Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinFixer 2005 - REMOVAL HELP! [CLOSED]

Started by fowzee , Oct 04 2005 11:39 PM

  • This topic is locked This topic is locked

#1
fowzee
Posted 04 October 2005 - 11:39 PM

fowzee

    New Member

  • Member
  • Pip
  • 6 posts
The other day my roommate accidentally installed the WinFixer 2005 program on my computer. Since then, my system seems to have noticeably slowed down and a random pop-up box asking me to run WinFixer appears every 30 minutes or so.

I would really like to get this application removed from my computer as soon as possible. Here is a copy of my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:35:00 PM, on 10/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*; 172.*; 127.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\sstqp.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Program Files\WinFixer 2005\WFX5.exe" /min
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: ppctlcab - http://69.44.122.156...er/ppctlcab.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEABBD5E-9F09-48F9-B560-3D88EBDE5384}: NameServer = 203.134.64.66,203.134.65.66
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\System32\sstqp.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thanks in advance for the help!
  • 0

Advertisements

#2
Trevuren
Posted 05 October 2005 - 12:14 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi fowzee and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

A. Go to Geeks to Go
. Click on My Controls at the top right hand corner of the window. (make sure you have signed in first)
. In the left hand column, click "View Topics"
. If you click on the title of your post, you will be taken there

B. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"


C. Please print these instructions out for use in Safe Mode.

Also note, one must be either logged in under the Administrator account or have administrator privileges to be able to successfully complete these procedures

1. Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please REBOOT your computer into Safe Mode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this

    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk
    Please seek assistance at one of the following forums:
    http://www.atribune.org/forums
    http://www.247fixes.com/forums
    http://www.geekstogo.com/forum
    http://forums.net-integration.net

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\System32\sstqp.dll


  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):

    C:\WINDOWS\System32\pqtss.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
2. The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    • O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\sstqp.dll
      O20 - Winlogon Notify: sstqp - C:\WINDOWS\System32\sstqp.dll

  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
3. Download and install CleanUp!
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
[*]Click OK
[*]Press the CleanUp! button to start the program.
[*]It may ask you to reboot at the end, click NO.
[/list]4. Please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
Regards,

Trevuren
  • 0

#3
fowzee
Posted 05 October 2005 - 04:15 AM

fowzee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay, I ran the programs listed and here are the logfiles/outputs.

ActiveScan:

Incident Status Location

Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/powerscan No disinfected C:\PROGRAM FILES\Power Scan
Spyware:spyware/dyfuca No disinfected Windows Registry
Dialer:dialer.ags No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
Adware:adware/mirar No disinfected Windows Registry
Dialer:dialer.adn No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{5F426A93-0821-47D2-A126-5A48A874B289}
Adware:adware/delta No disinfected Windows Registry
Dialer:dialer.yz No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{02C20140-76F8-4763-83D5-B660107B7A90}
Dialer:dialer.yy No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{23273a1c-c870-43c4-a3e3-67dc98630ac6}
Dialer:dialer.yx No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{6ed16eff-3b18-11d6-9139-00e02964e8e3}
Adware:adware/commandertoolbarNo disinfected Windows Registry
Dialer:dialer.yc No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{e8edb60c-951e-4130-93dc-faf1ad25f8e7}
Adware:adware/powerstrip No disinfected Windows Registry
Dialer:dialer.xs No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ceb29da4-7afa-4f24-b3cd-17351d590df0}
Adware:adware/hungryhands No disinfected Windows Registry
Dialer:dialer.py No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}
Adware:adware/ieplugin No disinfected Windows Registry
Dialer:dialer.b No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2c1651ef-8827-11d6-91a2-00e02964e8e3}
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-4fb6e362-61b129f6.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-4fb6e362-61b129f6.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-4fb6e362-61b129f6.zip[VerifierBug.class]
Adware:Adware/SearchAid No disinfected C:\Program Files\Internet Explorer\wojbllbv.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/StartPage.AIW No disinfected C:\WINDOWS\system32\mllmm.dll
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\wsem302.dll
Adware:Adware/BrilliantDigitalNo disinfected E:\Program Files\KaZaA\bdcore.dll
Spyware:Spyware/Cydoor No disinfected E:\WINDOWS\SYSTEM32\cd_clint.dll
Spyware:Spyware/Cydoor No disinfected E:\WINDOWS\SYSTEM32\cd_htm.dll


HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 8:10:02 PM, on 10/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*; 172.*; 127.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Program Files\WinFixer 2005\WFX5.exe" /min
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: ppctlcab - http://69.44.122.156...er/ppctlcab.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEABBD5E-9F09-48F9-B560-3D88EBDE5384}: NameServer = 203.134.64.66,203.134.65.66
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Vundofix.txt logfile:

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 120 'smss.exe'
Threads [124][128][132]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of explorer.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 192 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.


That's about it. Hope it helps.
  • 0

#4
Trevuren
Posted 05 October 2005 - 10:27 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Time to remove some hidden junk:

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
  • Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed do the following:
    • REBOOT into Safe Mode
    • Run EWIDO
    • Click on scanner
    • Click on Start Scan
    • Let the program scan the machine
    • While the scan is in progress you will be prompted to clean files, click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop
  • Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
Regards,

Trevuren
  • 0

#5
fowzee
Posted 05 October 2005 - 02:35 PM

fowzee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here are the logs you requested:

Ewido .txt log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:25:33 AM, 10/6/2005
+ Report-Checksum: 97E95F11

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1\CLSID\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4.1\CLSID\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\DBi -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-583907252-299502267-682003330-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-583907252-299502267-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-583907252-299502267-682003330-1004\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning
C:\Documents and Settings\Tony\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Tony\My Documents\Funny Stuff\beer pic.exe -> Not-A-Virus.Joke.JepRuss : Cleaned with backup
C:\Program Files\Internet Explorer\wojbllbv.exe -> TrojanDownloader.WinShow.z : Cleaned with backup
C:\Program Files\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5RS_0001_0808NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\system32\ddcyv.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\jkkjg.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\mllmm.dll -> TrojanDownloader.ConHook.l : Cleaned with backup
C:\WINDOWS\system32\pmnli.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\pmnlj.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\pmnnk.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\wsem302.dll -> TrojanDownloader.Dyfuca.dc : Cleaned with backup
E:\Documents and Settings\Anthony\My Documents\Funny Stuff\beer pic.exe -> Not-A-Virus.Joke.JepRuss : Cleaned with backup
E:\Program Files\KaZaA\TopSearch.dll -> Spyware.TopSearch : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035068.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035069.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035070.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035071.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035072.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035073.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035074.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035075.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035076.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035077.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035078.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035079.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035080.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035081.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035082.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035083.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035084.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035085.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035086.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035087.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035088.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035089.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035090.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035091.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035092.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035093.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035094.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035095.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035096.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035097.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035098.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035099.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035100.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035101.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035102.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035103.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035104.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035105.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035106.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035107.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035108.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035109.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035110.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035111.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035112.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035113.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035114.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035115.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035116.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035117.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035118.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035119.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035120.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035121.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035122.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035123.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035124.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035125.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035126.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035127.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035128.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035129.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035130.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035131.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035132.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035133.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035134.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035135.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035136.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035137.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035138.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035139.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035140.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035141.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035142.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035143.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035144.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035145.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035146.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035147.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035148.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035149.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035150.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035151.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035152.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035153.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035154.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035155.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035156.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035157.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035158.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035159.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035160.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035161.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035162.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035163.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035164.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035165.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035166.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035167.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035168.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035169.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035170.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035171.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035172.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035173.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035174.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035175.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035176.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035177.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035178.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035179.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035180.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035181.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035182.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035183.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035184.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035185.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035186.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035187.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035188.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035189.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035190.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035191.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035192.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035193.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035194.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035195.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035196.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035197.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035198.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035199.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035200.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035201.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035202.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035203.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035204.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035205.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035206.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035207.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035208.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035209.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035210.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035211.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035212.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035213.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035214.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035215.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035216.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035217.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035218.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035219.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035220.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035221.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035222.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035223.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035224.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035225.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035226.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035227.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035228.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035229.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035230.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035231.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035232.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035233.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035234.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035235.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035236.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035237.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035238.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035239.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035240.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035241.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035242.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035243.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035244.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035245.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035246.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035247.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035248.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035249.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035250.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035251.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035252.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035253.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035254.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035255.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035256.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035257.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035258.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035259.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035260.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035261.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035262.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035263.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035264.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035265.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035266.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035267.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035268.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035269.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035270.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035271.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035272.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035273.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035274.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035275.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035276.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035277.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035278.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035279.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035280.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035281.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035282.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035283.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035284.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035285.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035286.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035287.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035288.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035289.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035290.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035291.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035292.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035293.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035294.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035295.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035296.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035297.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035298.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035299.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035300.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035301.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035302.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035303.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035304.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035305.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035306.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035307.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035308.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035309.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035310.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035311.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035312.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035313.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035314.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035315.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035316.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035317.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035318.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035319.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035320.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035321.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035322.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035323.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035324.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035325.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035326.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035327.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035328.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035329.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035330.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035331.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035332.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035333.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035334.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035335.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035336.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035337.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035338.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035339.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035340.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035341.pif -> Worm.Klez.H : Cleaned with backup
E:\WINDOWS\SYSTEM32\cd_clint.dll -> Spyware.Cydoor : Cleaned with backup
E:\WINDOWS\SYSTEM32\cd_htm.dll -> Spyware.Cydoor : Cleaned with backup
E:\WINDOWS\Temp\Adware\cd_install_291.exe/cd_clint.dll -> Spyware.Cydoor : Cleaned with backup
E:\WINDOWS\Temp\Adware\cd_install_291.exe/cd_htm.dll -> Spyware.Cydoor : Cleaned with backup


::Report End

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 6:32:12 AM, on 10/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http

://www.bigpond.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond

Dial-Up Residential Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.

au;192.*; 172.*; 127.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:

\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C

:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:

\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C

:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.

dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /

background
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Program Files\WinFixer 2005\WFX5.exe"

/min
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program

Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:

\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:

\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: ppctlcab - http://69.44.122.156...er/ppctlcab.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http

://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30043.www3.h.../qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEABBD5E-9F09-48F9-B560-3D88EBDE

5384}: NameServer = 203.134.64.66,203.134.65.66
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C

:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1

\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program

Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec

Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe


I haven't used my E: in years - seems like alot of worms were in my "System Volume Information" over there. Anyways, what's next on the list?
  • 0

#6
Trevuren
Posted 05 October 2005 - 04:20 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Pleae repost your HJT log in single space format instead of the double space format that it is currently in. It will make its analysis much easier.

To remove the double spacing in your log, please do the following:
  • Please go to Start >> Run... and type notepad.exe
  • Hit OK.
  • Now go to Format and uncheck WordWrap.
  • Close Notepad.

Regards,

Trevuren
  • 0

#7
fowzee
Posted 05 October 2005 - 11:41 PM

fowzee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry about that - here you go (minus the wrapping):

Ewido.txt log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:25:33 AM, 10/6/2005
+ Report-Checksum: 97E95F11

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1\CLSID\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4.1\CLSID\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\DBi -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-583907252-299502267-682003330-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-583907252-299502267-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-583907252-299502267-682003330-1004\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning
C:\Documents and Settings\Tony\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Tony\My Documents\Funny Stuff\beer pic.exe -> Not-A-Virus.Joke.JepRuss : Cleaned with backup
C:\Program Files\Internet Explorer\wojbllbv.exe -> TrojanDownloader.WinShow.z : Cleaned with backup
C:\Program Files\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5RS_0001_0808NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\system32\ddcyv.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\jkkjg.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\mllmm.dll -> TrojanDownloader.ConHook.l : Cleaned with backup
C:\WINDOWS\system32\pmnli.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\pmnlj.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\pmnnk.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\wsem302.dll -> TrojanDownloader.Dyfuca.dc : Cleaned with backup
E:\Documents and Settings\Anthony\My Documents\Funny Stuff\beer pic.exe -> Not-A-Virus.Joke.JepRuss : Cleaned with backup
E:\Program Files\KaZaA\TopSearch.dll -> Spyware.TopSearch : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035068.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035069.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035070.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035071.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035072.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035073.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035074.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035075.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035076.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035077.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035078.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035079.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035080.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035081.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035082.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035083.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035084.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035085.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035086.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035087.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035088.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035089.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035090.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035091.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035092.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035093.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035094.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035095.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035096.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035097.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035098.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035099.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035100.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035101.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035102.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035103.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035104.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035105.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035106.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035107.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035108.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035109.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035110.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035111.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035112.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035113.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035114.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035115.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035116.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035117.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035118.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035119.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035120.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035121.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035122.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035123.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035124.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035125.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035126.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035127.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035128.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035129.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035130.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035131.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035132.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035133.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035134.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035135.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035136.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035137.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035138.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035139.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035140.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035141.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035142.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035143.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035144.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035145.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035146.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035147.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035148.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035149.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035150.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035151.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035152.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035153.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035154.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035155.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035156.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035157.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035158.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035159.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035160.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035161.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035162.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035163.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035164.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035165.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035166.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035167.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035168.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035169.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035170.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035171.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035172.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035173.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035174.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035175.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035176.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035177.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035178.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035179.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035180.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035181.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035182.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035183.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035184.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035185.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035186.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035187.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035188.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035189.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035190.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035191.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035192.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035193.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035194.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035195.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035196.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035197.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035198.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035199.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035200.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035201.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035202.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035203.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035204.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035205.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035206.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035207.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035208.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035209.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035210.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035211.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035212.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035213.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035214.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035215.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035216.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035217.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035218.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035219.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035220.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035221.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035222.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035223.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035224.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035225.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035226.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035227.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035228.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035229.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035230.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035231.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035232.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035233.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035234.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035235.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035236.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035237.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035238.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035239.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035240.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035241.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035242.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035243.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035244.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035245.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035246.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035247.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035248.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035249.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035250.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035251.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035252.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035253.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035254.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035255.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035256.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035257.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035258.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035259.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035260.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035261.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035262.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035263.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035264.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035265.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035266.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035267.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035268.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035269.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035270.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035271.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035272.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035273.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035274.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035275.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035276.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035277.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035278.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035279.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035280.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035281.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035282.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035283.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035284.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035285.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035286.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035287.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035288.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035289.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035290.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035291.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035292.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035293.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035294.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035295.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035296.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035297.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035298.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035299.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035300.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035301.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035302.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035303.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035304.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035305.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035306.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035307.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035308.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035309.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035310.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035311.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035312.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035313.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035314.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035315.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035316.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035317.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035318.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035319.bat -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035320.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035321.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035322.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035323.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035324.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035325.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035326.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035327.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035328.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035329.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035330.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035331.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035332.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035333.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035334.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035335.scr -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035336.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035337.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035338.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035339.exe -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035340.pif -> Worm.Klez.H : Cleaned with backup
E:\System Volume Information\_restore{95AF7CF2-799E-4256-ACE3-E57B9B504A81}\RP384\A0035341.pif -> Worm.Klez.H : Cleaned with backup
E:\WINDOWS\SYSTEM32\cd_clint.dll -> Spyware.Cydoor : Cleaned with backup
E:\WINDOWS\SYSTEM32\cd_htm.dll -> Spyware.Cydoor : Cleaned with backup
E:\WINDOWS\Temp\Adware\cd_install_291.exe/cd_clint.dll -> Spyware.Cydoor : Cleaned with backup
E:\WINDOWS\Temp\Adware\cd_install_291.exe/cd_htm.dll -> Spyware.Cydoor : Cleaned with backup


::Report End


HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 6:32:12 AM, on 10/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*; 172.*; 127.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Program Files\WinFixer 2005\WFX5.exe" /min
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: ppctlcab - http://69.44.122.156...er/ppctlcab.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEABBD5E-9F09-48F9-B560-3D88EBDE5384}: NameServer = 203.134.64.66,203.134.65.66
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#8
Trevuren
Posted 05 October 2005 - 11:46 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please provide a list of uninstallable programs.

To Provide a List of Installed Programs
  • Run HijackThis.
  • Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
  • Save list to Desktop
  • Copy the Notepad list and Paste it into this thread.

Trevuren
  • 0

#9
fowzee
Posted 06 October 2005 - 01:05 AM

fowzee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the list of uninstallable programs:

Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop CS
Adobe Reader 6.0.1
Adobe Reader Japanese Fonts
Adobe SVG Viewer 3.0
AOL Instant Messenger
BitTorrent 3.4.2
CleanUp!
CodeWarrior Development Studio for Windows, v9.2
Creative System Information
CSync
Dell ResourceCD
DirectX 9 Hotfix - KB839643
ewido security suite
HijackThis 1.99.1
ICUII
ICUII 6
Intel® Create & Share® Software
Internet Explorer Q831167
Java 2 Runtime Environment, SE v1.4.2_05
JCreator LE 3.10
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia HomeSite+
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft XML Parser and SDK
MSN Messenger 7.0
NVIDIA Drivers
Outlook Express Q837009
Panda ActiveScan
PuTTY version 0.55
QuickTime
RealPlayer Basic
Sound Blaster Live! 24-bit
Sound Blaster Live! Value
Spybot - Search & Destroy 1.3
Symantec AntiVirus Client
The Australian Resume Writer
USB MassStorage CardReader
Ventrilo Client
Viewpoint Manager (Remove Only)
Viewpoint Toolbar (Remove Only)
Winamp (remove only)
Windows Media Player Hotfix [See wm828026 for more information]
Windows NT Messaging
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840374
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
WinFixer 2005 1.1.29.0
WinRAR archiver
WinSCP 3.6.8
WinZip
World of Warcraft
  • 0

#10
Trevuren
Posted 06 October 2005 - 09:54 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Try using Add/Remove Programs to remove WinFixer 2005. If they require that you go to their site to uninstall it. Forget it and we will remove it manually.

Regards,

Trevuren
  • 0

#11
fowzee
Posted 06 October 2005 - 07:09 PM

fowzee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I removed it from the Add/Remove Programs list but it was only the filename from the list that was removed, not the program itself.

I believe we took care of removing WinFixer from the other steps though. Should I be doing anything else or did you get it all?

Thanks for all the help!
  • 0

#12
Trevuren
Posted 07 October 2005 - 07:19 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O4 - HKCU\..\Run: [WinFixer 2005] "C:\Program Files\WinFixer 2005\WFX5.exe" /min
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O16 - DPF: ppctlcab - http://69.44.122.156...er/ppctlcab.cab

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\Program Files\WinFixer 2005<==Folder
    C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP