Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32.trojan.downloader [RESOLVED]

Started by Tara_1012 , Mar 27 2006 08:50 PM

  • This topic is locked This topic is locked

#1
Tara_1012
Posted 27 March 2006 - 08:50 PM

Tara_1012

    New Member

  • Member
  • Pip
  • 8 posts
I've already run several virus removers and scans and nothing seems to permanently get rid of this. Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:39:50 PM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\rfaauwg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\rfaauwgA.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\bearshare\bearshare.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [rfaauwgA] C:\WINDOWS\rfaauwgA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: Z_Start.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: wmplayer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rfaauwg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements

#2
Armodeluxe
Posted 28 March 2006 - 08:59 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Tara,

You have several infections there and this will be a multi step process to remove them all. First we have to remove NewDotNet as it is hijacking your internet access.

First, Download LSPFix.exe to a convenient location such as your desktop. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it doesn't have an entry there, please look for an uninstaller file in C:\Program Files\NewDotNet folder. The file will have uninstall embedded in the filename.

If it is not there, go here and follow Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet.. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.
If the uninstall was successful,reboot, come back to this thread and post a new log by using the Add Reply button at the top.
  • 0

#3
Tara_1012
Posted 28 March 2006 - 12:06 PM

Tara_1012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I successfully deleted NewDotNet. Here is my new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:04:24 PM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\bearshare\bearshare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Games\Plus! Game Pack\Puzzle Collection\Fringer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: wmplayer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#4
Armodeluxe
Posted 28 March 2006 - 03:34 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
:whistling:

What happened to all those startup entries that were present in your previous log? If you disabled anything from startup via msconfig or another application, please reenable everything and post a new log. Don't reboot yet even if you get prompted to, until you hear from me.
  • 0

#5
Tara_1012
Posted 28 March 2006 - 03:50 PM

Tara_1012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I don't know. I uninstalled NewDotNet and deleted everything that showed up on Ad-Aware again. I didn't disable anything to my knowledge. Here is my new log:

Logfile of HijackThis v1.99.1
Scan saved at 4:50:01 PM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\bearshare\bearshare.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: wmplayer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#6
Armodeluxe
Posted 28 March 2006 - 03:52 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, I have to run to work now. I'll be back tomorrow morning with a fix.
  • 0

#7
Tara_1012
Posted 28 March 2006 - 05:01 PM

Tara_1012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay, thank you!
  • 0

#8
Armodeluxe
Posted 29 March 2006 - 06:46 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Are you using plain Adaware, or with the vx2 plugin? I wonder when Adaware started to clean those, it used to just detect some of those infections but was unable to remove.

1. Please download Ewido Anti-Malware
  • Install ewido anti-malware
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.
  • 0

#9
Tara_1012
Posted 29 March 2006 - 11:42 AM

Tara_1012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the ewido report
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:34:30 PM, 3/29/2006
+ Report-Checksum: 2D35EBCC

+ Scan result:

HKU\S-1-5-21-4014727408-4261408380-3248515031-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F07DD3-924D-4141-BC74-299F523A95F1} -> Adware.WebDir : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe -> Dropper.VB.me : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\tara@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\tara@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\tara@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\tara@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\tara@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\tara@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\tara@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\tara@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Tara\Cookies\[email protected][1].txt -> TrackingCookie.Res99 : Cleaned with backup
C:\My Downloads\_\16 Blocks (2006) xVID .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\2001 Maniacs (2005) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\3PW Recipe For Disaster (2003) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\A History Of Violence (2005) PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\A Sound of Thunder NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Angel Of Death (2002) FS COMPLETE NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Artemisia (1997) NTSC COMPLETE .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Axe (2006) COMPLETE NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Bachelor Party Vegas (2006) STV XVID .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Bachelor Party Vegas (2006) STV .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Ball And Chain (2004) NTSC COMPLETE .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Bee Season (2005) Theatrical Release NTSC R1 WS.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Before It Had a Name Limited (2005) WS PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Black Beauty (1978) COMPLETE NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Bloodrayne PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Bloodrayne XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Blue Swallow (2005) XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Brice de Nice (2005) XviD b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Brokeback Mountain XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Brokeback Mountain.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\C S Lewis Beyond Narnia (2005) WS STV R1 NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Capote PROPER -MPTDVD FIX.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Capote PROPER .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Capote (2005) LIMITED PROPER XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Capote (2005) LIMITED SUBFIX XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Capote (2005) LIMITED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Capote MULTi.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Chasing Ghosts (2005) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Cocktail (2005) LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Colorz Of Rage (1999) LIMITED NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Cosi (1996) NTSC COMPLETE .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Crimes Of Passion (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Deadly Daphnes Revenge (1987) COMPLETE NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Devil Touch (2005) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Dirty Limited NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Dirty Limited XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Dosti Friends Forever (2005) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Dune (1984) WS PAL 2Disk.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Echoes Of Innocence (2005) XviD b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\End Game COMPLETE FS NTSC b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\End Game COMPLETE FS NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\End Game (2006) STV .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Failure To Launch XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Fallen Angel (1945) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Final Destination 3 PROPER XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Final Destination 3 REAL PROPER XviD b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Final Destination 3 XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Flies on the Wall (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Get Rich Or Die Tryin NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Get Rich Or Die Trying XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Have No Fear The Life Of Pope John Paul II (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Hello Jojo (2006) COMPLETE PAL EXTREME.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Hostel PROPER DiRFiX XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Hostel PROPER PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Hostel PROPER DVSCR XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Hostel (2005) XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\House Of The Dead 2 NFO FIX .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Irish Jam (2006) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Jarhead (2005) BONUS DISC NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Just Like Heaven (2005) NTSC DTS .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Keane READ NFO Limited (2004) R1 WS NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Keane (2004) LIMITED PROPER NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Keane (2004) LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Keeping Mum (2005) COMPLETE PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Keeping Mum (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Keeping Mum (2005) RERIP XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\King Kong NTSC DVD9 .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\King Kong (2005) NTSC PROPER .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Kiss Kiss Bang Bang LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Last Holiday REPACK XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Lets Spend The Night Together (1983) PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Little Manhattan (2005) LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Loggerheads (2005) LIMITED NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Loggerheads (2005) LIMITED XViD REPACK .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Loggerheads (2005) LIMITED XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Lost In Love (2006) XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Love On Layaway (2005) STV NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Madeas Family Reunion XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Masters Of Horror John Carpenters Cigarette Burns And Stuart Gordons Dreams In The Witch-House NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\McDull The Alumni (2006) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Memoirs Of A Geisha PROPER .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Merlins Apprentice (2006) STV NTSC FS .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Mrs Henderson Presents PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Mrs Henderson Presents (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Paradise Now LiMiTED NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Paradise Now (2005) PROPER LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Parts of the Family (2003) STV NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Pitbull (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Poohs Heffalump Movie (2005) XviD SP.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Quest For The Mighty Sword (1990) STV LASERDISC XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Rang De Basanti (2006) Hindi NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Rang De Basanti (2006) Hindi XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Rang De Basanti (2006) SUBPACK REPACK .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Rumor Has It (2005) NTSC WS FCR PPF RegionFIX.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Rumor Has It (2005) NTSC WS.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Rumor Has It (2005) xVID b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Se Arrienda (2005) XviD b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Sesame Street Imagine That COMLETE NSTC.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Shopaholics (2006) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Shopgirl (2005) REAL XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Spring Break Shark Attack (2005) NTSC STV .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Stesti (2005) PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Stillwater (2005) XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Stoned (2005) LIMITED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Stoned (2005) PROPER LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Stranger In My Bed (2005) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Taga Tameni (2005) XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Tara Road LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Adventures Of Brer Rabbit (2006) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Ape (2005) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Art Of Fighting (2006) XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Big Spook War (2005) XviD SUBBED .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Choke (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Chronicles Of Narnia NTSC WS.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Chronicles Of Narnia XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Chronicles of Narnia The Lion the Witch and the Wardrobe (2005) NTSC FS .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Confessor (2004) R1 NTSC COMPLETE .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Crazysitter (1995) XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Day A Pig Fell Into The Well (1996) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Dying Gaul (2005) LiMiTeD XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Dying Gaul (2005) NTSC COMPLETE .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Family Stone NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Family Stone (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Greatest Game Ever Played xVID .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The House On Telegraph Hill (1951) NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Keeper (2004) R1 Retail NTSC COMPLETE .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The King (2005) LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Mechanik (2005) STV NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The New World PROPER XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The New World XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Pink Panther PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Pink Panther XviD b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Prisoner (1967) D03 COMPLETE NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Raven (1963) PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Shaggy Dog (2006) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The SpongeBob SquarePants The Movie (2004) MULTi PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Squid And The Whale LiMiTED (2005) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Three Burials of Melquiades Estrada (2005) LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Turning Point (1977) PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The Worlds Fastest Indian LiMiTED XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\The World`s Fastest Indian NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Tokyo Young Babes Vol 33 Uncensored.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Topbuzzer S1 Disc1 (2004) PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Topbuzzer S1 Disc2 (2004) PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Underworld Evolution iNTERNAL RERiP XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Underworld Evolution PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Underworld Evolution XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Underworld Evolution (2006) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Underworld Evolution.avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Undisputed 2 (2006) XviD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\V For Vendetta XViD b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Walt Disney Funny Factory With Donald (2006) XviD b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Walt Disney Funny Factory With Mickey DiR FiX (2006) XviD b NEW b .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Wolf Creek Unrated NTSC .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Wolf Creek Unrated XViD .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\yesyesyesyes.exe -> Dropper.VB.me : Cleaned with backup
C:\My Downloads\_\Yu Gi Oh The Movie (2004) PAL .avi.exe -> Dropper.VB.me : Cleaned with backup
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Error during cleaning
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\rfaauwg.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\rfaauwgA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\repairs303169545.dll -> Adware.SurfSide : Cleaned with backup
C:\WINDOWS\system32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\w9seq.dll -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\win32064518148089.exe -> Downloader.VB.tw : Cleaned with backup


::Report End

Here is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:42:03 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#10
Armodeluxe
Posted 30 March 2006 - 06:54 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Your log looks clean.

Let's run an online scan and see what more we catch..

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements

#11
Tara_1012
Posted 30 March 2006 - 11:44 AM

Tara_1012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 30, 2006 12:43:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 30/03/2006
Kaspersky Anti-Virus database records: 185108
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52228
Number of viruses found: 10
Number of infected objects: 571
Number of suspicious objects: 0
Duration of the scan process: 00:28:04

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0001023.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001056.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001060.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001061.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001062.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001063.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001064.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001065.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001066.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001067.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001068.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0001097.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001259.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001260.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001261.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001262.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001263.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001264.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001265.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001266.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001267.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001268.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001269.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001270.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001271.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001272.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001273.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001274.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001275.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001276.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001277.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001278.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001279.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001280.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001281.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001282.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001283.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001284.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001285.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001286.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001287.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001288.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001289.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001290.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001291.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001292.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001293.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001294.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001295.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001296.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001297.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001298.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001299.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001300.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001301.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001302.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001303.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001304.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001305.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001306.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001307.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001308.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001309.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001310.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001311.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001312.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001313.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001314.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001315.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001316.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001317.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001318.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001319.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001320.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001321.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001322.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001323.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001324.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001325.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001326.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001327.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001328.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001329.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001330.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001331.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001332.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001333.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001334.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001335.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001336.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001337.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001338.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001339.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001340.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001341.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001342.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001343.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001344.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001345.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001346.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001347.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001348.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001349.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001350.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001351.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001352.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001353.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001354.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001355.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001356.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001357.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001358.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001359.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001360.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001361.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001362.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001363.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001364.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001365.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001366.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001367.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001368.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001369.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001370.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001371.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001372.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001373.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001374.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001375.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001376.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001377.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001378.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001379.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001380.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001381.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001382.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001383.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001384.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001385.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001386.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001387.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001388.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001389.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001390.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001391.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001392.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001393.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001394.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001395.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001396.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001397.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001398.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001399.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001400.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001401.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001402.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001403.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001404.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001405.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001406.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001407.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001408.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001409.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001410.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001411.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001412.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001413.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001414.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001415.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001416.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001417.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001418.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001419.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001420.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001421.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001422.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001423.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001424.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001425.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001426.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001427.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001428.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001429.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001430.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001431.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001432.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001433.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001434.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001435.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001436.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001437.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001438.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001439.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001440.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001441.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001442.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001443.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001444.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001445.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001446.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001447.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001448.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001449.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001450.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001451.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001452.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001453.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001454.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001455.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001456.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001457.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001458.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001459.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001460.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001461.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001462.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001463.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001464.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001465.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001466.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001467.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001468.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001469.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001470.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001471.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001472.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001473.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001474.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001475.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001476.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001477.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001478.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001479.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001480.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001481.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001482.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001483.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001484.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001485.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001486.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001487.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001488.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001489.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001490.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001491.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001492.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001493.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001494.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001495.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001496.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001497.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001498.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001499.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001500.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001501.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001502.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001503.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001504.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001505.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001506.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001507.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001508.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001509.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001510.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001511.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001512.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001513.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001514.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001515.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001516.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001517.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001518.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001519.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001520.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001521.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001522.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001523.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001524.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001525.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001526.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001527.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001528.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001529.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001530.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001531.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001532.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001533.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001534.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001535.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001536.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001537.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001538.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001539.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001540.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001541.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001542.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001543.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001544.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001545.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001546.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001547.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001548.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001549.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001550.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001551.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001552.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001553.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001554.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001555.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001556.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001557.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001558.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001559.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001560.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001561.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001562.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001563.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001564.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001565.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001566.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001567.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001568.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001569.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001570.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001571.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001572.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001575.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001581.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001582.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001583.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001584.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001585.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001586.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001587.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001588.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001589.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001590.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001591.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001592.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001593.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001594.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001595.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001596.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001597.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001598.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001599.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001600.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001601.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001602.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001603.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001604.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001605.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001606.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001607.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001608.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001609.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001610.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001611.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001612.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001613.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001614.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001615.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001616.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001617.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001618.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001619.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001620.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001621.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001622.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001623.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001624.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001625.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001626.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001627.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001628.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001629.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001630.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001631.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001632.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001633.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001634.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001635.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001636.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001637.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001638.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001639.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001640.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001641.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001642.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001643.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001644.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001645.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001646.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0001647.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0002126.exe Infected: Trojan-Dropper.Win32.VB.me skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0002127.exe I
  • 0

#12
Armodeluxe
Posted 30 March 2006 - 03:35 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
The log got cut off due to length. Please edit out all entries starting with

C:\System Volume Information

and post the rest. Those are infected system restore points, we will rid of them by just purging them.
  • 0

#13
Tara_1012
Posted 30 March 2006 - 05:06 PM

Tara_1012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 30, 2006 12:43:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 30/03/2006
Kaspersky Anti-Virus database records: 185108
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52228
Number of viruses found: 10
Number of infected objects: 571
Number of suspicious objects: 0
Duration of the scan process: 00:28:04

C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped
C:\WINDOWS\system32\cv3wanv28.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

Scan process completed.
  • 0

#14
Armodeluxe
Posted 31 March 2006 - 06:15 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Delete these files:

C:\WINDOWS\pf78.exe
C:\WINDOWS\system32\cv3wanv28.exe

and you should be good to go if you don't have any problems left.

Now let's reset your restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please take the following into consideration to maintain a clean computer.

You don't have an antivirus program which in this time and date, is indispensable. Pick one of these, they are all free.
Antivir
AVG
Avast

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Outpost
Sygate

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.
Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe

Edited by Armodeluxe, 31 March 2006 - 06:16 AM.

  • 0

#15
Tara_1012
Posted 31 March 2006 - 11:02 AM

Tara_1012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you so much! I really appreciate all the help and I'll definitely be more careful from now on...thanks for the recommendations as well.

Tara
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP