4F4.EXE (file missing)
O23 - Service: 93A3A6B6 - Unknown owner - C:\WINDOWS\system32\93A3A6B6.EXE (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: error monitor (EmonSrv) - Unknown owner - C:\WINDOWS\system32\lfrmewrk.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IEAgent service (IEAgent) - Unknown owner - C:\WINDOWS\system32\ieagent.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IS Service (ISSVC) - Unknown owner - c:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: kkdj3sdf3 - Unknown owner - C:\WINDOWS\system32\kkdj3sdf3.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows User Mode Driver (UMWdfmgr) - Unknown owner - rundll32.exe (file missing)




phew ! wow sorry. i feel like a post spammer, but only let me post 100k characters per post :thumbsup: so yea. split them up. thats bitdefender+hijackthis here. help plz :flowers:

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:45 PM

Posted 12 April 2007 - 11:08 PM

Hi Chuck,

Looks like you are getting even more malware than last time you were here. :thumbsup: Now you have some nasty chinese malware on this computer.


Please download A-Squared Free, save it to the desktop.
  • Double-click on a2FreeSetup.exe, follow the installer's instructions.
  • At the end of the install process, make sure Launch a-squared Free is checked, then click Finish.
  • When it launches, it will ask you if you would like to update, click Yes, it will take a few moments to update.
  • When done with the update, if it asks you to restart the application, click Yes.
  • At the main menu, click Scan Now, there will be 4 options, choose Deep Scan.
  • At the end of the scan, click Save Report. Save the report to somewhere convenient, such as your desktop.
  • If malware is found, select all found and click Quarantine selected objects.
*******************************************

Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\WINDOWS\HKCMD1.exe
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: (no name) - {9a0d5d29-2bd4-40f7-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\40f7cfsb.dll
O2 - BHO: (no name) - {bcb15f09-1bf4-4fda-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4fdantos.dll
O2 - BHO: CPPIE Class - {C6844939-C324-41E0-84D0-D42F8DA5EBAD} - C:\WINDOWS\system32\hbcmd.dll
O3 - Toolbar: 1bf4 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4fdantos.dll
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\Run: [User01] C:\Program Files\Internet Explorer\SVCHOST.EXE
O4 - HKLM\..\Run: [winform] C:\WINDOWS\winform.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [edxbi7c] rundll32.exe C:\WINDOWS\cydbtdo.dll _start@16
O4 - HKLM\..\Run: [44hammrb] rundll32.exe C:\WINDOWS\2kk3iqgojl.dll _start@16
O4 - HKLM\..\RunOnce: [nwoxcc84] %systemroot%\system32\Rundll32.exe %systemroot%\system32\nwoxcc84.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [nahkuv37] %systemroot%\system32\Rundll32.exe %systemroot%\system32\nahkuv37.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [ds16ga] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ds16ga.dll,DllUnregisterServer
O9 - Extra button: Ƹͨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\Ƹͨ\caif.dll (file missing) (HKCU)
O20 - Winlogon Notify: advwhes - C:\WINDOWS\SYSTEM32\WshRrn.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: sclgntfys - C:\WINDOWS\sclgntfys.dll
O21 - SSODL: CDRecorder036 - {A3BC5E20-0235-1ABF-9CE1-00AA00512036} - C:\WINDOWS\system32\mtei32.dll (file missing)
O23 - Service: 1D3E9EB2 - Unknown owner - C:\WINDOWS\system32\1D3E9EB2.EXE (file missing)
O23 - Service: 4AD367B5 - Unknown owner - C:\WINDOWS\system32\4AD367B5.EXE (file missing)
O23 - Service: 807E4F4 - Unknown owner - C:\WINDOWS\system32\807E4F4.EXE (file missing)
O23 - Service: 93A3A6B6 - Unknown owner - C:\WINDOWS\system32\93A3A6B6.EXE (file missing
O23 - Service: IEAgent service (IEAgent) - Unknown owner - C:\WINDOWS\system32\ieagent.exe (file missing)
O23 - Service: kkdj3sdf3 - Unknown owner - C:\WINDOWS\system32\kkdj3sdf3.exe (file missing)
O23 - Service: Windows User Mode Driver (UMWdfmgr) - Unknown owner - rundll32.exe (file missing)


*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\Program Files\Internet Explorer\SVCHOST.EXE <==file Be very careful. DO NOT to delete the legit SVCHOST.EXE file in the C:\system32 folder

c:\WINDOWS\HKCMD1.exe <==file
C:\WINDOWS\system32\4fdantos.dll <==file
C:\WINDOWS\uninstall\rundl132.exe <==file
C:\WINDOWS\winform.exe <==file
C:\Program Files\Common Files\System\Updaterun.exe <==file
C:\system32\tcpipmon.exe <==file
C:\WINDOWS\cydbtdo.dll _start@16 <==file
C:\WINDOWS\2kk3iqgojl.dll _start@16 <==file
C:\system32\nwoxcc84.dll <==file
C:\system32\nahkuv37.dll <==file
C:\systemroot%\system32\ds16ga.dll <==file
C:\WINDOWS\SYSTEM32\WshRrn.dll <==file
C:\WINDOWS\system32\rpcc.dll <==file
C:\WINDOWS\sclgntfys.dll <==file




*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

Do not use the "Issues" block . It's meant for professionals.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

Reboot to the Normal Mode


*******************************************


Reboot to the Normal Mode

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.





Post a new Hijackthis log, the ComboFix log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Charlamagne

Charlamagne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 15 April 2007 - 10:22 PM

Logfile of HijackThis v1.99.1
Scan saved at 23:14, on 90-04-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bitdefender.com/scan8/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eqibbs.com/adc_do.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesear...esearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customse...msearch-en.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/divx/divx6/new/en?rcv=1...dist=divxdotcom
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: (no name) - {9a0d5d29-2bd4-40f7-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\40f7cfsb.dll
O2 - BHO: (no name) - {bcb15f09-1bf4-4fda-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4fdantos.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CPPIE Class - {C6844939-C324-41E0-84D0-D42F8DA5EBAD} - C:\WINDOWS\system32\hbcmd.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 1bf4 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4fdantos.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ctfm0n.exe] c:\windows\system32\mscore\mscore.exe
O4 - HKLM\..\RunOnce: [nwoxcc84] %systemroot%\system32\Rundll32.exe %systemroot%\system32\nwoxcc84.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [nahkuv37] %systemroot%\system32\Rundll32.exe %systemroot%\system32\nahkuv37.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [ds16ga] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ds16ga.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: sclgntfys - C:\WINDOWS\sclgntfys.dll
O20 - Winlogon Notify: winshfhc - C:\WINDOWS\SYSTEM32\winshfhc.dIl
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: error monitor (EmonSrv) - Unknown owner - C:\WINDOWS\system32\lfrmewrk.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IEAgent service (IEAgent) - Unknown owner - C:\WINDOWS\system32\ieagent.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IS Service (ISSVC) - Unknown owner - c:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows User Mode Driver (UMWdfmgr) - Unknown owner - rundll32.exe (file missing)

hmm k so i noticed some problems.
first off when i run windows in safemode, at the start i get an error message that says /device/harddisk2/DR5, harddisk3/DR6.... 4/..7 5/..8 2/..5 3/..6 4/..7 5/..8
second, when i run combofix.exe a error comes up; vfind.cfexe application error comes up.
and third, noticing some of the files told me to fix in hijackthis have reappeared upon start up
gah :thumbsup:

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:45 PM

Posted 16 April 2007 - 01:06 AM

Hi Chuck,

first off when i run windows in safemode, at the start i get an error message that says /device/harddisk2/DR5, harddisk3/DR6.... 4/..7 5/..8 2/..5 3/..6 4/..7 5/..8


Is this a company computer?

As a sidenote - I see you're not afraid of visiting crack sites- using illegal software. :thumbsup: Because from the logs I can see/recognise that you actually installed some plugins that appear on cracksites to get access to the cracks. They install the malware on your system.
If you visit cracksites, use cracks, you'll ALWAYS get infected. :flowers: This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.

We may not ever be able to repair the damage that has been done to this computer. :huh:

*****************

Please see Here to see how to show hidden files in windows.

Please go to UploadMalware to upload a suspicious files for analysis.

Enter your username from this forum
Copy and paste the link to this thread
Browse for these file names:

C:\WINDOWS\system32\wbem\lsass.exe
C:\WINDOWS\system32\40f7cfsb.dll
C:\WINDOWS\system32\4fdantos.dll
C:\WINDOWS\system32\hbcmd.dll
C:\WINDOWS\system32\nwoxcc84.dll
C:\WINDOWS\system32\nahkuv37.dll
C:\WINDOWS\system32\ds16ga.dll
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\sclgntfys.dll
C:\WINDOWS\SYSTEM32\winshfhc.dIl
C:\WINDOWS\system32\lfrmewrk.exe
C:\WINDOWS\system32\ieagent.exe



In the comments, please mention that I asked you to upload this file
Click on Send File


*****************

when i run combofix.exe a error comes up; vfind.cfexe application error comes up

.
Please make sure that the error is correct, as I will have to report it to the person that creates this tool.
Are you sure it says vfind.cfexe and not vfind.exe?


Since the infection has returned, I want you to run AVG antispyware again, in the Safe Mode.
See my previous instrucitons on how to run it the Safe Mode.
Then post the AVG antispyware log.


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log. The Hijackthis log you posted was run from the Safe Mode and does not show all the running process.
    I need to see all the running processes to help you.

Edited by SifuMike, 16 April 2007 - 04:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:45 PM

Posted 22 April 2007 - 12:47 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users