Hey, my IE browser is redirecting to prosearching.com. I have looked at all the other similar issues but i dont have the files to check in Hijack this log thingo..
so here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:19:55 PM, on 1/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\mvirwwrx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Documents and Settings\Matty\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\mvirwwrx.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [newname] c:\\newname2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\aqlui.dll (file missing)
O20 - Winlogon Notify: winabi32 - C:\WINDOWS\SYSTEM32\winabi32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hi, run HJT again, and check these.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\mvirwwrx.exe

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [csr] csrrs.exe

O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe

O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe

O4 - HKLM\..\Run: [newname] c:\\newname2.exe

O4 - HKLM\..\RunServices: [csr] csrrs.exe

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.i-lookup.com

O15 - Trusted Zone: *.offshoreclicks.com

O15 - Trusted Zone: *.teensguru.com

O15 - Trusted Zone: *.xxxtoolbar.com

O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\aqlui.dll (file missing)

Click Fix Checked

Then, boot into safe mode and delete these files - getting into safe mode - http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Delete these files.

C:\Program Files\winupdates\winupdates.exe

C:\System32\csrrs.exe

C:\keyboard2.exe

C:\mousepad2.exe

c:\\newname2.exe

Empty Recycle bin

Reboot, and post a new log.

Looks good, got rid of it. Now i gotta get rid of my trojans :)

Logfile of HijackThis v1.99.1
Scan saved at 6:43:25 AM, on 2/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Matty\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winabi32 - C:\WINDOWS\SYSTEM32\winabi32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ok, we will have some programs do some clean up :).

Download the Free trial version of Spysweeper

http://www.webroot.com/consumer/pro...&rc=4129&ac=tsg

Update the defintions and run it, let it remove whatever it finds.

Then download ewido

www.ewido.net - Install. Update. Scan. Remove anything it finds.

Post the ewido and the Spysweeper log, and a new HJT log

im running ewido now. found afew trojans and such , mainly tracking cookies. Thanks for your help.

-Activate

Here is the ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           9:32:20 AM, 2/04/2006
+ Report-Checksum:      32696825


+ Scan result:


:mozilla.8:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temp\nsc5E1.tmp -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temp\temp.frA4CC\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temporary Internet Files\Content.IE5\0P4ZOJ0R\mulbin1[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temporary Internet Files\Content.IE5\0P4ZOJ0R\wizp32[1].exe -> Downloader.IstBar.eq : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temporary Internet Files\Content.IE5\1VVBHDC6\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\SaNdRa\Application Data\Ѕуmantec\msconfig.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\SaNdRa\Local Settings\Temp\!update.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\SaNdRa\Local Settings\Temporary Internet Files\Content.IE5\8DE7KTI7\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\SaNdRa\Local Settings\Temporary Internet Files\Content.IE5\KNFRQC5P\!update-3595[1].0000 -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\SaNdRa\My Documents\sуstem32\iexplore.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Vitor\Cookies\vitor@217.73.66[2].txt -> TrackingCookie.217.73.66.16 : Cleaned with backup
C:\Documents and Settings\Vitor\Cookies\vitor@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Vitor\Cookies\vitor@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Vitor\Cookies\vitor@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP1\A0000206.EXE -> Not-A-Virus.NetTool.Win32.PsKill : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP115\A0028681.exe -> Dropper.VB.kk : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP115\A0028687.exe -> Downloader.VB.na : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP54\A0009035.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP54\A0009037.exe -> Trojan.Dialer.u : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP57\A0009291.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP58\A0009482.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009670.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009833.exe -> Downloader.Zlob.ht : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009835.exe -> Downloader.Zlob.ht : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009842.exe -> Dropper.Agent.aiq : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009844.dll -> Not-A-Virus.Hoax.Win32.Renos.bo : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP61\A0010031.exe -> Downloader.Small.ayl : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP61\A0010040.exe -> Downloader.Small.ayl : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP61\A0010041.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP62\A0010119.dll -> Hijacker.Small.kb : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP63\A0010175.exe -> Downloader.PurityScan.bu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP63\A0010176.exe -> Dropper.PurityScan.ad : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP63\A0010177.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP64\A0011233.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012280.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012305.exe -> Downloader.Zlob.hr : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012306.exe -> Dropper.PurityScan.ad : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012307.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012318.dll -> Downloader.IstBar.eq : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012539.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012542.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012543.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012547.exe -> Worm.VB.an : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012602.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012605.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012635.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012646.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012686.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012717.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012770.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012801.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012806.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012829.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012844.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012853.exe -> Downloader.PurityScan.bu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012881.exe -> Dropper.PurityScan.ad : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012882.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0013048.exe -> Worm.VB.an : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0013049.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0013050.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013074.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013075.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013076.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013077.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013078.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013079.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013080.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013081.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013082.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013083.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013084.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013085.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013086.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013087.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013088.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013089.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013090.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013091.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013092.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013093.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013094.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013095.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013096.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013097.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013098.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013099.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013100.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013101.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013102.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013103.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013104.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013105.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013106.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013107.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013108.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013109.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013110.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013111.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013112.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013113.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013114.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013115.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013116.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013117.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013118.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013119.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013120.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013121.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013122.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013123.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013124.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013125.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013126.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013127.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013128.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013129.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013130.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013131.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013132.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013133.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013134.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013135.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013136.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013137.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013138.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013139.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013140.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013141.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013142.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013143.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013144.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013145.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013146.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013147.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013148.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013149.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013150.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013151.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013152.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013153.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013154.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013155.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013156.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013157.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013158.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013159.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013160.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013161.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013162.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013163.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013164.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013165.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013166.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013167.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013168.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013169.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013170.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013171.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013172.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013173.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013174.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013175.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013176.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013177.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013178.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013179.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013180.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013181.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013182.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013183.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013184.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013185.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013186.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013187.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013188.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013189.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013190.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013191.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013192.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013193.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013194.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013195.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013196.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013197.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013198.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013199.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013200.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013201.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013202.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013203.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013204.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013205.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013206.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013207.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013208.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013209.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013210.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013211.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013212.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013213.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013214.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013215.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013216.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013217.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013218.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013219.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013220.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013221.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013222.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013223.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013224.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013225.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013226.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013227.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013228.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013229.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013230.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013231.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013232.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013233.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013234.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013235.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013236.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013237.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013238.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013239.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013240.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013241.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013242.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013243.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013244.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013245.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013246.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013247.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013248.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013249.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013250.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013251.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013252.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013253.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013254.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013255.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013256.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013257.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013258.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013259.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013260.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013261.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013262.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013263.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013264.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013265.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013266.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013267.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013268.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013269.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013270.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013271.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013272.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013273.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013274.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013275.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013276.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013277.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013278.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013279.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013280.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013281.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013282.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013283.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013284.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013285.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013286.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013287.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013288.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013289.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013290.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013291.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013292.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013293.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013294.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013295.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013296.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013297.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013298.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013299.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013300.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013301.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013302.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013303.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013304.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013305.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013306.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013307.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013308.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013309.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013310.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013311.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013312.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013313.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013314.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013315.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013316.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013317.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013318.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013319.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013320.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013321.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013322.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013323.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013324.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013325.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013326.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013327.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013328.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013329.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013330.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013331.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013332.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013333.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013334.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013335.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013336.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013337.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013338.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013339.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013340.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013341.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013342.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013343.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013344.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013345.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013346.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013347.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013348.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013349.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013350.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013351.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013352.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013353.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013354.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013355.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013356.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013357.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013358.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013359.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013360.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013361.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013362.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013363.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013364.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013365.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013366.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013367.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013368.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013369.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013370.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013371.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013372.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013373.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013374.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013375.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013376.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013377.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013378.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013379.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013380.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013381.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013382.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013383.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013384.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013385.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013386.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013387.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013388.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013389.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013390.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013391.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013392.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013393.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013394.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013395.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013396.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013397.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013398.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013399.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013400.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013401.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013402.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013403.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013404.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013405.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013406.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013407.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013408.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013409.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013410.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013411.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013412.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013413.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013414.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013415.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013416.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013417.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013418.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013419.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013420.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013421.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013422.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013423.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013424.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013425.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013426.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013427.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013428.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013429.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013430.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013431.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013432.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013433.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013434.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013435.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013436.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013437.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013438.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013439.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013440.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013441.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013442.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013443.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013444.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013445.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013446.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013447.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013448.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013449.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013450.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013451.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013452.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013453.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013454.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013455.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013456.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013457.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013458.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013459.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013460.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:39:31 AM, on 2/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matty\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winabi32 - C:\WINDOWS\SYSTEM32\winabi32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

A little clean up.

Run HJT again, and check the follwowing.


O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)


O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazz....cab?refid=1123

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Click Fix Checked.

Reboot, and post hopefully the last log :).

There We Go:

Logfile of HijackThis v1.99.1
Scan saved at 9:58:57 AM, on 2/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Matty\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winabi32 - C:\WINDOWS\SYSTEM32\winabi32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Congrats! thats a clean log :).

Good job.

Thanks for all your help with this bullshit.
anyways do you know any programs that can prevent all this gay spyware adware bullshit things.
i have ad aware se norton and umm CC cleaner and ewido.

Well, ewido is great. Run CCLeaner every once in a while. You dont really need norton, in my opinion your just paying for somthing that another program could do for free, and better.(AVG FREE ). Ad-Aware is good to.

Keep running ewido, and ad-aware, and AVG (if you download it) and you should be good to go.

Just make sure you keep them updated.

kk got the AVG thing
thanks heeps for all your help.
-Activate

Your welcome. Glad everything is back to normal :).

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.