Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Brought to you by TQ! virus

Started by chickmazta , Jan 23 2008 08:45 AM

  • Please log in to reply

#1
chickmazta
Posted 23 January 2008 - 08:45 AM

chickmazta

    Member

  • Member
  • PipPipPip
  • 142 posts
Hello guys! I need some help about this virus, I dont know its virus definition but in my IE it displays "Brought to you by TQ!" It has given me a lot of trouble, I have been searching the net for a cure but still no luck. I have entered numerous forums but no one knew how to fix it. Folder Options has been disabled as well as Regedit, I cannot change my homepage, its also disable. I cannot double-click my drives, I can only explore it. My computer name displays TQ and in Network Places I can also see TQ amongst the other computer and when I'm browsing I noticed slow uploads of text and pictures. Guys please help me! OHHHH PLEASE :) I know you pros can help me TNX in advance. :)
  • 0

Advertisements

#2
kahdah
Posted 23 January 2008 - 11:53 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello chickmazta

Welcome to G2Go. :)
===================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
chickmazta
Posted 24 January 2008 - 11:59 AM

chickmazta

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Im sorry for the delay Sir ^_^
Here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:35 AM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blogtq.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brought to you by TQ!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [winconfig] C:\WINDOWS\winconfig.dll.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4249 bytes

hope there's something in here tnx!
  • 0

#4
kahdah
Posted 24 January 2008 - 12:03 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No problem. :)

There is indeed something so let's get started.
=================================
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
chickmazta
Posted 27 January 2008 - 11:53 PM

chickmazta

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Sorry again for the delay sir^_^ The computer I was using needed a new PSU so i purchased a new one. I have already downloaded the combo fix and here is the log report.

Combofix log report:

ComboFix 08-01-23.1D - Nett'sCafe 2008-01-28 13:43:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.294 [GMT 8:00]
Running from: C:\Documents and Settings\Nett'sCafe\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\winconfig.dll.vbs
C:\WINDOWS\winconfig.dll.vbs
D:\Autorun.inf
D:\winconfig.dll.vbs

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-28 13:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 20:32 . 2008-01-26 20:32 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-26 16:15 . 2008-01-26 16:15 <DIR> d-------- C:\Program Files\Chikka Messenger
2008-01-26 16:15 . 2008-01-26 16:15 <DIR> d-------- C:\logs
2008-01-25 01:53 . 2008-01-25 01:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-18 21:06 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-18 21:06 . 2008-01-28 13:36 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-18 21:06 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-18 21:04 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-18 21:03 . 2008-01-18 21:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 14:58 --------- d-----w C:\Program Files\Google
2007-12-12 12:22 --------- d-----w C:\Program Files\e-Games
2007-12-06 02:08 --------- d-----w C:\Program Files\Yahoo!
2007-12-05 15:36 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-05 15:36 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-12-05 15:21 --------- d-----w C:\Program Files\DAP
2007-12-05 15:18 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-12-05 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 15:00 --------- d-----w C:\Program Files\AMD
2007-12-05 14:58 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-12-05 14:58 --------- d-----w C:\Program Files\Realtek AC97
2007-12-05 14:58 --------- d-----w C:\Program Files\AvRack
2007-12-05 14:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-05 14:56 --------- d-----w C:\Program Files\VIA
2007-12-05 14:38 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-05 14:33 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 18:53 1056768]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-12-05 23:18 4376328]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 23:31 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-05 23:41 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ERSvc"=2 (0x2)

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-06-20 18:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{389989c2-a380-11dc-a2d7-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 13:44:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-28 13:44:50
ComboFix-quarantined-files.txt 2008-01-28 05:44:42


*before doing this i receive a message saying: "Roughly 1/100 machines failed to make ti through the disinfection process !! are you sure want to do this? yes/no

Here's the new logfile for HiJack, Hope's everything is in right order

Hijack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:15 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blogtq.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3820 bytes

I followed everything in the right order. I also quit any anti virus and malware programs during the process I hope this helps tnx sir!
  • 0

#6
kahdah
Posted 28 January 2008 - 03:09 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.
(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)
  • 0

#7
chickmazta
Posted 31 January 2008 - 04:13 AM

chickmazta

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Sir I have done what you instructed me to do here are the log file including Hijack logfile

Dr.Web cureit logfile:

winconfig.dll.vbs.vir;C:\QooBox\Quarantine\C;Modification of VBS.Generic.544;Moved.;
winconfig.dll.vbs.vir;C:\QooBox\Quarantine\C\WINDOWS;Modification of VBS.Generic.544;Moved.;
winconfig.dll.vbs.vir;C:\QooBox\Quarantine\D;Modification of VBS.Generic.544;Moved.;
A0062988.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0062989.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0062998.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0062999.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0063019.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0063020.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0063035.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0063036.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0064035.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0064036.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065035.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065036.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065050.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065051.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065068.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065069.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065091.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065092.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066091.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066092.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066101.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066102.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066110.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066111.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066122.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066123.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0067122.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0067123.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0068122.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0068123.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0068135.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0068136.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0069122.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0069123.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0069133.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0069134.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0070133.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0070134.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0071133.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0071134.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0072133.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0072134.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0073138.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0073147.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0073148.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0074147.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0074148.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0074160.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0074161.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075160.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075161.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075182.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075183.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075193.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075194.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075205.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075206.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075218.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075219.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075225.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075226.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075236.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075237.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075251.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075252.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075274.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075275.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075287.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075288.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075297.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075298.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075306.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075307.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075316.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075317.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0076316.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0076317.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0076333.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0076334.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0077333.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0077334.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0078333.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0078334.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0078350.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0078351.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079350.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079351.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079366.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079367.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079380.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079381.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079394.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079395.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079409.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079410.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079460.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079461.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079469.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079470.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079506.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079507.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080506.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080507.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080517.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080518.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080527.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080528.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080540.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080541.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080556.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080557.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0081575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0081576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0082575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0082576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0083575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0083576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0084575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0084576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0085575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0085576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0086575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0086576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0087575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0087576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0088575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0088576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0090575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0090576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0091575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0091576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0092575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0092576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0093575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0093576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0095575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0095576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0097575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0097576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0098575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0098576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0099575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0099576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0100575.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0100576.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0100584.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0100585.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101584.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101585.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101647.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101648.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101661.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101662.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101689.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101690.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101702.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101703.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102702.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102703.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102714.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102715.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102724.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102725.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103724.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103725.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103737.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103738.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103750.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103751.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103770.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103771.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103779.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103780.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103790.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103791.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103802.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103803.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104802.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104803.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104811.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104812.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104822.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104823.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104839.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104840.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104849.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104850.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0105849.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0105850.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0106849.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0106850.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107849.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107850.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107858.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107859.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107872.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107873.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107885.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107886.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107898.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107899.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0108898.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0108899.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0108915.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0108916.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0108923.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108924.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108935.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108936.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108950.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108951.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108962.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108963.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108972.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108973.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109074.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109075.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109094.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109095.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109110.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109111.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109121.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109122.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109144.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109145.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109153.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109154.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0110153.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0110154.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0110166.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0110167.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0111166.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0111167.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0111176.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111177.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111194.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111195.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111203.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111204.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111235.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111236.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111256.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111257.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0112256.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0112257.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0113256.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0113257.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0113266.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0113267.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114266.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114267.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114290.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114291.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114302.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114303.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114311.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114312.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114320.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP16;Modification of VBS.Generic.544;Moved.;
A0114321.vbs;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP16;Modification of VBS.Generic.544;Moved.;
A0114330.bat;C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP16;Probably BATCH.Virus;;
nmcogame.dll;D:\Nexon\KartRider;Probably DLOADER.Trojan;;
A0040398.dll;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP10;Probably DLOADER.Trojan;;
A0062991.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0063001.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0063022.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0063038.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0064038.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065038.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065053.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065071.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0065094.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066094.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066104.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066113.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0066125.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0067125.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0068125.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP11;Modification of VBS.Generic.544;Moved.;
A0068138.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0069125.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0069136.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0070136.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0071136.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0072136.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0073140.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0073150.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0074150.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0074163.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075163.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075185.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075196.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075208.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075221.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP12;Modification of VBS.Generic.544;Moved.;
A0075228.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075239.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075254.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075277.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075290.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075300.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075309.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0075319.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0076319.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0076336.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0077336.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0078336.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0078353.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079353.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079369.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079383.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079397.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079412.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079463.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079472.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0079509.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080509.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080520.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080530.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080543.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080559.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0080578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0081578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0082578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0083578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0085578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0086578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0087578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0090578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0091578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0092578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0093578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0095578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0097578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0098578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0099578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0100578.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0100587.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101587.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101650.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101664.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101692.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0101705.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102705.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102717.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0102727.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103727.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103740.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103753.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103773.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103782.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103793.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0103805.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104805.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104814.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104825.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104842.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0104852.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0105852.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0106852.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107852.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107861.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107875.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107888.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0107901.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0108901.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0108918.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP13;Modification of VBS.Generic.544;Moved.;
A0108926.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108938.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108953.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108965.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0108975.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109077.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109097.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109113.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109124.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109147.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0109156.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0110156.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0110169.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0111169.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP14;Modification of VBS.Generic.544;Moved.;
A0111179.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111197.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111206.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111238.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0111259.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0112259.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0113269.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114269.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114293.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114305.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114314.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP15;Modification of VBS.Generic.544;Moved.;
A0114323.vbs;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP16;Modification of VBS.Generic.544;Moved.;
A0008726.dll;D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP5;Probably DLOADER.Trojan;;


Hijack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:34 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958
  • 0

#8
kahdah
Posted 31 January 2008 - 06:27 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
chickmazta
Posted 04 February 2008 - 01:36 AM

chickmazta

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Here is the log file for Kaspersky scan

Kaspersky logfile:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 04, 2008 3:31:07 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/02/2008
Kaspersky Anti-Virus database records: 546598
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 57480
Number of viruses found: 2
Number of infected objects: 394
Number of suspicious objects: 0
Duration of the scan process: 00:22:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nett'sCafe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0062988.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0062989.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0062991.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0062998.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0062999.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0063001.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0063019.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0063020.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0063022.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0063035.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0063036.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0063038.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0064035.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0064036.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0064038.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065035.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065036.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065038.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065050.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065051.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065053.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065068.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065069.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065071.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065091.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065092.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0065094.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066091.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066092.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066094.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066101.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066102.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066104.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066110.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066111.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066113.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066122.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066123.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0066125.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0067122.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0067123.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0067125.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0068122.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0068123.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0068125.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0068135.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0068136.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0068138.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0069122.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0069123.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0069125.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0069133.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0069134.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0069136.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0070133.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0070134.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0070136.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0071133.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0071134.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0071136.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0072133.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0072134.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0072136.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0073138.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0073140.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0073147.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0073148.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0073150.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0074147.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0074148.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0074150.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0074160.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0074161.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0074163.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075160.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075161.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075163.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075182.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075183.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075185.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075193.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075194.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075196.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075205.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075206.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075208.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075218.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075219.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075221.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075225.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075226.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075228.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075236.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075237.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075239.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075251.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075252.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075254.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075274.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075275.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075277.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075287.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075288.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075290.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075297.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075298.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075300.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075306.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075307.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075309.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075316.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075317.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0075319.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0076316.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0076317.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0076319.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0076333.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0076334.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0076336.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0077333.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0077334.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0077336.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0078333.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0078334.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0078336.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0078350.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0078351.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0078353.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079350.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079351.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079353.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079366.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079367.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079369.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079380.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079381.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079383.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079394.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079395.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079397.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079409.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079410.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079412.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079460.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079461.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079463.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079469.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079470.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079472.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079506.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079507.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0079509.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080506.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080507.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080509.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080517.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080518.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080520.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080527.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080528.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080530.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080540.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080541.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080543.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080556.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080557.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080559.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0080578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0081575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0081576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0081578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0082575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0082576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0082578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0083575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0083576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0083578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0084575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0084576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0085575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0085576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0085578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0086575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0086576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0086578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0087575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0087576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0087578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0088575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0088576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0090575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0090576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0090578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0091575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0091576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0091578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0092575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0092576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0092578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0093575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0093576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0093578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0095575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0095576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0095578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0097575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0097576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0097578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0098575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0098576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0098578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0099575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0099576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0099578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0100575.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0100576.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0100578.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0100584.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0100585.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0100587.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101584.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101585.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101587.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101647.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101648.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101650.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101661.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101662.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101664.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101689.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101690.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101692.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101702.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101703.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0101705.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102702.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102703.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102705.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102714.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102715.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102717.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102724.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102725.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0102727.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103724.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103725.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103727.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103737.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103738.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103740.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103750.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103751.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103753.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103770.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103771.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103773.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103779.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103780.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103782.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103790.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103791.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103793.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103802.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103803.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0103805.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104802.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104803.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104805.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104811.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104812.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104814.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104822.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104823.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104825.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104839.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104840.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104842.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104849.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104850.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0104852.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0105849.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0105850.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0105852.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0106849.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0106850.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0106852.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107849.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107850.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107852.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107858.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107859.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107861.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107872.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107873.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107875.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107885.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107886.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107888.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107898.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107899.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0107901.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108898.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108899.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108901.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108915.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108916.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108918.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108923.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108924.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108926.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108935.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108936.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108938.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108950.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108951.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108953.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108962.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108963.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108965.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108972.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108973.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0108975.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109074.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109075.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109077.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109094.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109095.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109097.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109110.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109111.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109113.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109121.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109122.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109124.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109144.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109145.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109147.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109153.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109154.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0109156.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0110153.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0110154.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0110156.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0110166.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0110167.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0110169.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111166.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111167.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111169.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111176.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111177.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111179.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111194.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111195.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111197.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111203.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111204.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111206.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111235.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111236.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111238.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111256.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111257.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0111259.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0112256.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0112257.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0112259.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0113256.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0113257.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0113266.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0113267.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0113269.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114266.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114267.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114269.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114290.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114291.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114293.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114302.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114303.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114305.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114311.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114312.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114314.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114320.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114321.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\A0114323.vbs Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\winconfig.dll.vb0.vir Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\winconfig.dll.vb1.vir Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\DoctorWeb\Quarantine\winconfig.dll.vbs.vir Infected: Worm.VBS.Solow.b skipped
C:\Documents and Settings\Nett'sCafe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nett'sCafe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nett'sCafe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nett'sCafe\Local Settings\Temp\~DF3E66.tmp Object is locked skipped
C:\Documents and Settings\Nett'sCafe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nett'sCafe\Local Settings\Temporary Internet Files\Content.IE5\Z0JT3456\install459[1].cab/setup.exe Infected: Trojan-Downloader.Win32.Agent.hst skipped
C:\Documents and Settings\Nett'sCafe\Local Settings\Temporary Internet Files\Content.IE5\Z0JT3456\install459[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Nett'sCafe\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nett'sCafe\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP17\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{25890BEC-CA86-454A-A4B2-5FFAFEE4C82B}\RP17\change.log Object is locked skipped

Scan process completed.


Here is the Hijack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:10 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.
  • 0

#10
kahdah
Posted 04 February 2008 - 01:47 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease delete C:\Documents and Settings\Nett'sCafe\DoctorWeb < that folder.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

You may delete that after yo use it.
=========================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
===================================
After that the last Hijackthis log was cut off can you please post a final Hijackthis log.
  • 0

#11
chickmazta
Posted 12 February 2008 - 05:03 AM

chickmazta

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
This is the logfile you have been rquesting sir, by the way it seems that there's a lot of improvements in the performance of my PC but in the network the name of my PC still displays TQ on it. But everything is like normal.

Hikack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:04 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4279 bytes

Hope everythings coming to and end here TNX in advance...
  • 0

#12
kahdah
Posted 12 February 2008 - 07:26 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

but in the network the name of my PC still displays TQ on it

Okay go to Start and then right click on the My Computer icon and choose properties.
Then on the tab that says Computer name then change it to the name you want it to be then click on ok and reboot if asked.
Let me know if that fixes the issue.

Other than that we are done.
  • 0

#13
chickmazta
Posted 13 February 2008 - 09:43 PM

chickmazta

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Hello Sir, I did what you suggested me do, but it still displays TQ on it, Whenever I restart my computer a windows system error popsup on the system tray icon saying "Windows System Error! a duplicate name exist on the network" I know my other PC is also infected with this virus so I put a stop on its sharing and accessibility so that I may no longer obtain virus through the network. But is seems odd that the PC1 and this PC is named TQ. I went to the My computer properties>Computer Name Tab>Computer Description is ok, computer name is ok, and even the workgroup name is fine when I click the button Change... that displays the "Computer Name Changes" and click the button More... I see the word TQ below the "NetBIOS computer name:" and it is unchangeable. Is it bad? or Its just a little issue. Tnx in advance!!!

One more thing Sir, Is there any other way I can send my donation, without going through the bank accounts etc. I dont have any accounts yet till I'm 18 ^_^ But I'll let my brother do the FedEx he's a web developer in Vegas ^_^ Tnx again and more power to you guys!

for the record my donation is voluntary!!! ^_-
  • 0

#14
kahdah
Posted 13 February 2008 - 09:57 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Thanks for the donation but paypal is how I do it.
I don't like to give out personal info (No offense :) )
But it is not necessary to donate. :)
Thanks though.
======================================
Is your workgroup name the same as your computer name?
If so change it.

If you would like me to clean up the other computer because it might be preventing you changing anything until both are cleaned up.

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop on the infected computer.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP