Jump to content
Sign in to follow this  
PeterF1991

Millions and Millions of Popups!!!

Recommended Posts

Lately I've been getting lots and lots of yyy65 popups, when I come home from school and my computer is on I'll have anywhere from 10-50 popups. Sometimes I'll have extra toolbars or programs, things like that. The weird thing is that the popups don't come while I'm browsing the internet or even have an Internet Explorer window open, they just pop up while my computer is on!! I've tried several removal programs and they usually find things, remove them, but everything just keeps coming back!

 

Here's an HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 4:01:47 PM, on 2/16/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\wmplayer\wmplayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\winsysban8.exe

C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

C:\Program Files\AIM\aim.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Common Files\Windows\services32.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\Program Files\Common Files\Windows\AutoIt3.exe

C:\Program Files\InetGet2\emg2.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\InetGet2\webhost2.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\awtsp.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe

O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe

O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe

O4 - HKLM\..\Run: [] p2pnetworking.exe

O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKLM\..\RunServices: [] p2pnetworking.exe

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2

O20 - AppInit_DLLs: repairs302972994.dll

O20 - Winlogon Notify: awtsp - C:\WINDOWS\System32\awtsp.dll

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\m264lcjq1foe.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

Any help will be greatly appreciated.

 

Thanks,

Peter Ferranto

Share this post


Link to post
Share on other sites

Hi Peter.

 

Please download Look2Me-Destroyer.exe by Atribune to your desktop.

  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

 

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Share this post


Link to post
Share on other sites

Alright, did what you said. I looked in C:/ and the Look2Me txt wasn't there. I also ran a search on it, it wasn't found...

 

But here's my new HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 3:20:19 PM, on 2/19/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\winsysban9.exe

C:\Program Files\wmplayer\wmplayer.exe

C:\WINDOWS\system32\p2pnetworking.exe

C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\VCClient\VCClient.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - Default URLSearchHook is missing

O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\awtsp.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto

O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe

O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames9.exe

O4 - HKLM\..\Run: [] p2pnetworking.exe

O4 - HKLM\..\Run: [wgtaojnA] C:\WINDOWS\wgtaojnA.exe

O4 - HKLM\..\Run: [loader.exeSetup.exeR] C:\WINDOWS\system32\loader.exeSetup.exeR

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKLM\..\RunServices: [] p2pnetworking.exe

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2

O20 - Winlogon Notify: awtsp - C:\WINDOWS\System32\awtsp.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Share this post


Link to post
Share on other sites

O.K. We've gotten rid of one nasty, let's tackle the others:

 

Please download VirtumundoBeGone from here:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

  • Save it to your Desktop.
  • Close all running programs (including your Internet Browser).
  • Double-click VirtumundoBeGone.exe on the desktop.
  • Follow the directions as indicated.
Please note that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.

 

When it has finished, reboot and post the log that is created on your desktop called VBG.TXT in your next reply along with a new HijackThis log.

Share this post


Link to post
Share on other sites

Alright, all done. Here's the VBG txt:

 

 

[02/19/2006, 22:15:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Peter.PETERS-COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\3EZ3OAHS\VirtumundoBeGone[1].exe" )

[02/19/2006, 22:15:30] - Detected System Information:

[02/19/2006, 22:15:30] - Windows Version: 5.1.2600, Service Pack 2

[02/19/2006, 22:15:30] - Current Username: Peter (Admin)

[02/19/2006, 22:15:30] - Windows is in NORMAL mode.

[02/19/2006, 22:15:30] - Searching for Browser Helper Objects:

[02/19/2006, 22:15:30] - BHO 1: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} (MSEvents Object)

[02/19/2006, 22:15:30] - ALERT: Found MSEvents Object!

[02/19/2006, 22:15:30] - Finished Searching Browser Helper Objects

[02/19/2006, 22:15:30] - *** Detected MSEvents Object

[02/19/2006, 22:15:30] - Trying to remove MSEvents Object...

[02/19/2006, 22:15:31] - Terminating Process: IEXPLORE.EXE

[02/19/2006, 22:15:31] - Terminating Process: RUNDLL32.EXE

[02/19/2006, 22:15:31] - Disabling Automatic Shell Restart

[02/19/2006, 22:15:31] - Terminating Process: EXPLORER.EXE

[02/19/2006, 22:15:32] - Suspending the NT Session Manager System Service

[02/19/2006, 22:15:32] - Terminating Windows NT Logon/Logoff Manager

[02/19/2006, 22:15:33] - Re-enabling Automatic Shell Restart

[02/19/2006, 22:15:33] - File to disable: C:\WINDOWS\System32\awtsp.dll

[02/19/2006, 22:15:33] - Renaming C:\WINDOWS\System32\awtsp.dll -> C:\WINDOWS\System32\awtsp.dll.vir

[02/19/2006, 22:15:35] - File successfully renamed!

[02/19/2006, 22:15:35] - Removing HKLM\...\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}

[02/19/2006, 22:15:35] - Removing HKCR\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}

[02/19/2006, 22:15:36] - Adding Kill Bit for ActiveX for GUID: {FC148228-87E1-4D00-AC06-58DCAA52A4D1}

[02/19/2006, 22:15:36] - Deleting ATLEvents/MSEvents Registry entries

[02/19/2006, 22:15:37] - Removing HKLM\...\Winlogon\Notify\awtsp

[02/19/2006, 22:15:37] - Searching for Browser Helper Objects:

[02/19/2006, 22:15:37] - Finished Searching Browser Helper Objects

[02/19/2006, 22:15:37] - Finishing up...

[02/19/2006, 22:15:37] - A restart is needed.

[02/19/2006, 22:16:04] - Attempting to Restart via STOP error (Blue Screen!)

 

And here's a new HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:22:11 PM, on 2/19/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\windows\winsysban9.exe

C:\Program Files\wmplayer\wmplayer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\p2pnetworking.exe

C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

C:\Program Files\Common Files\VCClient\VCClient.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto

O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe

O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames9.exe

O4 - HKLM\..\Run: [] p2pnetworking.exe

O4 - HKLM\..\Run: [wgtaojnA] C:\WINDOWS\wgtaojnA.exe

O4 - HKLM\..\Run: [loader.exeSetup.exeR] C:\WINDOWS\system32\loader.exeSetup.exeR

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKLM\..\RunServices: [] p2pnetworking.exe

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

Peter

Share this post


Link to post
Share on other sites

Restart HijackThis and put checks next to the following, close all browser windows (including this one) then click on 'Fix Checked':

 

R3 - Default URLSearchHook is missing

 

O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto

O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe

O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames9.exe

O4 - HKLM\..\Run: [] p2pnetworking.exe

O4 - HKLM\..\Run: [wgtaojnA] C:\WINDOWS\wgtaojnA.exe

O4 - HKLM\..\Run: [loader.exeSetup.exeR] C:\WINDOWS\system32\loader.exeSetup.exeR

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKLM\..\RunServices: [] p2pnetworking.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe

 

Set Windows to show hidden files:

 

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK. You should reverse these settings when we have you cleaned up.

 

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

 

http://www.pchell.com/support/safemode.shtml

 

Navigate to and delete the following files:

 

C:\windows\winsysban9.exe <-------- Delete this file.

C:\WINDOWS\wgtaojnA.exe <-------- Delete this file.

C:\Program Files\wmplayer\wmplayer.exe <-------- Delete this file.

C:\Program Files\outlook\outlook.exe <-------- Delete this file.

C:\Program Files\Common Files\VCClient\VCClient.exe <-------- Delete this file.

C:\Program Files\Common Files\VCClient\VCMain.exe <-------- Delete this file.

C:\Program Files\Common Files\fmoq\fmoqm.exe <-------- Delete this file.

C:\WINDOWS\system32\p2pnetworking.exe <-------- Delete this file.

C:\WINDOWS\system32\rciacp.exe <-------- Delete this file.

C:\WINDOWS\system32\loader.exe <-------- Delete this file.

C:\WINDOWS\system32\Setup.exe <-------- Delete this file.

 

Use Start | Search to find and delete winlog.exe

 

Boot back into normal mode. Please do an online scan with Kaspersky WebScanner

 

Click on Kaspersky Online Scanner

 

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available, otherwise Standard)

    • Scan Options:
    Scan Archives

    Scan Mail Bases

  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a new HijackThis log.

Share this post


Link to post
Share on other sites

Alright, everything's done, but the following files could not be found in safe mode, even with hidden files being viewed:

 

C:\WINDOWS\wgtaojnA.exe

C:\Program Files\outlook\outlook.exe

C:\Program Files\Common Files\fmoq\fmoqm.exe

C:\WINDOWS\system32\rciacp.exe

C:\WINDOWS\system32\loader.exe

 

So I tried to post the Kaspersky log, and it's way too long for the post, I could email it to you or get it to you in another way, but it won't let me post it. It found a lot and there's this C:\Documents and Settings\Peter.PETERS-COMPUTER\Complete folder that has always been on my computer, I've noticed it before... It will contain anywhere from 200mb-20gb of totally random zip files. I'll delete it and it will just continue to come back. A lot of the things in the scan were in there, but I can't post the log; let me know what I should do, if you want me to get it to you another way.

 

And here's a new HJT log:

Logfile of HijackThis v1.99.1

Scan saved at 9:20:03 PM, on 2/20/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

Thanks,

Peter

Share this post


Link to post
Share on other sites

Fix this one again using HijackThis:

 

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run

 

Next, download, unzip and launch the KillBox:

 

http://www.downloads.subratam.org/KillBox.zip

 

Select "Delete on Reboot".

 

Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

 

 

C:\WINDOWS\wgtaojnA.exe

C:\Program Files\outlook\outlook.exe

C:\Program Files\Common Files\fmoq\fmoqm.exe

C:\WINDOWS\system32\rciacp.exe

C:\WINDOWS\system32\loader.exe

 

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

 

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

 

If your computer does not restart automatically, please restart it manually.

 

Download: CCleaner from here

 

Once installed, run CCleaner then tick the following:

Posted Image

 

Next: click Options click the Advanced tab.

 

Uncheck: "Only delete files older than 48 hrs", click Ok.

 

Then click Run Cleaner (bottom right) then, when it finishes scanning click Exit.

 

N.B. Run CCleaner on all user accounts on the p.c.

 

Then scan with Kaspersky again and see if you can paste the log, if not you can attach it to your post, look for the 'file attachments' box below your reply box.

Share this post


Link to post
Share on other sites

So I fixed it in HJT, I ran KillBox, but the CCleaner link didn't take me anywhere, probably a broken link...I didn't do the Kaspersky scan again because I figured I should run CCleaner before scanning again. Could I please have the link again?

 

Thanks,

Peter

Share this post


Link to post
Share on other sites

Couldn't post the Kaspersky log, still too big because of that "Complete" folder I spoke about earlier, tons of things found in every random file in it.. I don't know what you'll be able to do about it. So anyways, I don't exactly know how to attach a file, I mean I do, but where's the button for it? I see "Insert hyperlink" "Insert Email" and "Insert Image", but not a file.

 

I didn't know if you wanted a new HJT log so I didn't post one..

 

Peter

Share this post


Link to post
Share on other sites

Download and run Ad-Aware. For best results follow the tutorial. Reboot your machine afterwards.

 

See if that folder will stay deleted now and post another HijackThis log.

Edited by Nirvana

Share this post


Link to post
Share on other sites

All scanned and done. The folder hasn't returned yet, and the majority of the popups are gone. Here's a new HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 2:46:14 PM, on 2/22/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

C:\Program Files\AIM\aim.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

 

Thanks alot,

Peter

Share this post


Link to post
Share on other sites

Fix this line again:

 

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run

 

See if this file is still present: C:\WINDOWS\system32\rciacp.exe

 

If it is then delete it. Is that folder still gone? If so can you try to run Kaspersky again and see if you can post the log. If you still can't then e-mail it to me at kangaroopooATgmail.com (AT=@).

 

Post another logfile and let us know what problems remain, if you're still getting popups what is their nature?

Share this post


Link to post
Share on other sites

I fixed it in HJT, the file isn't present. But it seems to come back like it had in the last few HJT logs. I think it has something to do with KillBox because if you look at the first line of the log it shows it. Here's the new KasperSky log:

 

-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Wednesday, February 22, 2006 10:16:05 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version: 5.0.78.0

Kaspersky Anti-Virus database last update: 23/02/2006

Kaspersky Anti-Virus database records: 178192

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

E:\

 

Scan Statistics:

Total number of scanned objects: 69631

Number of viruses found: 68

Number of infected objects: 324

Number of suspicious objects: 0

Duration of the scan process: 01:06:07

 

Infected Object Name / Virus Name / Last Action

C:\!KillBox\rciacp.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\gjhz.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\a.zip.bac_a09012/Setup.exe Infected: Email-Worm.Win32.VB.an skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\a.zip.bac_a09012 ZIP: infected - 1 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\a.zip.bac_a09012 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061586.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.adx skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061625.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.adx skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061681.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061735.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061736.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061737.dll.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061738.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061746.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061747.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062780.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062782.dll.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062783.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062784.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062815.dll.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062823.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063021.exe.bac_a09012 Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063025.exe.bac_a09012 Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063028.exe.bac_a09012 Infected: Trojan-Downloader.Win32.VB.wg skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063030.exe.bac_a09012 Infected: Trojan-Downloader.Win32.Adload.l skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063031.exe.bac_a09012 Infected: Trojan-Downloader.Win32.VB.wd skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063034.exe.bac_a09012 Infected: Trojan-Downloader.Win32.Small.cam skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063061.exe.bac_a09012 Infected: Trojan-Dropper.Win32.Small.qn skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012/Counter.class Infected: Trojan.Java.ClassLoader.i skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012 ZIP: infected - 3 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012 CryptFF.b: infected - 3 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012/VB.class Infected: Trojan.Java.ClassLoader.ak skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012 ZIP: infected - 3 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012 CryptFF.b: infected - 3 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012/Mein.class Infected: Trojan.Java.ClassLoader.aj skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012/ProbeLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012/Beyond.class Infected: Trojan-Dropper.Java.Beyond.d skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012 ZIP: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012 CryptFF.b: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\awtss.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\backup-20050603-212304-190.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012 ZIP: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012 CryptFF.b: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012 ZIP: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012 CryptFF.b: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012 ZIP: infected - 3 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012 CryptFF.b: infected - 3 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\d3bn32.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ddayw.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ddcca.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ieod32.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012 ZIP: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012 CryptFF.b: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\mssf.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012/counter.class Infected: Trojan.Java.ClassLoader.b skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012 ZIP: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012 CryptFF.b: infected - 4 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_cxunsh.log.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_hwlzey.txt.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_khrgup.txt.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_ubgxlg.dat.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_wdmgtl.txt.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\p.zip.bac_a09012/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\p.zip.bac_a09012 ZIP: infected - 1 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\p.zip.bac_a09012 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\vtsqo.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winlog.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winpj.exe.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winrs32.exe.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winsysban8.exe.bac_a09012 Infected: Trojan-Clicker.Win32.VB.lg skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winsysupd8.exe.bac_a09012 Infected: Trojan.Win32.StartPage.ahg skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20051225-171741-886.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20060212-134544-968.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20060212-134545-576-KVG.exe Infected: Trojan-Downloader.Win32.Murlo.22Feb2006 skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20060212-172614-955.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20060215-220358-845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\Program Files\Jalmp\uninstall.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\Program Files\Network\network.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.y skipped

C:\Program Files\wmplayer\p.zip/music.exe Infected: Email-Worm.Win32.Wurmark.m skipped

C:\Program Files\wmplayer\p.zip ZIP: infected - 1 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP609\A0061154.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061634.exe Infected: Trojan-Downloader.Win32.Murlo.22Feb2006 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061663.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061664.exe Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP622\A0061756.exe Infected: Trojan-Downloader.Win32.Murlo.22Feb2006 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP622\A0061757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0062995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe RarSFX: infected - 6 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063027.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063033.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063161.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063162.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063163.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063164.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063165.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063166.exe Infected: Trojan.Win32.StartPage.ahg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063167.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063168.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063169.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063170.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063171.exe Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063172.exe Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063178.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063214.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063215.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063216.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063217.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063218.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063219.exe Infected: Trojan.Win32.Runner.h skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063261.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063262.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063278.exe Infected: Trojan-Downloader.Win32.Small.abd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063280.exe Infected: Trojan-Downloader.Win32.VB.ww skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063281.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063284.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063285.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063286.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063290.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063293.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063297.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063299.exe Infected: Trojan.Win32.Runner.h skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063300.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063310.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063311.exe Infected: Trojan-Downloader.Win32.VB.ww skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063312.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063313.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063315.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063316.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063317.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063318.exe Infected: Trojan-Clicker.Win32.VB.ld skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063323.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063325.cpl Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063327.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063330.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063331.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063332.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063334.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063337.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063338.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063340.exe Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063341.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063342.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063346.exe Infected: Trojan-Downloader.Win32.Small.cam skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063347.exe Infected: Trojan-Downloader.Win32.VB.wy skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063363.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063371.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063372.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063373.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe CAB: infected - 5 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063378.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063416.exe Infected: Trojan-Downloader.Win32.VB.wd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064464.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064465.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064466.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064467.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064475.EXE:xtpzw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064478.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064479.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064480.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065483.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065484.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065485.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe CAB: infected - 5 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065498.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065506.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065507.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065508.exe Infected: Trojan-Downloader.Win32.VB.ww skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065509.exe Infected: Trojan-Downloader.Win32.Small.cam skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065511.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065513.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065514.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065527.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065528.exe Infected: Trojan-Downloader.Win32.Small.abd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065529.exe Infected: Trojan.Win32.Runner.h skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065531.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065532.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065533.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065534.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065535.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065537.exe Infected: Trojan-Downloader.Win32.VB.wy skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065538.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065539.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065630.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065635.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065636.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065637.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065638.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065644.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065645.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065646.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065647.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065648.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065649.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065650.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065651.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065652.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065653.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065654.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065693.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065694.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065695.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065696.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065790.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065791.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065792.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065793.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065800.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065804.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065805.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065806.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065808.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065826.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065827.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065828.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065830.exe Infected: Trojan-Clicker.Win32.VB.ld skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065831.exe Infected: Email-Worm.Win32.Wurmark.m skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065834.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065840.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065841.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065842.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065848.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065852.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065853.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065854.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP634\A0066037.cpl Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066058.exe Infected: Trojan-Downloader.Win32.VB.wd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066059.exe Infected: Trojan-Downloader.Win32.VB.ww skipped

C:\WINDOWS\$NtServicePackUninstall$\telnet.exe Infected: Trojan-Dropper.Win32.Agent.k skipped

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped

C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56T0311NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.c skipped

C:\WINDOWS\Downloaded Program Files\UWFX5_0001_NI530211NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.f skipped

C:\WINDOWS\emruqfbA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\WINDOWS\hh32SPorms.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\WINDOWS\inst_adperform.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped

C:\WINDOWS\ms030734576.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\WINDOWS\ms646464.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\WINDOWS\NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\WINDOWS\NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\WINDOWS\nsw.log:xgcnko:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\WINDOWS\nts-32orhh.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped

C:\WINDOWS\pms111x.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\WINDOWS\River Sumida.bmp:brcry:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\WINDOWS\setuperr.log:ddxewo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\WINDOWS\SPhhhh.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\WINDOWS\SPPE6464hh.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\WINDOWS\SYSTEM32\awtsp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\WINDOWS\SYSTEM32\bkauk.dat Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\WINDOWS\SYSTEM32\btxmvmrq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\ddsvdjc.exe Infected: Trojan.Win32.Pakes skipped

C:\WINDOWS\SYSTEM32\episgovq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\isjqmhvu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\jgddolvi.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\lacginib.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\msSP.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\WINDOWS\SYSTEM32\pnopnia.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\WINDOWS\SYSTEM32\pre2.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\WINDOWS\SYSTEM32\rciacp.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\WINDOWS\SYSTEM32\rjpabanu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\rwemw.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\WINDOWS\SYSTEM32\ssjfmjhn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\synt.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\WINDOWS\SYSTEM32\titno.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped

C:\WINDOWS\SYSTEM32\vhdytrxj.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\wtqyqeud.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\SYSTEM32\xytrubee.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\WINDOWS\telnet.exe Infected: Trojan-Dropper.Win32.Agent.k skipped

C:\WINDOWS\unin101.exe Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\uni_eh.exe Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\winsysban8.exe Infected: Trojan-Clicker.Win32.VB.lg skipped

 

Scan process completed.

 

And here's a new HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:24:48 PM, on 2/22/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

C:\Program Files\AIM\aim.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

I do continue to get some random popups once in a while, however their number has been greatly reduced. Also, the popups are pretty much random and there is no lasting trend throughout them, no particular brand or anything.

 

Peter

Share this post


Link to post
Share on other sites

Ok, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

 

http://www.pchell.com/support/safemode.shtml

 

Next, navigate to and delete the following:

 

C:\!KillBox\ <-------- Delete the contents of this folder.

C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ <-------- Delete the contents of this folder.

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\ <-------- Delete the contents of this folder.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\gjhz.exe <-------- Delete this file.

C:\Program Files\wmplayer\p.zip <-------- Delete this file.

C:\Program Files\Jalmp\uninstall.exe <-------- Delete this file.

C:\Program Files\Network\network.exe <-------- Delete this file.

C:\WINDOWS\$NtServicePackUninstall$\telnet.exe <-------- Delete this file.

C:\WINDOWS\Downloaded Program Files\popcaploader.dll <-------- Delete this file.

C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56T0311NetInstaller.exe <-------- Delete this file.

C:\WINDOWS\Downloaded Program Files\UWFX5_0001_NI530211NetInstaller.exe <-------- Delete this file.

 

Same again for all of the following:

C:\WINDOWS\emruqfbA.exe

C:\WINDOWS\hh32SPorms.exe

C:\WINDOWS\inst_adperform.exe

C:\WINDOWS\ms030734576.exe

C:\WINDOWS\ms646464.exe

C:\WINDOWS\NDNuninstall6_38.exe

C:\WINDOWS\NDNuninstall7_22.exe

C:\WINDOWS\nsw.log:xgcnko:$DATA

C:\WINDOWS\nts-32orhh.exe

C:\WINDOWS\offun.exe

C:\WINDOWS\pf78.exe/data0002

C:\WINDOWS\pf78.exe/data0003

C:\WINDOWS\pf78.exe/data0006

C:\WINDOWS\pf78.exe/data0007

C:\WINDOWS\pf78.exe

C:\WINDOWS\pms111x.exe

C:\WINDOWS\River Sumida.bmp:brcry:

C:\WINDOWS\setuperr.log:ddxewo:

C:\WINDOWS\SPhhhh.exe

C:\WINDOWS\SPPE6464hh.exe

C:\WINDOWS\SYSTEM32\awtsp.dll.

C:\WINDOWS\SYSTEM32\bkauk.dat

C:\WINDOWS\SYSTEM32\btxmvmrq.dll

C:\WINDOWS\SYSTEM32\ddsvdjc.exe

C:\WINDOWS\SYSTEM32\episgovq.dll

C:\WINDOWS\SYSTEM32\isjqmhvu.dll

C:\WINDOWS\SYSTEM32\jgddolvi.dll

C:\WINDOWS\SYSTEM32\lacginib.dll

C:\WINDOWS\SYSTEM32\msSP.exe

C:\WINDOWS\SYSTEM32\pnopnia.dll

C:\WINDOWS\SYSTEM32\pre2.exe

C:\WINDOWS\SYSTEM32\rciacp.exe

C:\WINDOWS\SYSTEM32\rjpabanu.dll

C:\WINDOWS\SYSTEM32\rwemw.dll

C:\WINDOWS\SYSTEM32\ssjfmjhn.dll

C:\WINDOWS\SYSTEM32\synt.exe

C:\WINDOWS\SYSTEM32\titno.exe

C:\WINDOWS\SYSTEM32\vhdytrxj.dll

C:\WINDOWS\SYSTEM32\wtqyqeud.dll

C:\WINDOWS\SYSTEM32\xytrubee.dll

C:\WINDOWS\telnet.exe

C:\WINDOWS\unin101.exe

C:\WINDOWS\uni_eh.exe

C:\WINDOWS\winsysban8.exe

 

If you have problems deleting any of the files listed, use Killbox as before.

 

When you're done, reboot into normal mode and scan again with Kaspersky and HijackThis and give us two new logs and an update on the machine's behaviour.

Share this post


Link to post
Share on other sites

Cleaned all the files and scanned. I couldn't find some of them but KillBox took care of those;

here's the Kaspersky log:

 

-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Thursday, February 23, 2006 10:23:12 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version: 5.0.78.0

Kaspersky Anti-Virus database last update: 23/02/2006

Kaspersky Anti-Virus database records: 178230

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

E:\

 

Scan Statistics:

Total number of scanned objects: 69900

Number of viruses found: 46

Number of infected objects: 223

Number of suspicious objects: 0

Duration of the scan process: 00:56:37

 

Infected Object Name / Virus Name / Last Action

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP609\A0061154.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061634.exe Infected: Trojan-Downloader.Win32.Murlo.dd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061663.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061664.exe Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP622\A0061756.exe Infected: Trojan-Downloader.Win32.Murlo.dd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP622\A0061757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0062995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe RarSFX: infected - 6 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063027.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063033.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063161.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063162.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063163.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063164.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063165.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063166.exe Infected: Trojan.Win32.StartPage.ahg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063167.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063168.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063169.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063170.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063171.exe Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063172.exe Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063178.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063214.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063215.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063216.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063217.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063218.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063219.exe Infected: Trojan.Win32.Runner.h skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063261.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063262.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063278.exe Infected: Trojan-Downloader.Win32.Small.abd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063280.exe Infected: Trojan-Downloader.Win32.VB.ww skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063281.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063284.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063285.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063286.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063290.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063293.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063297.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063299.exe Infected: Trojan.Win32.Runner.h skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063300.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063310.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063311.exe Infected: Trojan-Downloader.Win32.VB.ww skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063312.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063313.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063315.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063316.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063317.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063318.exe Infected: Trojan-Clicker.Win32.VB.ld skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063323.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063325.cpl Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063327.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063330.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063331.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063332.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063334.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063337.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063338.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063340.exe Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063341.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063342.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063346.exe Infected: Trojan-Downloader.Win32.Small.cam skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063347.exe Infected: Trojan-Downloader.Win32.VB.wy skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063363.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063371.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063372.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063373.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe CAB: infected - 5 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063378.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063416.exe Infected: Trojan-Downloader.Win32.VB.wd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064464.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064465.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064466.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064467.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064475.EXE:xtpzw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064478.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064479.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064480.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065483.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065484.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065485.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe CAB: infected - 5 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065498.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065506.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065507.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065508.exe Infected: Trojan-Downloader.Win32.VB.ww skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065509.exe Infected: Trojan-Downloader.Win32.Small.cam skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065511.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065513.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065514.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065527.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065528.exe Infected: Trojan-Downloader.Win32.Small.abd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065529.exe Infected: Trojan.Win32.Runner.h skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065531.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065532.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065533.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065534.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065535.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065537.exe Infected: Trojan-Downloader.Win32.VB.wy skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065538.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065539.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065630.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065635.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065636.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065637.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065638.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065644.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065645.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065646.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065647.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065648.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065649.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065650.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065651.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065652.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065653.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065654.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065693.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065694.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065695.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065696.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065790.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065791.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065792.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065793.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065800.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065804.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065805.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065806.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065808.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065826.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065827.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065828.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065830.exe Infected: Trojan-Clicker.Win32.VB.ld skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065831.exe Infected: Email-Worm.Win32.Wurmark.m skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065834.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065840.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065841.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065842.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065848.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065852.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065853.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065854.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP634\A0066037.cpl Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066058.exe Infected: Trojan-Downloader.Win32.VB.wd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066059.exe Infected: Trojan-Downloader.Win32.VB.ww skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066061.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066062.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066063.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066064.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066066.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066079.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066080.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066081.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.y skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066082.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066083.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066084.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066085.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066086.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066087.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066088.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066089.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066090.exe Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066092.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066093.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066094.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066095.exe Infected: Trojan-Dropper.Win32.Agent.k skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066096.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066097.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066098.exe Infected: Trojan-Clicker.Win32.VB.lg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066099.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066101.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066102.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066103.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066104.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066105.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066106.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066107.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066108.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066109.exe Infected: Trojan-Clicker.Win32.Small.ak skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066110.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066111.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066112.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066113.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066115.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066116.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066117.exe Infected: Trojan-Downloader.Win32.Murlo.dd skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066118.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066119.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped

C:\WINDOWS\nsw.log:xgcnko:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

 

Scan process completed.

 

And here's a new HJT scan:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:26:10 AM, on 2/23/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

C:\Program Files\AIM\aim.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

 

I can see that Kaspersky still identifies some System Volume Information things... I haven't had any popups yet, the PC is running pretty well.

 

Peter

Share this post


Link to post
Share on other sites

I can see that Kaspersky still identifies some System Volume Information things

You're all clean now :) we're gonna purge System restore now to get rid of those remaining in System Volume Information.

 

1. On the Desktop, right-click My Computer.

2. Click Properties.

3. Click the System Restore tab.

4. Check Turn off System Restore.

5. Click Apply, and then click OK.

6. Restart the computer.

7. Follow steps 1 to 3 again, then uncheck Turn off System Restore tab.

 

When you are sure you are clean create a restore point.

 

To create a restore point:

 

Single-click Start and point to All Programs.

Mouse over Accessories, then System Tools, and select System Restore.

In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.

Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

 

You should also read Tony Klein's article on "How I got Infected in the First Place":

http://castlecops.com/postlite7736-.html

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×