PDA

View Full Version : General Chaos



dedek
2006-06-21, 16:16
I am hoping somebody could help me out with my problem. As soon as I start up, about 8 - 12 pop-up's appear with all different kinds of messages. I have run S&D several times and it keeps finding new malware and I keep fixing it without any result. I ran an online analyzer (eTrust) which found the following: (175 infected files!!)

defender23a.exe Win32/Thoog.CJ infected C:\
eied_s7.cab>eied_s7_c_49.exe Win32/SillyDl.FL infected C:\
Trelew.exe Win32/Clspring.EL infected C:\
warebundle.exe Win32/Canbede.M infected C:\
Belt.cab Win32/SillyDl.DE!CAB infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
Belt.cab>Belt.exe Win32/SillyDl.DE infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
Belt.exe Win32/SillyDl.DE infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
bi.cab Win32/BettInet.F!CAB infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
bi.cab>bi.dll Win32/BettInet infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
bi.cab>biprep.exe Win32/BettInet.F infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp\
qm9e6f7_.sis SymbOS/Commwarrior.A infected C:\Documents and Settings\Patrick Dekker\Mijn documenten\Mijn afbeeldingen\538\
windowsxpsp2keygen.rar>crack.exe Win32/Thoog.CX infected C:\Documents and Settings\Patrick Dekker.DEKKER\Bureaublad\
zwuul.exe Win32/SillyDl.NM infected C:\Program Files\Common Files\zwuu\
zwuum.exe Win32/Sasla.A infected C:\Program Files\Common Files\zwuu\
mp4v2.exe Win32/SillyDl.AQR infected C:\Program Files\EphPod\
SnowballWars.exe Win32/Clspring.EL infected C:\Program Files\Snowball Wars\
Dc648.exe Win32/BettInet.CG infected C:\RECYCLER\S-1-5-21-2010540632-3783705919-1771393909-1006\
A0007288.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007304.exe Win32/Thoog.CV infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007305.exe Win32/Thoog.CW infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007306.exe Win32/SillyDl.APN infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007308.exe Win32/NetMon.A infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007309.dll Win32/Acee.A infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007310.exe Win32/SillyDl.XA infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007311.exe Win32/SillyDl.YQ infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007312.exe Win32/SillyDl.YQ infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007313.exe Win32/Thoog.CX infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007314.exe Win32/Thoog.CX infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007315.exe Win32/Thoog.CX infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007316.exe Win32/Thoog.CU infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007317.exe Win32/Acee.A infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007324.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007328.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007331.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008327.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008330.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008338.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008342.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008351.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008355.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008360.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008367.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008373.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0009374.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0009375.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0009383.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0009386.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0010381.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP11\
A0010385.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP11\
A0010390.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010396.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010399.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010401.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010407.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010410.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010486.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0010492.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0010497.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0011486.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0011488.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0012483.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0012486.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0013486.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0013488.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0014485.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP15\
A0014488.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP15\
A0015486.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0015488.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0015493.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0015499.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0015502.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0016496.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0016497.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0016505.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17\
A0016509.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17\
A0016512.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17\
A0017076.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP403\
A0017087.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP405\
A0017110.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP407\
A0017117.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408\
A0017126.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408\
A0017157.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408\
A0017177.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP410\
A0017183.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP410\
A0017194.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP411\
A0017200.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP411\
A0017209.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP413\
A0017226.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP413\
A0018228.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP419\
A0018229.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP419\
A0018277.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP420\
A0018284.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421\
A0018287.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421\
A0018302.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421\
A0018340.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP422\
A0018341.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP422\
A0018358.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP423\
A0018359.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP423\
A0018388.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP424\
A0018392.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP425\
A0018398.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP425\
A0018420.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426\
A0018421.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426\
A0018429.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP427\
A0018436.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP427\
A0018453.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP429\
A0018459.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP430\
A0018489.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP430\
A0018491.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431\
A0018497.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431\
A0018499.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431\
A0018522.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP433\
A0018526.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP433\
A0019497.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP434\
A0019500.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP434\
A0019949.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP442\
A0019956.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP442\
A0019960.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP443\
A0019967.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444\
A0019968.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444\
A0019973.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444\
A0020009.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446\
A0020010.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446\
A0020015.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446\
A0020020.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447\
A0020026.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447\
A0020027.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447\
A0021026.exe



( NEXT THREAD ) -->

dedek
2006-06-21, 16:19
Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP448\
A0021031.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449\
A0021037.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449\
A0021041.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449\
A0021046.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450\
A0021054.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450\
A0021057.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450\
A0021070.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP454\
A0021078.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP454\
A0022093.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP457\
A0022129.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP461\
A0023132.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP466\
A0023322.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
A0023333.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
A0023363.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
A0023364.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
A0023402.exe Win32/BettInet.F infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
winemx32.dll Win32/SillyDl.ANU infected C:\WINDOWS\SYSTEM32\

--------------------------------------------------------------------------


And then I ran Hijack This and it came up with the following:


Logfile of HijackThis v1.99.1
Scan saved at 14:58:05, on 21-6-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\defender23a.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\zwuu\zwuum.exe
C:\PROGRA~1\ASEMBL~1\lsass.exe
C:\PROGRA~1\COMMON~1\zwuu\zwuua.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\DivXCodec\DivX.exe
C:\Documents and Settings\Patrick Dekker.DEKKER\Application Data\?ystem32\l?ass.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [defender] C:\\defender23a.exe
O4 - HKLM\..\Run: [w00670be.dll] RUNDLL32.EXE w00670be.dll,I2 0014d6a4000670be
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Saat] "C:\PROGRA~1\COMMON~1\RACLE~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\Run: [Vxg] C:\DOCUME~1\PATRIC~1.DEK\APPLIC~1\YSTEM3~1\SERINI~1.EXE
O4 - HKCU\..\Run: [zwuu] C:\PROGRA~1\COMMON~1\zwuu\zwuum.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Tetr] "C:\PROGRA~1\ASEMBL~1\lsass.exe" -vt yazr
O4 - HKCU\..\Run: [Dzptmvbq] C:\Documents and Settings\Patrick Dekker.DEKKER\Application Data\?ystem32\l?ass.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RaConfig2500USB.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/8e89cba65e10de8470f54e9d6d979172_13.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll C:\WINDOWS\system32\ping.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\e2200cfmef2a0.dll
O20 - Winlogon Notify: winemx32 - C:\WINDOWS\SYSTEM32\winemx32.dll



I am an absolute novice in the world of registry and hijack so I would appreciate any help given to assist me in tackling this problem!

Thanks in advance,

Patrick Dekker
The Netherlands

teacup61
2006-06-25, 00:30
Hello Patrick,

Welcome to Safer Networking Forums :)

Look in your control panel's add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar. Click on it and then click remove.

Reboot and if found, delete this folder:

C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
http://www.outerinfo.com/howto.html
Tutorial for the uninstaller if needed

Reboot when done and if found, delete this folder:

C:\Program Files\PurityScan[/B

Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip).
Unzip it to it’s own folder (c:\BFU)

RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\alcanshorty.bfu
Press execute and let it do it’s job.

Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.


* Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: [b]cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Navigate to your Prefetch folder and empty everything in there. Not the folder itself!

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.


Thanks,
tea

dedek
2006-06-28, 03:51
THANKS FOR THE ADVICE TEACUP!

I have done all the things you mentioned in the post above and still the pop-ups keep herrassing me!

These are the requested log's :

Logfile of HijackThis v1.99.1
Scan saved at 2:44:06, on 28-6-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [w00670be.dll] RUNDLL32.EXE w00670be.dll,I2 0014d6a4000670be
O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RaConfig2500USB.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/8e89cba65e10de8470f54e9d6d979172_13.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll C:\WINDOWS\system32\ping.dll C:\WINDOWS\system32\regedit.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\azaq0af5ed2.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Virtual PDF Printer (Service1) - Unknown owner - C:\Program Files\Virtual PDF Printer\VirtualPrinting.exe

[B]Log from DrWeb:


cd_clint.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.Cydoor;Incurable.Moved.
Del1.tmp;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.nCase;Incurable.Moved.
Del2.tmp;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.nCase;Incurable.Moved.
Installer2.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.BlazeFind;Incurable.Moved.
msbb.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.nCase;Incurable.Moved.
ncmyb.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.nCase;Incurable.Moved.
omnigate.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.BlazeFind;Incurable.Moved.
__unin__.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.Altnet;Incurable.Moved.

dedek
2006-06-28, 03:51
ezstub.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp;Adware.Ezula;Incurable.Moved.
msbb.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp;Adware.nCase;Incurable.Moved.
new_net.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp;Adware.NewDotNet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp;Adware.BetterInternet;Incurable.Moved.
qm9e6f7_.sis;C:\Documents and Settings\Patrick Dekker\Mijn documenten\Mijn afbeeldingen\538;Symbian.Commwar;Incurable.Moved.
p2psetup.exe\data001;C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\p2psetup.exe;Adware.PeerNet;
p2psetup.exe;C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine;Archive contains infected objects;Moved.
qm9e6f7_.sis;C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine;Symbian.Commwar;Incurable.Moved.
sdexe.exe;C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp;Adware.ClickSpring;Incurable.Moved.
zwuul.exe;C:\Program Files\Common Files\zwuu;Adware.TargetServer;Incurable.Moved.
zwuum.#xe;C:\Program Files\Common Files\zwuu;Adware.TargetServer;Incurable.Moved.
zwuup.exe;C:\Program Files\Common Files\zwuu;Adware.TargetServer;Incurable.Moved.
zwuuc.dll;C:\Program Files\Common Files\zwuu\zwuud;Adware.TargetServer;Incurable.Moved.
Paint Shop Photo Album [+crack].exe;C:\Program Files\Jasc Software Inc\Paint Shop Pro 7;Trojan.Stom;Deleted.
TopSearch.dll;C:\Program Files\KaZaA Lite;Adware.Altnet;Incurable.Moved.
Paint Shop Photo Album [+crack].exe;C:\Program Files\KaZaA Lite\My Shared Folder;Trojan.Stom;Deleted.
casino.exe;C:\Program Files\WindowsSA;Trojan.DownLoader.9894;Deleted.
Dc648.exe;C:\RECYCLER\S-1-5-21-2010540632-3783705919-1771393909-1006;Adware.BetterInternet;Incurable.Moved.
A0007281.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.WebHancer;Incurable.Moved.
A0007288.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0007304.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.10308;Deleted.
A0007305.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.10206;Deleted.
A0007306.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.10320;Incurable.Moved.
A0007308.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DnsChange;Deleted.
A0007309.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Lc;Incurable.Moved.
A0007310.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.TargetServer;Incurable.Moved.
A0007311.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.5013;Deleted.
A0007312.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.5013;Deleted.
A0007313.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.DollarRevenue;Incurable.Moved.
A0007314.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.DollarRevenue;Incurable.Moved.
A0007315.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.DollarRevenue;Incurable.Moved.
A0007316.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.DollarRevenue;Incurable.Moved.
A0007317.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.8290;Deleted.
A0007320.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.WebHancer;Incurable.Moved.
A0007324.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0007328.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0007331.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0008327.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008330.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0008338.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008342.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0008348.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Zesty;Incurable.Moved.
A0008351.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008355.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008360.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0008365.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.AddUrl;Incurable.Moved.
A0008367.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008373.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0009374.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0009375.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0009383.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0009386.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0010381.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP11;Adware.Look2me;Incurable.Moved.
A0010385.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP11;Trojan.DownLoader.9894;Deleted.
A0010390.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Adware.Look2me;Incurable.Moved.
A0010396.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Trojan.DownLoader.9894;Deleted.
A0010399.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Adware.Look2me;Incurable.Moved.
A0010401.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Adware.Look2me;Incurable.Moved.
A0010407.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Trojan.DownLoader.9894;Deleted.
A0010410.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Adware.Look2me;Incurable.Moved.
A0010486.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0010492.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0010495.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.ClickSpring;Incurable.Moved.
A0010497.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Trojan.DownLoader.9894;Deleted.
A0011486.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Trojan.DownLoader.9894;Deleted.
A0011488.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0012483.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0012486.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Trojan.DownLoader.9894;Deleted.
A0013486.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Trojan.DownLoader.9894;Deleted.
A0013488.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0014485.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP15;Trojan.DownLoader.9894;Deleted.
A0014488.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP15;Adware.Look2me;Incurable.Moved.
A0015486.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Trojan.DownLoader.9894;Deleted.
A0015488.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Adware.Look2me;Incurable.Moved.
A0015493.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Adware.Look2me;Incurable.Moved.
A0015499.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Trojan.DownLoader.9894;Deleted.
A0015502.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Adware.Look2me;Incurable.Moved.
A0016496.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Adware.Look2me;Incurable.Moved.
A0016497.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Trojan.DownLoader.9894;Deleted.
A0016505.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0016509.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0016512.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Trojan.DownLoader.9894;Deleted.
A0016518.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.AddUrl;Incurable.Moved.
A0016520.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Zesty;Incurable.Moved.
A0016527.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0016534.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0016542.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Trojan.DownLoader.9894;Deleted.
A0016545.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.ClickSpring;Incurable.Moved.
A0016547.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0017537.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Adware.Look2me;Incurable.Moved.
A0017540.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Trojan.DownLoader.9894;Deleted.
A0018539.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Adware.ClickSpring;Incurable.Moved.
A0018540.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Trojan.DownLoader.9894;Deleted.
A0019537.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Adware.Look2me;Incurable.Moved.
A0019540.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Adware.ClickSpring;Incurable.Moved.
A0019541.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Trojan.DownLoader.9894;Deleted.
A0020537.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.Look2me;Incurable.Moved.
A0020540.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Trojan.DownLoader.9894;Deleted.
A0020548.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.Look2me;Incurable.Moved.
A0020551.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.ClickSpring;Incurable.Moved.
A0020552.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Trojan.DownLoader.9894;Deleted.

dedek
2006-06-28, 03:52
A0020594.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.MediaTicket;Incurable.Moved.
A0020595.exe\data002;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20\A0020595.exe;Adware.MediaTicket;
A0020595.exe\data003;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20\A0020595.exe;Adware.ClickSpring;
A0020595.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Archive contains infected objects;Moved.
A0020609.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.Look2me;Incurable.Moved.
A0020615.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.Look2me;Incurable.Moved.
A0020617.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Trojan.DownLoader.9894;Deleted.
A0020621.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0020622.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0020625.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0020632.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.DownLoader.9894;Deleted.
A0020634.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0020643.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.Click.1227;Deleted.
A0020644.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0020646.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.Stubby.113;Deleted.
A0020647.exe\data001;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21\A0020647.exe;Adware.PeerNet;
A0020647.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Archive contains infected objects;Moved.
A0021625.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.Click.1152;Deleted.
A0021633.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0021634.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.DownLoader.5289;Deleted.
A0022632.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0023630.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0023636.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023638.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023639.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023640.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.TargetServer;Incurable.Moved.
A0023641.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023642.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023643.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0024631.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0024672.exe\data001;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024672.exe;Adware.PeerNet;
A0024672.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22;Archive contains infected objects;Moved.
A0024673.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22;Trojan.Stom;Deleted.
A0024674.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22;Trojan.Stom;Deleted.
A0024675.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22;Trojan.DownLoader.9894;Deleted.
A0017076.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP403;Adware.CallingHome;Incurable.Moved.
A0017087.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP405;Adware.CallingHome;Incurable.Moved.
A0017110.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP407;Adware.CallingHome;Incurable.Moved.
A0017117.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408;Adware.CallingHome;Incurable.Moved.
A0017126.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408;Adware.CallingHome;Incurable.Moved.
A0017157.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408;Adware.CallingHome;Incurable.Moved.
A0017177.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP410;Adware.CallingHome;Incurable.Moved.
A0017183.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP410;Adware.CallingHome;Incurable.Moved.
A0017194.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP411;Adware.CallingHome;Incurable.Moved.
A0017200.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP411;Adware.CallingHome;Incurable.Moved.
A0017209.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP413;Adware.CallingHome;Incurable.Moved.
A0017226.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP413;Adware.CallingHome;Incurable.Moved.
A0018228.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP419;Adware.CallingHome;Incurable.Moved.
A0018229.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP419;Adware.CallingHome;Incurable.Moved.
A0018277.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP420;Adware.CallingHome;Incurable.Moved.
A0018284.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421;Adware.CallingHome;Incurable.Moved.
A0018287.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421;Adware.CallingHome;Incurable.Moved.
A0018302.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421;Adware.CallingHome;Incurable.Moved.
A0018340.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP422;Adware.CallingHome;Incurable.Moved.
A0018341.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP422;Adware.CallingHome;Incurable.Moved.
A0018358.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP423;Adware.CallingHome;Incurable.Moved.
A0018359.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP423;Adware.CallingHome;Incurable.Moved.
A0018388.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP424;Adware.CallingHome;Incurable.Moved.
A0018392.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP425;Adware.CallingHome;Incurable.Moved.
A0018398.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP425;Adware.CallingHome;Incurable.Moved.
A0018420.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426;Adware.CallingHome;Incurable.Moved.
A0018421.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426;Adware.CallingHome;Incurable.Moved.
A0018428.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426;Adware.BetterInternet;Incurable.Moved.
A0018429.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP427;Adware.CallingHome;Incurable.Moved.
A0018436.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP427;Adware.CallingHome;Incurable.Moved.
A0018453.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP429;Adware.CallingHome;Incurable.Moved.
A0018459.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP430;Adware.CallingHome;Incurable.Moved.
A0018489.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP430;Adware.CallingHome;Incurable.Moved.
A0018491.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431;Adware.CallingHome;Incurable.Moved.
A0018497.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431;Adware.CallingHome;Incurable.Moved.
A0018499.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431;Adware.BetterInternet;Incurable.Moved.
A0018522.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP433;Adware.BetterInternet;Incurable.Moved.
A0018526.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP433;Adware.CallingHome;Incurable.Moved.
A0019497.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP434;Adware.CallingHome;Incurable.Moved.
A0019500.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP434;Adware.BetterInternet;Incurable.Moved.
A0019949.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP442;Adware.CallingHome;Incurable.Moved.
A0019956.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP442;Adware.CallingHome;Incurable.Moved.
A0019960.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP443;Adware.BetterInternet;Incurable.Moved.
A0019967.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444;Adware.CallingHome;Incurable.Moved.
A0019968.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444;Adware.CallingHome;Incurable.Moved.
A0019973.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444;Adware.BetterInternet;Incurable.Moved.
A0020009.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446;Adware.CallingHome;Incurable.Moved.
A0020010.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446;Adware.CallingHome;Incurable.Moved.
A0020015.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446;Adware.BetterInternet;Incurable.Moved.
A0020020.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447;Adware.CallingHome;Incurable.Moved.
A0020026.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447;Adware.CallingHome;Incurable.Moved.
A0020027.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447;Adware.BetterInternet;Incurable.Moved.
A0021026.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP448;Adware.CallingHome;Incurable.Moved.
A0021031.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449;Adware.BetterInternet;Incurable.Moved.
A0021037.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449;Adware.CallingHome;Incurable.Moved.
A0021041.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449;Adware.CallingHome;Incurable.Moved.
A0021046.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450;Adware.BetterInternet;Incurable.Moved.
A0021054.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450;Adware.CallingHome;Incurable.Moved.
A0021057.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450;Adware.CallingHome;Incurable.Moved.
A0021070.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP454;Adware.CallingHome;Incurable.Moved.
A0021078.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP454;Adware.CallingHome;Incurable.Moved.
A0022093.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP457;Adware.CallingHome;Incurable.Moved.
A0022129.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP461;Adware.CallingHome;Incurable.Moved.
A0023132.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP466;Adware.CallingHome;Incurable.Moved.
A0023322.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.CallingHome;Incurable.Moved.
A0023333.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.CallingHome;Incurable.Moved.
A0023363.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.CallingHome;Incurable.Moved.
A0023364.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.CallingHome;Incurable.Moved.
A0023396.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.SNHelper;Incurable.Moved.
A0023399.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
A0023400.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
A0023401.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
A0023402.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Trojan.Spybi;Deleted.
A0023454.dll;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.SNHelper;Incurable.Moved.
A0023548.dll;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
A0023550.dll;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
aza0273mg.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
dn4401hqe.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
dn6601jse.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
dn8801lue.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
en8ol1l31.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
enlml1311.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
enpsl1771.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
fentext.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
gp80l3lm1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
gpn0l35m1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
i006lads1d06.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
j02q0af5ed2.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
jt2407fqe.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
lsass.#ll;C:\WINDOWS\SYSTEM32;Adware.ClickSpring;Incurable.Moved.
ltl0273mg.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mv02l9do1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mv2ml9f11.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mv84l9lq1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mvj8l91u1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mvn4l95q1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
ping.#ll;C:\WINDOWS\SYSTEM32;Adware.ClickSpring;Incurable.Moved.
q2ps0c77ef.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
q668lgju16o8.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
regedit.#ll;C:\WINDOWS\SYSTEM32;Adware.ClickSpring;Incurable.Moved.
wY2time.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
xYctsrv.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
asappsrv.dll;C:\WINDOWS\UGF0cmljayBIIERla2tlcg;Trojan.Proxy.493;Deleted.

dedek
2006-06-28, 03:53
Any advice on how to beat this?

Hope to hear from you!

Thanks! Patrick

teacup61
2006-06-28, 23:27
Hi Patrick,

We'll beat it, no worries.:)

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)



Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [w00670be.dll] RUNDLL32.EXE w00670be.dll,I2 0014d6a4000670be
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/8e89cba65e10...d979172_13.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll C:\WINDOWS\system32\ping.dll C:\WINDOWS\system32\regedit.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\azaq0af5ed2.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Also, delete the following files/folders (if they exist):

w00670be.dll <---search for this one
C:\Program Files\TClock<---this folder
C:\WINDOWS\system32\regedit.dll <---make sure of the exact spelling!
C:\WINDOWS\system32\ping.dll<----same as above
C:\WINDOWS\system32\lsass.dll<---same as above
C:\WINDOWS\system32\azaq0af5ed2.dll

Use Cleanmgr to clean temporary files:

1. Click > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.


In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


Please post the report from Ewido and a new HijackThis log in your reply. Also let me know how your computer is running now.:)

Thanks,
tea

dedek
2006-07-01, 13:00
HERE WE GO:

EWIDO ->

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:28:58 29-6-2006

+ Scan result:



C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\Del1.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\Del2.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\msbb.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\msbb___0.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ncmyb.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024680.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024681.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024685.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008365.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016518.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\TopSearch.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024683.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024705.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020015.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021031.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres_09.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres_19.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres_29.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres_39.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__0.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__1.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__2.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__3.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__4.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__5.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__6.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__7.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__8.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__9.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024687.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024688.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024689.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024690.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024691.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024692.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024693.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024694.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024695.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024696.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024697.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024698.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024699.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024700.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024701.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\bi.cab/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\bi.cab/biprep.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023400.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023401.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023550.dll -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\omnigate.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024682.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\A0023549.dll -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010495.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018539.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019540.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020551.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020622.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023638.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\sdexe.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Οracle\wuauboot.#xe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024676.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024677.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024678.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ezstub.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024684.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\bar.exe -> Adware.IeSearchBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007324.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007328.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008327.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008338.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008351.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008355.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008367.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0009375.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0009386.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010381.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010390.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010399.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010401.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010410.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010486.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010492.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0011488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0012483.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0013488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0014488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0015488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0015493.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0015502.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016496.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016505.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016509.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016527.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016534.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016547.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017537.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019537.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020537.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020548.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020609.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020615.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020625.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020634.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020644.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021633.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0022632.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023630.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0024631.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\aza0273mg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\dn4401hqe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\dn6601jse.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\dn8801lue.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\en8ol1l31.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\enlml1311.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\enpsl1771.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\fentext.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\gp80l3lm1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\gpn0l35m1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

dedek
2006-07-01, 13:03
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\i006lads1d06.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\j02q0af5ed2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\jt2407fqe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ltl0273mg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mv02l9do1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mv2ml9f11.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mv84l9lq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mvj8l91u1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mvn4l95q1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\q2ps0c77ef.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\q668lgju16o8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\wY2time.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\xYctsrv.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024707.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024708.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024709.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024710.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024711.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024712.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024713.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024714.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024715.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024716.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024717.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024718.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024719.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024720.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024721.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024722.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024723.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024724.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024725.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024726.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024727.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024728.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024729.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024731.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024736.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024745.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024753.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP23\A0024773.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP23\A0024788.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP25\A0024925.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP25\A0025002.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0025020.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0025030.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0025059.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0026078.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0026082.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0026088.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\bjackbox.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\oPkley.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[696] C:\WINDOWS\system32\muc42u.dll -> Adware.Look2Me : Error during cleaning.
[812] C:\WINDOWS\system32\muc42u.dll -> Adware.Look2Me : Error during cleaning.

dedek
2006-07-01, 13:04
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\new_net.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024686.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016545.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020621.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023636.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023641.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023642.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023643.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\lsass.#ll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ping.#ll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\regedit.#ll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp\Cliprex_WhenUSave_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0025056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0025057.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023396.exe -> Adware.ShopNav : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21\A0020639.exe -> Adware.ShopNav : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\A0023394.exe -> Adware.ShopNav : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\A0023395.exe -> Adware.ShopNav : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\zwuuc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024704.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007281.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007320.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp\webhancer.exe/Webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp\webhancer.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp\webhancer.exe/WhSurvey.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp\webhancer.exe/whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp\webhancer.exe/whiehlpr.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\A0007321.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008348.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016520.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007313.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007314.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007315.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007316.exe -> Downloader.Adload.bv : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007309.dll -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
C:\eied_s7.cab/eied_s7_c_49.exe -> Downloader.Mediket.bh : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\Belt.cab/Belt.exe -> Downloader.Stubby.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\zwuup.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024703.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023640.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\zwuum.#xe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007310.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\zwuul.exe -> Downloader.TSUpdate.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024702.exe -> Downloader.TSUpdate.p : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\Installer2.exe -> Dropper.Delf.dj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024679.exe -> Dropper.Delf.dj : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023399.exe -> Dropper.Delf.z : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020594.exe -> Dropper.VB.mz : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023548.dll -> Hijacker.Delf.r : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@iqtv.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@metacafe.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@adserver.71i[1].txt -> TrackingCookie.71i : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@abcsearch[2].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\Cookies\patrick dekker@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp\Cookies\patrick dekker@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@casinodelrio[2].txt -> TrackingCookie.Casinodelrio : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.

dedek
2006-07-01, 13:05
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp\Cookies\patrick dekker@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp\Cookies\patrick dekker@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\Cookies\patrick dekker@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@e-2dj6wflocjc5ibp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@e-2dj6wjlyegazohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@e-2dj6wjnychczoaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@e-2dj6wjnyeodjkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@creatives.internetfuel[2].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\Cookies\patrick dekker@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp\Cookies\patrick dekker@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp\Cookies\patrick dekker@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\Cookies\patrick dekker@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@vegasred[1].txt -> TrackingCookie.Vegasred : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@x10[1].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Cookies\patrick dekker@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp\Cookies\patrick dekker@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp\Cookies\patrick dekker@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Patrick Dekker\Cookies\patrick dekker@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017157.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017177.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017183.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017194.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017200.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017209.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017226.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018228.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018229.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018277.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018284.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018287.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018302.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018340.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018341.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018358.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018359.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018388.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018392.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018398.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018420.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018421.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018429.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018436.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018453.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018459.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018489.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018491.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018497.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018526.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019497.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019949.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019956.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019967.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019968.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020009.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020010.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020020.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020026.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021026.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021037.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021041.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021054.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021057.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021070.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021078.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0022093.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0022129.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023132.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023322.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023333.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023363.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023364.exe -> Trojan.Agent.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020595.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\qm9e6f70.sis -> Worm.Comwar.a : Cleaned with backup (quarantined).


::Report end

dedek
2006-07-01, 13:10
Logfile of HijackThis v1.99.1
Scan saved at 13:04:31, on 29-6-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RaConfig2500USB.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\fp0203doe.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Virtual PDF Printer (Service1) - Unknown owner - C:\Program Files\Virtual PDF Printer\VirtualPrinting.exe


THE POP UP'S KEEP ON COMING!

I feel like I'm taking crazy pills! :laugh:

I am thinking that it might be better to format the computer and start all over again. I don't think I will be able to beat this..

When I make a backup of all my files will they be infected as well?

Let me know if there is still any hope left..

Thanks in advance!

Patrick

teacup61
2006-07-01, 16:07
Hello,

No quitting allowed here!:laugh: We're not done yet.;)

Please download Look2Me-Destroyer.exe to your desktop. http://www.atribune.org/ccount/click.php?id=7

* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis! log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Thanka,
tea

tashi
2006-07-11, 01:09
Still with us dedek?

tashi
2006-07-13, 00:19
This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.