General Chaos

**dedek** · 2006-06-21, 15:16

I am hoping somebody could help me out with my problem. As soon as I start up, about 8 - 12 pop-up's appear with all different kinds of messages. I have run S&D several times and it keeps finding new malware and I keep fixing it without any result. I ran an online analyzer (eTrust) which found the following: (175 infected files!!)

defender23a.exe Win32/Thoog.CJ infected C:\
eied_s7.cab>eied_s7_c_49.exe Win32/SillyDl.FL infected C:\
Trelew.exe Win32/Clspring.EL infected C:\
warebundle.exe Win32/Canbede.M infected C:\
Belt.cab Win32/SillyDl.DE!CAB infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
Belt.cab>Belt.exe Win32/SillyDl.DE infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
Belt.exe Win32/SillyDl.DE infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
bi.cab Win32/BettInet.F!CAB infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
bi.cab>bi.dll Win32/BettInet infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
bi.cab>biprep.exe Win32/BettInet.F infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp\
ceres.cab>ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp\
ceres.dll Win32/BettInet.CF infected C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp\
qm9e6f7_.sis SymbOS/Commwarrior.A infected C:\Documents and Settings\Patrick Dekker\Mijn documenten\Mijn afbeeldingen\538\
windowsxpsp2keygen.rar>crack.exe Win32/Thoog.CX infected C:\Documents and Settings\Patrick Dekker.DEKKER\Bureaublad\
zwuul.exe Win32/SillyDl.NM infected C:\Program Files\Common Files\zwuu\
zwuum.exe Win32/Sasla.A infected C:\Program Files\Common Files\zwuu\
mp4v2.exe Win32/SillyDl.AQR infected C:\Program Files\EphPod\
SnowballWars.exe Win32/Clspring.EL infected C:\Program Files\Snowball Wars\
Dc648.exe Win32/BettInet.CG infected C:\RECYCLER\S-1-5-21-2010540632-3783705919-1771393909-1006\
A0007288.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007304.exe Win32/Thoog.CV infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007305.exe Win32/Thoog.CW infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007306.exe Win32/SillyDl.APN infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007308.exe Win32/NetMon.A infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007309.dll Win32/Acee.A infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007310.exe Win32/SillyDl.XA infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007311.exe Win32/SillyDl.YQ infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007312.exe Win32/SillyDl.YQ infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007313.exe Win32/Thoog.CX infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007314.exe Win32/Thoog.CX infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007315.exe Win32/Thoog.CX infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007316.exe Win32/Thoog.CU infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007317.exe Win32/Acee.A infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007324.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007328.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0007331.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008327.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008330.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008338.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008342.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008351.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008355.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008360.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008367.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0008373.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0009374.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0009375.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0009383.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0009386.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10\
A0010381.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP11\
A0010385.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP11\
A0010390.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010396.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010399.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010401.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010407.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010410.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12\
A0010486.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0010492.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0010497.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0011486.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0011488.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0012483.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0012486.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0013486.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0013488.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14\
A0014485.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP15\
A0014488.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP15\
A0015486.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0015488.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0015493.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0015499.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0015502.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0016496.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0016497.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16\
A0016505.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17\
A0016509.dll Win32/Canbede infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17\
A0016512.exe Win32/SillyDl.AQR infected C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17\
A0017076.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP403\
A0017087.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP405\
A0017110.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP407\
A0017117.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408\
A0017126.exe Win32/BettInet.BL infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408\
A0017157.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408\
A0017177.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP410\
A0017183.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP410\
A0017194.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP411\
A0017200.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP411\
A0017209.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP413\
A0017226.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP413\
A0018228.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP419\
A0018229.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP419\
A0018277.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP420\
A0018284.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421\
A0018287.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421\
A0018302.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421\
A0018340.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP422\
A0018341.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP422\
A0018358.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP423\
A0018359.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP423\
A0018388.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP424\
A0018392.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP425\
A0018398.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP425\
A0018420.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426\
A0018421.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426\
A0018429.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP427\
A0018436.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP427\
A0018453.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP429\
A0018459.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP430\
A0018489.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP430\
A0018491.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431\
A0018497.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431\
A0018499.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431\
A0018522.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP433\
A0018526.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP433\
A0019497.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP434\
A0019500.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP434\
A0019949.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP442\
A0019956.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP442\
A0019960.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP443\
A0019967.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444\
A0019968.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444\
A0019973.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444\
A0020009.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446\
A0020010.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446\
A0020015.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446\
A0020020.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447\
A0020026.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447\
A0020027.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447\
A0021026.exe

( NEXT THREAD ) -->

**dedek** · 2006-06-21, 15:19

Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP448\
A0021031.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449\
A0021037.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449\
A0021041.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449\
A0021046.exe Win32/BettInet.CG infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450\
A0021054.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450\
A0021057.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450\
A0021070.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP454\
A0021078.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP454\
A0022093.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP457\
A0022129.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP461\
A0023132.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP466\
A0023322.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
A0023333.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
A0023363.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
A0023364.exe Win32/BettInet.CI infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
A0023402.exe Win32/BettInet.F infected C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\
winemx32.dll Win32/SillyDl.ANU infected C:\WINDOWS\SYSTEM32\

--------------------------------------------------------------------------

And then I ran Hijack This and it came up with the following:

Logfile of HijackThis v1.99.1
Scan saved at 14:58:05, on 21-6-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\defender23a.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\zwuu\zwuum.exe
C:\PROGRA~1\ASEMBL~1\lsass.exe
C:\PROGRA~1\COMMON~1\zwuu\zwuua.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\DivXCodec\DivX.exe
C:\Documents and Settings\Patrick Dekker.DEKKER\Application Data\?ystem32\l?ass.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [defender] C:\\defender23a.exe
O4 - HKLM\..\Run: [w00670be.dll] RUNDLL32.EXE w00670be.dll,I2 0014d6a4000670be
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Saat] "C:\PROGRA~1\COMMON~1\RACLE~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\Run: [Vxg] C:\DOCUME~1\PATRIC~1.DEK\APPLIC~1\YSTEM3~1\SERINI~1.EXE
O4 - HKCU\..\Run: [zwuu] C:\PROGRA~1\COMMON~1\zwuu\zwuum.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Tetr] "C:\PROGRA~1\ASEMBL~1\lsass.exe" -vt yazr
O4 - HKCU\..\Run: [Dzptmvbq] C:\Documents and Settings\Patrick Dekker.DEKKER\Application Data\?ystem32\l?ass.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RaConfig2500USB.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/8e89cba65e10...d979172_13.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll C:\WINDOWS\system32\ping.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\e2200cfmef2a0.dll
O20 - Winlogon Notify: winemx32 - C:\WINDOWS\SYSTEM32\winemx32.dll

I am an absolute novice in the world of registry and hijack so I would appreciate any help given to assist me in tackling this problem!

Thanks in advance,

Patrick Dekker
The Netherlands

**teacup61** · 2006-06-24, 23:30

Hello Patrick,

Welcome to Safer Networking Forums

Look in your control panel's add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar. Click on it and then click remove.

Reboot and if found, delete this folder:

C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
http://www.outerinfo.com/howto.html
Tutorial for the uninstaller if needed

Reboot when done and if found, delete this folder:

C:\Program Files\[B]PurityScan[/B

Please download Brute Force Uninstaller.
Unzip it to it’s own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\alcanshorty.bfu
Press execute and let it do it’s job.

Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

* Clean your Cache and Cookies in IE:

Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Navigate to your Prefetch folder and empty everything in there. Not the folder itself!

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.

Thanks,
tea

**dedek** · 2006-06-28, 02:51

THANKS FOR THE ADVICE TEACUP!

I have done all the things you mentioned in the post above and still the pop-ups keep herrassing me!

These are the requested log's :

Logfile of HijackThis v1.99.1
Scan saved at 2:44:06, on 28-6-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [w00670be.dll] RUNDLL32.EXE w00670be.dll,I2 0014d6a4000670be
O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RaConfig2500USB.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/8e89cba65e10...d979172_13.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll C:\WINDOWS\system32\ping.dll C:\WINDOWS\system32\regedit.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\azaq0af5ed2.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Virtual PDF Printer (Service1) - Unknown owner - C:\Program Files\Virtual PDF Printer\VirtualPrinting.exe

Log from DrWeb:

cd_clint.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.Cydoor;Incurable.Moved.
Del1.tmp;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.nCase;Incurable.Moved.
Del2.tmp;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.nCase;Incurable.Moved.
Installer2.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.BlazeFind;Incurable.Moved.
msbb.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.nCase;Incurable.Moved.
ncmyb.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.nCase;Incurable.Moved.
omnigate.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.BlazeFind;Incurable.Moved.
__unin__.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp;Adware.Altnet;Incurable.Moved.

**dedek** · 2006-06-28, 02:51

ezstub.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp;Adware.Ezula;Incurable.Moved.
msbb.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp;Adware.nCase;Incurable.Moved.
new_net.exe;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\nsp9EE.tmp;Adware.NewDotNet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp;Adware.BetterInternet;Incurable.Moved.
ceres.dll;C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp;Adware.BetterInternet;Incurable.Moved.
qm9e6f7_.sis;C:\Documents and Settings\Patrick Dekker\Mijn documenten\Mijn afbeeldingen\538;Symbian.Commwar;Incurable.Moved.
p2psetup.exe\data001;C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\p2psetup.exe;Adware.PeerNet;
p2psetup.exe;C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine;Archive contains infected objects;Moved.
qm9e6f7_.sis;C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine;Symbian.Commwar;Incurable.Moved.
sdexe.exe;C:\Documents and Settings\Patrick Dekker.DEKKER\Local Settings\Temp;Adware.ClickSpring;Incurable.Moved.
zwuul.exe;C:\Program Files\Common Files\zwuu;Adware.TargetServer;Incurable.Moved.
zwuum.#xe;C:\Program Files\Common Files\zwuu;Adware.TargetServer;Incurable.Moved.
zwuup.exe;C:\Program Files\Common Files\zwuu;Adware.TargetServer;Incurable.Moved.
zwuuc.dll;C:\Program Files\Common Files\zwuu\zwuud;Adware.TargetServer;Incurable.Moved.
Paint Shop Photo Album [+crack].exe;C:\Program Files\Jasc Software Inc\Paint Shop Pro 7;Trojan.Stom;Deleted.
TopSearch.dll;C:\Program Files\KaZaA Lite;Adware.Altnet;Incurable.Moved.
Paint Shop Photo Album [+crack].exe;C:\Program Files\KaZaA Lite\My Shared Folder;Trojan.Stom;Deleted.
casino.exe;C:\Program Files\WindowsSA;Trojan.DownLoader.9894;Deleted.
Dc648.exe;C:\RECYCLER\S-1-5-21-2010540632-3783705919-1771393909-1006;Adware.BetterInternet;Incurable.Moved.
A0007281.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.WebHancer;Incurable.Moved.
A0007288.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0007304.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.10308;Deleted.
A0007305.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.10206;Deleted.
A0007306.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.10320;Incurable.Moved.
A0007308.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DnsChange;Deleted.
A0007309.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Lc;Incurable.Moved.
A0007310.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.TargetServer;Incurable.Moved.
A0007311.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.5013;Deleted.
A0007312.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.5013;Deleted.
A0007313.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.DollarRevenue;Incurable.Moved.
A0007314.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.DollarRevenue;Incurable.Moved.
A0007315.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.DollarRevenue;Incurable.Moved.
A0007316.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.DollarRevenue;Incurable.Moved.
A0007317.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.8290;Deleted.
A0007320.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.WebHancer;Incurable.Moved.
A0007324.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0007328.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0007331.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0008327.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008330.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0008338.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008342.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0008348.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Zesty;Incurable.Moved.
A0008351.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008355.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008360.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0008365.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.AddUrl;Incurable.Moved.
A0008367.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0008373.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0009374.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0009375.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0009383.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Trojan.DownLoader.9894;Deleted.
A0009386.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP10;Adware.Look2me;Incurable.Moved.
A0010381.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP11;Adware.Look2me;Incurable.Moved.
A0010385.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP11;Trojan.DownLoader.9894;Deleted.
A0010390.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Adware.Look2me;Incurable.Moved.
A0010396.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Trojan.DownLoader.9894;Deleted.
A0010399.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Adware.Look2me;Incurable.Moved.
A0010401.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Adware.Look2me;Incurable.Moved.
A0010407.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Trojan.DownLoader.9894;Deleted.
A0010410.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP12;Adware.Look2me;Incurable.Moved.
A0010486.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0010492.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0010495.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.ClickSpring;Incurable.Moved.
A0010497.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Trojan.DownLoader.9894;Deleted.
A0011486.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Trojan.DownLoader.9894;Deleted.
A0011488.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0012483.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0012486.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Trojan.DownLoader.9894;Deleted.
A0013486.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Trojan.DownLoader.9894;Deleted.
A0013488.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP14;Adware.Look2me;Incurable.Moved.
A0014485.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP15;Trojan.DownLoader.9894;Deleted.
A0014488.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP15;Adware.Look2me;Incurable.Moved.
A0015486.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Trojan.DownLoader.9894;Deleted.
A0015488.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Adware.Look2me;Incurable.Moved.
A0015493.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Adware.Look2me;Incurable.Moved.
A0015499.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Trojan.DownLoader.9894;Deleted.
A0015502.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Adware.Look2me;Incurable.Moved.
A0016496.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Adware.Look2me;Incurable.Moved.
A0016497.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP16;Trojan.DownLoader.9894;Deleted.
A0016505.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0016509.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0016512.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Trojan.DownLoader.9894;Deleted.
A0016518.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.AddUrl;Incurable.Moved.
A0016520.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Zesty;Incurable.Moved.
A0016527.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0016534.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0016542.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Trojan.DownLoader.9894;Deleted.
A0016545.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.ClickSpring;Incurable.Moved.
A0016547.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP17;Adware.Look2me;Incurable.Moved.
A0017537.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Adware.Look2me;Incurable.Moved.
A0017540.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Trojan.DownLoader.9894;Deleted.
A0018539.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Adware.ClickSpring;Incurable.Moved.
A0018540.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Trojan.DownLoader.9894;Deleted.
A0019537.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Adware.Look2me;Incurable.Moved.
A0019540.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Adware.ClickSpring;Incurable.Moved.
A0019541.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP19;Trojan.DownLoader.9894;Deleted.
A0020537.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.Look2me;Incurable.Moved.
A0020540.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Trojan.DownLoader.9894;Deleted.
A0020548.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.Look2me;Incurable.Moved.
A0020551.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.ClickSpring;Incurable.Moved.
A0020552.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Trojan.DownLoader.9894;Deleted.

**dedek** · 2006-06-28, 02:52

A0020594.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.MediaTicket;Incurable.Moved.
A0020595.exe\data002;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20\A0020595.exe;Adware.MediaTicket;
A0020595.exe\data003;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20\A0020595.exe;Adware.ClickSpring;
A0020595.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Archive contains infected objects;Moved.
A0020609.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.Look2me;Incurable.Moved.
A0020615.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Adware.Look2me;Incurable.Moved.
A0020617.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP20;Trojan.DownLoader.9894;Deleted.
A0020621.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0020622.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0020625.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0020632.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.DownLoader.9894;Deleted.
A0020634.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0020643.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.Click.1227;Deleted.
A0020644.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0020646.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.Stubby.113;Deleted.
A0020647.exe\data001;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21\A0020647.exe;Adware.PeerNet;
A0020647.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Archive contains infected objects;Moved.
A0021625.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.Click.1152;Deleted.
A0021633.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0021634.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Trojan.DownLoader.5289;Deleted.
A0022632.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0023630.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0023636.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023638.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023639.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023640.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.TargetServer;Incurable.Moved.
A0023641.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023642.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0023643.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.ClickSpring;Incurable.Moved.
A0024631.dll;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP21;Adware.Look2me;Incurable.Moved.
A0024672.exe\data001;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024672.exe;Adware.PeerNet;
A0024672.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22;Archive contains infected objects;Moved.
A0024673.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22;Trojan.Stom;Deleted.
A0024674.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22;Trojan.Stom;Deleted.
A0024675.exe;C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22;Trojan.DownLoader.9894;Deleted.
A0017076.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP403;Adware.CallingHome;Incurable.Moved.
A0017087.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP405;Adware.CallingHome;Incurable.Moved.
A0017110.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP407;Adware.CallingHome;Incurable.Moved.
A0017117.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408;Adware.CallingHome;Incurable.Moved.
A0017126.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408;Adware.CallingHome;Incurable.Moved.
A0017157.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP408;Adware.CallingHome;Incurable.Moved.
A0017177.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP410;Adware.CallingHome;Incurable.Moved.
A0017183.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP410;Adware.CallingHome;Incurable.Moved.
A0017194.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP411;Adware.CallingHome;Incurable.Moved.
A0017200.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP411;Adware.CallingHome;Incurable.Moved.
A0017209.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP413;Adware.CallingHome;Incurable.Moved.
A0017226.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP413;Adware.CallingHome;Incurable.Moved.
A0018228.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP419;Adware.CallingHome;Incurable.Moved.
A0018229.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP419;Adware.CallingHome;Incurable.Moved.
A0018277.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP420;Adware.CallingHome;Incurable.Moved.
A0018284.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421;Adware.CallingHome;Incurable.Moved.
A0018287.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421;Adware.CallingHome;Incurable.Moved.
A0018302.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP421;Adware.CallingHome;Incurable.Moved.
A0018340.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP422;Adware.CallingHome;Incurable.Moved.
A0018341.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP422;Adware.CallingHome;Incurable.Moved.
A0018358.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP423;Adware.CallingHome;Incurable.Moved.
A0018359.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP423;Adware.CallingHome;Incurable.Moved.
A0018388.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP424;Adware.CallingHome;Incurable.Moved.
A0018392.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP425;Adware.CallingHome;Incurable.Moved.
A0018398.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP425;Adware.CallingHome;Incurable.Moved.
A0018420.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426;Adware.CallingHome;Incurable.Moved.
A0018421.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426;Adware.CallingHome;Incurable.Moved.
A0018428.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP426;Adware.BetterInternet;Incurable.Moved.
A0018429.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP427;Adware.CallingHome;Incurable.Moved.
A0018436.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP427;Adware.CallingHome;Incurable.Moved.
A0018453.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP429;Adware.CallingHome;Incurable.Moved.
A0018459.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP430;Adware.CallingHome;Incurable.Moved.
A0018489.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP430;Adware.CallingHome;Incurable.Moved.
A0018491.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431;Adware.CallingHome;Incurable.Moved.
A0018497.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431;Adware.CallingHome;Incurable.Moved.
A0018499.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP431;Adware.BetterInternet;Incurable.Moved.
A0018522.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP433;Adware.BetterInternet;Incurable.Moved.
A0018526.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP433;Adware.CallingHome;Incurable.Moved.
A0019497.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP434;Adware.CallingHome;Incurable.Moved.
A0019500.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP434;Adware.BetterInternet;Incurable.Moved.
A0019949.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP442;Adware.CallingHome;Incurable.Moved.
A0019956.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP442;Adware.CallingHome;Incurable.Moved.
A0019960.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP443;Adware.BetterInternet;Incurable.Moved.
A0019967.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444;Adware.CallingHome;Incurable.Moved.
A0019968.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444;Adware.CallingHome;Incurable.Moved.
A0019973.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP444;Adware.BetterInternet;Incurable.Moved.
A0020009.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446;Adware.CallingHome;Incurable.Moved.
A0020010.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446;Adware.CallingHome;Incurable.Moved.
A0020015.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP446;Adware.BetterInternet;Incurable.Moved.
A0020020.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447;Adware.CallingHome;Incurable.Moved.
A0020026.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447;Adware.CallingHome;Incurable.Moved.
A0020027.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP447;Adware.BetterInternet;Incurable.Moved.
A0021026.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP448;Adware.CallingHome;Incurable.Moved.
A0021031.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449;Adware.BetterInternet;Incurable.Moved.
A0021037.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449;Adware.CallingHome;Incurable.Moved.
A0021041.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP449;Adware.CallingHome;Incurable.Moved.
A0021046.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450;Adware.BetterInternet;Incurable.Moved.
A0021054.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450;Adware.CallingHome;Incurable.Moved.
A0021057.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP450;Adware.CallingHome;Incurable.Moved.
A0021070.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP454;Adware.CallingHome;Incurable.Moved.
A0021078.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP454;Adware.CallingHome;Incurable.Moved.
A0022093.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP457;Adware.CallingHome;Incurable.Moved.
A0022129.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP461;Adware.CallingHome;Incurable.Moved.
A0023132.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP466;Adware.CallingHome;Incurable.Moved.
A0023322.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.CallingHome;Incurable.Moved.
A0023333.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.CallingHome;Incurable.Moved.
A0023363.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.CallingHome;Incurable.Moved.
A0023364.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.CallingHome;Incurable.Moved.
A0023396.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.SNHelper;Incurable.Moved.
A0023399.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
A0023400.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
A0023401.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
A0023402.exe;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Trojan.Spybi;Deleted.
A0023454.dll;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.SNHelper;Incurable.Moved.
A0023548.dll;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
A0023550.dll;C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468;Adware.BlazeFind;Incurable.Moved.
aza0273mg.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
dn4401hqe.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
dn6601jse.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
dn8801lue.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
en8ol1l31.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
enlml1311.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
enpsl1771.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
fentext.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
gp80l3lm1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
gpn0l35m1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
i006lads1d06.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
j02q0af5ed2.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
jt2407fqe.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
lsass.#ll;C:\WINDOWS\SYSTEM32;Adware.ClickSpring;Incurable.Moved.
ltl0273mg.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mv02l9do1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mv2ml9f11.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mv84l9lq1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mvj8l91u1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
mvn4l95q1.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
ping.#ll;C:\WINDOWS\SYSTEM32;Adware.ClickSpring;Incurable.Moved.
q2ps0c77ef.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
q668lgju16o8.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
regedit.#ll;C:\WINDOWS\SYSTEM32;Adware.ClickSpring;Incurable.Moved.
wY2time.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
xYctsrv.dll;C:\WINDOWS\SYSTEM32;Adware.Look2me;Incurable.Moved.
asappsrv.dll;C:\WINDOWS\UGF0cmljayBIIERla2tlcg;Trojan.Proxy.493;Deleted.

**dedek** · 2006-06-28, 02:53

Any advice on how to beat this?

Hope to hear from you!

Thanks! Patrick

**teacup61** · 2006-06-28, 22:27

Hi Patrick,

We'll beat it, no worries.

Please download, install, and update Ewido anti-spyware

Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [w00670be.dll] RUNDLL32.EXE w00670be.dll,I2 0014d6a4000670be
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/8e89cba65e10...d979172_13.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll C:\WINDOWS\system32\ping.dll C:\WINDOWS\system32\regedit.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\azaq0af5ed2.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Also, delete the following files/folders (if they exist):

w00670be.dll <---search for this one
C:\Program Files\TClock<---this folder
C:\WINDOWS\system32\regedit.dll <---make sure of the exact spelling!
C:\WINDOWS\system32\ping.dll<----same as above
C:\WINDOWS\system32\lsass.dll<---same as above
C:\WINDOWS\system32\azaq0af5ed2.dll

Use Cleanmgr to clean temporary files:

1. Click > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.

In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.

Please post the report from Ewido and a new HijackThis log in your reply. Also let me know how your computer is running now.

Thanks,
tea

**dedek** · 2006-07-01, 12:00

HERE WE GO:

EWIDO ->

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:28:58 29-6-2006

+ Scan result:

C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\Del1.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\Del2.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\msbb.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\msbb___0.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ncmyb.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024680.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024681.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024685.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008365.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016518.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\TopSearch.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024683.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024705.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020015.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021031.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres_09.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres_19.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres_29.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres_39.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__0.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__1.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__2.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__3.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__4.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__5.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__6.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__7.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__8.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ceres__9.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI196.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI1E15.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI2043.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI22FF.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI24D0.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI27AD.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI30DA.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI332B.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5150.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI5986.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI60A1.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI69A8.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI6FC1.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI833.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\THI8A4.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024687.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024688.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024689.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024690.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024691.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024692.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024693.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024694.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024695.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024696.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024697.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024698.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024699.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024700.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024701.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\bi.cab/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\bi.cab/biprep.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023400.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023401.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023550.dll -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\omnigate.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024682.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP468\A0023549.dll -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010495.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0018539.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019540.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020551.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020622.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023638.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\sdexe.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Οracle\wuauboot.#xe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024676.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024677.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024678.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ezstub.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024684.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker\Local Settings\Temp\bar.exe -> Adware.IeSearchBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007324.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0007328.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008327.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008338.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008351.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008355.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0008367.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0009375.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0009386.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010381.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010390.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010399.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010401.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010410.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010486.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0010492.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0011488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0012483.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0013488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0014488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0015488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0015493.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0015502.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016496.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016505.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016509.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016527.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016534.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0016547.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0017537.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0019537.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020537.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020548.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020609.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020615.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020625.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020634.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0020644.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0021633.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0022632.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0023630.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\A0024631.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\aza0273mg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\dn4401hqe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\dn6601jse.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\dn8801lue.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\en8ol1l31.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\enlml1311.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\enpsl1771.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\fentext.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\gp80l3lm1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\gpn0l35m1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

**dedek** · 2006-07-01, 12:03

C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\i006lads1d06.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\j02q0af5ed2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\jt2407fqe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\ltl0273mg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mv02l9do1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mv2ml9f11.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mv84l9lq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mvj8l91u1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\mvn4l95q1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\q2ps0c77ef.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\q668lgju16o8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\wY2time.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Patrick Dekker.DEKKER\DoctorWeb\Quarantine\xYctsrv.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024707.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024708.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024709.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024710.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024711.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024712.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024713.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024714.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024715.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024716.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024717.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024718.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024719.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024720.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024721.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024722.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024723.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024724.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024725.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024726.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024727.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024728.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024729.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024731.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024736.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024745.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP22\A0024753.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP23\A0024773.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP23\A0024788.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP25\A0024925.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP25\A0025002.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0025020.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0025030.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0025059.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0026078.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0026082.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B7683D1-2EAE-4E15-9268-B369E1C63FDD}\RP26\A0026088.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\bjackbox.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\oPkley.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[696] C:\WINDOWS\system32\muc42u.dll -> Adware.Look2Me : Error during cleaning.
[812] C:\WINDOWS\system32\muc42u.dll -> Adware.Look2Me : Error during cleaning.

Thread: General Chaos

Thread Tools

Display

General Chaos

Part 2 Complete Chaos

still chaos

sigh

...

...

Posting Permissions

Thread: General Chaos

Thread Tools

Display

General Chaos

Part 2 Complete Chaos

still chaos

*sigh*

...

...

Posting Permissions

sigh