0

Hey, my IE browser is redirecting to prosearching.com. I have looked at all the other similar issues but i dont have the files to check in Hijack this log thingo..
so here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:19:55 PM, on 1/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\mvirwwrx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Documents and Settings\Matty\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\mvirwwrx.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [newname] c:\\newname2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\aqlui.dll (file missing)
O20 - Winlogon Notify: winabi32 - C:\WINDOWS\SYSTEM32\winabi32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

2
Contributors
13
Replies
14
Views
11 Years
Discussion Span
Last Post by tayspen
0

Hi, run HJT again, and check these.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\mvirwwrx.exe

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [csr] csrrs.exe

O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe

O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe

O4 - HKLM\..\Run: [newname] c:\\newname2.exe

O4 - HKLM\..\RunServices: [csr] csrrs.exe

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.i-lookup.com

O15 - Trusted Zone: *.offshoreclicks.com

O15 - Trusted Zone: *.teensguru.com

O15 - Trusted Zone: *.xxxtoolbar.com

O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\aqlui.dll (file missing)

Click Fix Checked

Then, boot into safe mode and delete these files - getting into safe mode - http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Delete these files.

C:\Program Files\winupdates\winupdates.exe

C:\System32\csrrs.exe

C:\keyboard2.exe

C:\mousepad2.exe

c:\\newname2.exe

Empty Recycle bin

Reboot, and post a new log.

0

Looks good, got rid of it. Now i gotta get rid of my trojans :)

Logfile of HijackThis v1.99.1
Scan saved at 6:43:25 AM, on 2/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Matty\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winabi32 - C:\WINDOWS\SYSTEM32\winabi32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

0

Ok, we will have some programs do some clean up :).

Download the Free trial version of Spysweeper

http://www.webroot.com/consumer/pro...&rc=4129&ac=tsg

Update the defintions and run it, let it remove whatever it finds.

Then download ewido

www.ewido.net - Install. Update. Scan. Remove anything it finds.

Post the ewido and the Spysweeper log, and a new HJT log

0

im running ewido now. found afew trojans and such , mainly tracking cookies. Thanks for your help.

-Activate

0

Here is the ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           9:32:20 AM, 2/04/2006
+ Report-Checksum:      32696825


+ Scan result:


:mozilla.8:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Matty\Application Data\Mozilla\Firefox\Profiles\8gg72mgn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Matty\Cookies\matty@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temp\nsc5E1.tmp -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temp\temp.frA4CC\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temporary Internet Files\Content.IE5\0P4ZOJ0R\mulbin1[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temporary Internet Files\Content.IE5\0P4ZOJ0R\wizp32[1].exe -> Downloader.IstBar.eq : Cleaned with backup
C:\Documents and Settings\Matty\Local Settings\Temporary Internet Files\Content.IE5\1VVBHDC6\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\SaNdRa\Application Data\Ѕуmantec\msconfig.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\SaNdRa\Cookies\sandra@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\SaNdRa\Local Settings\Temp\!update.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\SaNdRa\Local Settings\Temporary Internet Files\Content.IE5\8DE7KTI7\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\SaNdRa\Local Settings\Temporary Internet Files\Content.IE5\KNFRQC5P\!update-3595[1].0000 -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\SaNdRa\My Documents\sуstem32\iexplore.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Vitor\Cookies\vitor@217.73.66[2].txt -> TrackingCookie.217.73.66.16 : Cleaned with backup
C:\Documents and Settings\Vitor\Cookies\vitor@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Vitor\Cookies\vitor@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Vitor\Cookies\vitor@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP1\A0000206.EXE -> Not-A-Virus.NetTool.Win32.PsKill : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP115\A0028681.exe -> Dropper.VB.kk : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP115\A0028687.exe -> Downloader.VB.na : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP54\A0009035.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP54\A0009037.exe -> Trojan.Dialer.u : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP57\A0009291.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP58\A0009482.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009670.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009833.exe -> Downloader.Zlob.ht : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009835.exe -> Downloader.Zlob.ht : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009842.exe -> Dropper.Agent.aiq : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP59\A0009844.dll -> Not-A-Virus.Hoax.Win32.Renos.bo : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP61\A0010031.exe -> Downloader.Small.ayl : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP61\A0010040.exe -> Downloader.Small.ayl : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP61\A0010041.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP62\A0010119.dll -> Hijacker.Small.kb : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP63\A0010175.exe -> Downloader.PurityScan.bu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP63\A0010176.exe -> Dropper.PurityScan.ad : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP63\A0010177.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP64\A0011233.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012280.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012305.exe -> Downloader.Zlob.hr : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012306.exe -> Dropper.PurityScan.ad : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012307.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP65\A0012318.dll -> Downloader.IstBar.eq : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012539.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012542.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012543.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012547.exe -> Worm.VB.an : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012602.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP68\A0012605.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012635.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012646.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012686.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012717.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP69\A0012770.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012801.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012806.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012829.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012844.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012853.exe -> Downloader.PurityScan.bu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012881.exe -> Dropper.PurityScan.ad : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0012882.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0013048.exe -> Worm.VB.an : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0013049.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP70\A0013050.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013074.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013075.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013076.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013077.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013078.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013079.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013080.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013081.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013082.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013083.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013084.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013085.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013086.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013087.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013088.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013089.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013090.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013091.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013092.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013093.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013094.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013095.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013096.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013097.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013098.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013099.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013100.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013101.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013102.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013103.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013104.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013105.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013106.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013107.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013108.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013109.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013110.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013111.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013112.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013113.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013114.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013115.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013116.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013117.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013118.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013119.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013120.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013121.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013122.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013123.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013124.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013125.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013126.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013127.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013128.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013129.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013130.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013131.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013132.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013133.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013134.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013135.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013136.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013137.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013138.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013139.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013140.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013141.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013142.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013143.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013144.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013145.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013146.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013147.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013148.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013149.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013150.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013151.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013152.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013153.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013154.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013155.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013156.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013157.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013158.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013159.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013160.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013161.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013162.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013163.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013164.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013165.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013166.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013167.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013168.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013169.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013170.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013171.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013172.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013173.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013174.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013175.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013176.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013177.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013178.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013179.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013180.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013181.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013182.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013183.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013184.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013185.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013186.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013187.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013188.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013189.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013190.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013191.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013192.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013193.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013194.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013195.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013196.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013197.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013198.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013199.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013200.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013201.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013202.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013203.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013204.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013205.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013206.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013207.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013208.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013209.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013210.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013211.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013212.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013213.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013214.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013215.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013216.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013217.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013218.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013219.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013220.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013221.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013222.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013223.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013224.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013225.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013226.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013227.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013228.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013229.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013230.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013231.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013232.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013233.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013234.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013235.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013236.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013237.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013238.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013239.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013240.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013241.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013242.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013243.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013244.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013245.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013246.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013247.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013248.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013249.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013250.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013251.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013252.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013253.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013254.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013255.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013256.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013257.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013258.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013259.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013260.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013261.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013262.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013263.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013264.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013265.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013266.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013267.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013268.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013269.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013270.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013271.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013272.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013273.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013274.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013275.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013276.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013277.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013278.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013279.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013280.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013281.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013282.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013283.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013284.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013285.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013286.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013287.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013288.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013289.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013290.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013291.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013292.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013293.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013294.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013295.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013296.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013297.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013298.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013299.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013300.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013301.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013302.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013303.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013304.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013305.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013306.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013307.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013308.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013309.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013310.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013311.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013312.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013313.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013314.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013315.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013316.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013317.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013318.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013319.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013320.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013321.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013322.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013323.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013324.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013325.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013326.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013327.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013328.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013329.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013330.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013331.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013332.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013333.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013334.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013335.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013336.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013337.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013338.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013339.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013340.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013341.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013342.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013343.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013344.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013345.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013346.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013347.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013348.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013349.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013350.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013351.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013352.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013353.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013354.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013355.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013356.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013357.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013358.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013359.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013360.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013361.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013362.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013363.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013364.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013365.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013366.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013367.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013368.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013369.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013370.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013371.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013372.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013373.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013374.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013375.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013376.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013377.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013378.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013379.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013380.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013381.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013382.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013383.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013384.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013385.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013386.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013387.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013388.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013389.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013390.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013391.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013392.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013393.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013394.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013395.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013396.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013397.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013398.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013399.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013400.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013401.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013402.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013403.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013404.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013405.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013406.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013407.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013408.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013409.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013410.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013411.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013412.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013413.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013414.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013415.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013416.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013417.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013418.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013419.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013420.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013421.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013422.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013423.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013424.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013425.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013426.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013427.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013428.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013429.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013430.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013431.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013432.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013433.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013434.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013435.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013436.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013437.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013438.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013439.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013440.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013441.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013442.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013443.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013444.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013445.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013446.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013447.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013448.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013449.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013450.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013451.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013452.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013453.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013454.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013455.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013456.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013457.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013458.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013459.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013460.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013461.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013462.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013463.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013464.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013465.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013466.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013467.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013468.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013469.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013470.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013471.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013472.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013473.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013474.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013475.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013476.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013477.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013478.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013479.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013480.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013481.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013482.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013483.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013484.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013485.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013486.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013487.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013488.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013489.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013490.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013491.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013492.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013493.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013494.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013495.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013496.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013497.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013498.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013499.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013500.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013501.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013502.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013503.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013504.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013505.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013506.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013507.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013508.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013509.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013510.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013511.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013512.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013513.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013514.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013515.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013516.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013517.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013518.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013519.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013520.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013521.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013522.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013523.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013524.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013525.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013526.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013527.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013528.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013529.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013530.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013531.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013532.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013533.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013534.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013535.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013536.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013537.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013538.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013539.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013540.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013541.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013542.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013543.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013544.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013545.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013546.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013547.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013548.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013549.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013550.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013551.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013552.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013553.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013554.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013555.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013556.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013557.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013558.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013559.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013560.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013561.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013562.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013563.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013564.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013565.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013566.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013567.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013568.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013569.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013570.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013571.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013572.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013573.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013574.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013575.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013576.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013577.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013578.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013579.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013580.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013581.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013582.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013583.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013584.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013585.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013586.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013587.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013588.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013589.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013590.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013591.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013592.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013593.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013594.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013595.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013596.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013597.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013598.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013599.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013600.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013601.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013602.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013603.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013604.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013605.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013606.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013607.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013608.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013609.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013610.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013611.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013612.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013613.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013614.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013615.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013616.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013617.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013618.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013619.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013620.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013621.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013622.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013623.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013624.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013625.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013626.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013627.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013628.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013629.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013630.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013631.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013632.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013633.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013634.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013635.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013636.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013637.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013638.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013639.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013640.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013641.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013642.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013643.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013644.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013645.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013646.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013647.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013648.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013649.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013650.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013651.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013652.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013653.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013654.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013655.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013656.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013657.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013658.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013659.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013660.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013661.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013662.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013663.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013664.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013665.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013666.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013667.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013668.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013669.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013670.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013671.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013672.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013673.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013674.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013675.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013676.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013677.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013678.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013679.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013680.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013681.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013682.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013683.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013684.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013685.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013686.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013687.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013688.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013689.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013690.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013691.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013692.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013693.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013694.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013695.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013696.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013697.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013698.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013699.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013700.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013701.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013702.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013703.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013704.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013705.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013706.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013707.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013708.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013709.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013710.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013711.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013712.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013713.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{96A6280C-A070-436A-8804-30EDD1303A65}\RP71\A0013

Edited by pritaeas: Fixed formatting

0

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:39:31 AM, on 2/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matty\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winabi32 - C:\WINDOWS\SYSTEM32\winabi32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

0

A little clean up.

Run HJT again, and check the follwowing.


O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)


O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazz....cab?refid=1123

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Click Fix Checked.

Reboot, and post hopefully the last log :).

0

There We Go:

Logfile of HijackThis v1.99.1
Scan saved at 9:58:57 AM, on 2/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Matty\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winabi32 - C:\WINDOWS\SYSTEM32\winabi32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

0

Thanks for all your help with this bullshit.
anyways do you know any programs that can prevent all this gay spyware adware bullshit things.
i have ad aware se norton and umm CC cleaner and ewido.

0

Well, ewido is great. Run CCLeaner every once in a while. You dont really need norton, in my opinion your just paying for somthing that another program could do for free, and better.(AVG FREE ). Ad-Aware is good to.

Keep running ewido, and ad-aware, and AVG (if you download it) and you should be good to go.

Just make sure you keep them updated.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.