svchost.exe what is this! Am i in danger?[home PC without Internet]

Welcome Guest ( Login | Register )

Recent Posts

Home » Windows & System Security » HiJack This Logs » svchost.exe what is this! Am i in...

svchost.exe what is this! Am i in...

Rate Topic

Display Mode

Topic Options

Author

Message

sha_eddie

Posted 5/13/2008 5:12 AM

New Member

Group: Forum Members
Last Login: 7/10/2008 9:00 PM
Posts: 44, Visits: 63

Help me out to encounter something, my USB disk security always detect svchost your pc under risk....here the hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:43 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\winlogon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\SVIQ.EXE
C:\WINDOWS\dc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\nvchost.exe
O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6800 bytes

thanks bro!

OverQuantize

Post #239363

RichieUK

Posted 5/13/2008 7:26 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Welcome

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

* You might want to print/copy the following as you need to be in Safe Mode from here on.

* Please then reboot your computer into Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

If you have previously downloaded ComboFix,please delete that version now.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall

Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

_______________________________________________________________

ASAP & UNITE member since 2006

Post #239370

sha_eddie

Posted 5/14/2008 8:33 PM

New Member

Group: Forum Members
Last Login: 7/10/2008 9:00 PM
Posts: 44, Visits: 63

ComboFix 08-05-12.1 - Admin 2008-05-14 13:38:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.563 [GMT -7:00]
Running from: C:\Documents and Settings\Admin\desktop\ComboFix.exe
Command switches used :: /killall
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Application Data\inst.exe
C:\Documents and Settings\Admin\Desktop\sha\ISO\_desktop.ini
C:\WINDOWS\dc.exe
C:\WINDOWS\help\Other.exe
C:\WINDOWS\inf\Other.exe
C:\WINDOWS\sviq.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\system32\config\Win.exe
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\Penx.dat
C:\WINDOWS\system32\WinSit.exe
C:\WINDOWS\system32\Xpen.dat

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 13:29 . 2008-05-14 13:29 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-14 13:29 . 2008-05-14 13:29 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-05-14 13:23 . 2008-05-14 13:23 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-14 13:17 . 2008-05-14 13:31 <DIR> d-------- C:\SDFix
2008-05-13 12:00 . 2008-05-13 12:00 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-05-11 20:52 . 2008-05-11 20:52 <DIR> d-------- C:\Program Files\directx
2008-05-11 20:52 . 2008-05-11 20:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\ArcSoft
2008-05-11 20:52 . 1998-09-02 01:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-05-11 20:52 . 1998-08-26 21:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-05-11 20:52 . 1998-08-20 04:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-05-11 20:52 . 1998-09-02 01:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-05-11 20:52 . 1998-09-02 01:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-05-11 20:52 . 1998-08-17 02:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-05-11 20:52 . 1998-08-17 02:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-05-11 20:52 . 1998-08-17 02:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-05-11 20:52 . 2008-05-11 20:52 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-05-11 20:52 . 2008-05-11 20:52 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-05-11 20:51 . 2008-05-11 20:51 <DIR> d-------- C:\Program Files\ArcSoft
2008-05-11 20:51 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2008-05-11 20:51 . 2001-10-16 11:23 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2008-05-11 20:51 . 2001-06-07 16:27 21 --a------ C:\WINDOWS\CS_setup.ini
2008-05-11 18:15 . 2000-12-12 19:21 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2
2008-05-11 18:15 . 2000-12-04 18:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2008-05-11 18:15 . 1999-09-22 00:18 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2
2008-05-11 18:15 . 2005-06-27 03:37 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2008-05-11 18:15 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE
2008-05-11 18:15 . 2005-07-07 02:26 5,627 -ra------ C:\WINDOWS\system32\Ludap17.ini
2008-05-11 18:15 . 2005-03-07 23:14 39 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-05-11 18:11 . 2008-05-11 18:11 29 --a------ C:\WINDOWS\sfbm.INI
2008-05-11 00:20 . 2007-07-20 14:30 14,208 --a------ C:\WINDOWS\system32\drivers\voxthing.sys
2008-05-10 23:32 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-10 23:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-10 23:32 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-10 23:28 . 2008-05-10 23:30 <DIR> d-------- C:\Program Files\Winamp
2008-05-10 23:28 . 2008-05-10 23:29 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-05-10 23:17 . 2008-05-10 23:18 <DIR> d-------- C:\InDesignCS2_Setup
2008-05-09 23:24 . 2008-05-11 21:21 <DIR> d-------- C:\Recording
2008-05-08 23:02 . 2008-05-08 23:03 <DIR> d-------- C:\Program Files\Hamster Ball
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Program Files\DiskTrix
2008-05-08 20:25 . 2008-05-08 20:25 <DIR> d-------- C:\Program Files\inKline Global
2008-05-03 00:44 . 2008-05-03 00:44 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-03 00:44 . 2008-05-03 00:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 00:44 . 2008-05-03 00:44 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-03 00:44 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-03 00:35 . 2008-05-08 22:05 65,552 --a------ C:\WINDOWS\system32\KeOS386.DLL
2008-05-02 13:44 . 2008-05-04 00:39 <DIR> d-------- C:\Program Files\PC Washer
2008-05-02 13:40 . 2008-05-02 13:40 <DIR> d-------- C:\Program Files\USB Disk Security
2008-05-02 13:37 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-05-02 13:37 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-05-02 13:37 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-05-02 13:37 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-05-02 13:36 . 2008-05-02 13:37 <DIR> d-------- C:\Program Files\VSO
2008-05-02 13:36 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-05-02 13:36 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-05-02 13:36 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-05-02 12:55 . 2008-05-02 12:55 <DIR> d-------- C:\Program Files\MP3 Player Utilities 3.5.02
2008-05-02 12:55 . 2005-11-09 02:57 9,277 -ra------ C:\WINDOWS\AmvTransform.ini
2008-05-02 12:55 . 2005-10-20 23:32 8,913 -ra------ C:\WINDOWS\fwupgrade.ini
2008-05-02 12:55 . 2005-09-15 02:40 8,157 -ra------ C:\WINDOWS\AmvPlayer.ini
2008-05-02 12:55 . 2005-10-20 23:24 7,454 -ra------ C:\WINDOWS\Disktool.INI
2008-05-02 12:55 . 2004-05-11 22:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2008-05-02 12:55 . 2005-09-14 20:28 170 -ra------ C:\WINDOWS\settings.ini
2008-05-01 23:06 . 2008-05-01 23:06 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-05-01 17:52 . 2008-05-01 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-01 17:51 . 2008-05-01 17:51 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-01 17:50 . 2008-05-10 23:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-01 16:51 . 2008-05-01 16:51 <DIR> d-------- C:\Program Files\PT Atlantis Programma Prima
2008-05-01 16:51 . 2008-05-01 16:51 <DIR> d-------- C:\Program Files\COD10
2008-05-01 16:50 . 2004-09-02 22:32 269,824 --a------ C:\WINDOWS\uninst.exe
2008-05-01 16:49 . 2008-05-01 16:49 <DIR> d-------- C:\Program Files\OpenSys
2008-05-01 16:49 . 2008-05-01 16:49 <DIR> d-------- C:\Program Files\Common Files\OpenSys
2008-05-01 16:49 . 1998-06-26 20:22 205,848 --a------ C:\WINDOWS\system32\Threed32.ocx
2008-05-01 16:49 . 1997-07-19 16:01 196,880 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-05-01 13:43 . 2008-05-01 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-01 13:43 . 2008-05-01 13:43 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TuneUp Software
2008-05-01 13:38 . 2008-05-01 13:38 <DIR> d-------- C:\Program Files\Arturia
2008-05-01 13:38 . 2003-02-24 17:27 151,552 --a------ C:\WINDOWS\system32\FDlg.dll
2008-05-01 13:33 . 2008-05-01 13:33 <DIR> d-------- C:\Program Files\Total Video Converter
2008-05-01 13:23 . 2008-05-01 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-01 13:21 . 2008-05-12 19:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 13:14 . 2008-05-01 13:14 <DIR> d-------- C:\Program Files\SpectralDesign
2008-05-01 13:12 . 2008-05-01 13:12 <DIR> d-------- C:\Program Files\YAMAHA
2008-05-01 13:09 . 2008-05-13 11:54 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-05-01 12:33 . 2008-05-01 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-01 12:31 . 2008-05-01 12:31 <DIR> d-------- C:\Program Files\VOB
2008-05-01 12:31 . 2002-08-28 11:09 611,840 --a------ C:\WINDOWS\system32\vobhw.dll
2008-05-01 12:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 12:31 . 2002-09-26 17:34 153,088 --a------ C:\WINDOWS\system32\IWUninstall.exe
2008-05-01 12:31 . 2000-04-27 12:31 19,456 --a------ C:\WINDOWS\system32\asapi.dll
2008-05-01 12:31 . 2002-04-17 20:27 11,264 --a------ C:\WINDOWS\system32\drivers\asapi.sys
2008-05-01 12:30 . 2008-05-01 12:30 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-05-01 12:28 . 2008-05-01 12:28 <DIR> d-------- C:\Program Files\Nomad Factory
2008-05-01 12:28 . 2003-03-18 20:04 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-05-01 12:28 . 2003-03-18 20:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-05-01 12:05 . 2008-05-01 12:05 <DIR> d-------- C:\Program Files\Native Instruments
2008-05-01 12:05 . 2004-09-30 13:13 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-05-01 11:48 . 2008-05-13 14:27 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-01 11:08 . 2008-05-01 11:08 <DIR> d-------- C:\Program Files\Bome's Mouse Keyboard
2008-05-01 11:08 . 2008-05-01 11:08 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Propellerhead Software
2008-05-01 10:52 . 2008-05-01 10:54 <DIR> d-------- C:\Audio
2008-05-01 10:52 . 2008-05-13 13:51 32 --a------ C:\WINDOWS\system32\w3data.vss
2008-05-01 10:52 . 2008-05-13 13:51 32 --a------ C:\WINDOWS\msocreg32.dat
2008-05-01 10:51 . 2008-05-01 14:16 <DIR> d-------- C:\Program Files\IK Multimedia
2008-05-01 10:51 . 2008-05-01 10:51 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-05-01 10:51 . 2006-11-27 12:29 189 --a------ C:\WINDOWS\system32\.MySCMServerInfo
2008-05-01 10:47 . 2008-05-01 10:47 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Steinberg
2008-05-01 10:43 . 2008-05-01 12:29 <DIR> d-------- C:\Program Files\Steinberg
2008-05-01 10:43 . 2005-06-04 09:08 487,936 --a------ C:\WINDOWS\system32\rmbe3260.dll
2008-05-01 10:43 . 2005-06-04 09:09 352,768 --a------ C:\WINDOWS\system32\pngu3263.dll
2008-05-01 10:43 . 2005-06-04 09:09 131,072 --a------ C:\WINDOWS\system32\pneng50.dll
2008-05-01 10:43 . 2005-06-04 09:09 130,560 --a------ C:\WINDOWS\system32\pnc3250.dll
2008-05-01 10:43 . 2005-06-04 09:08 87,040 --a------ C:\WINDOWS\system32\ra32sipr.dll
2008-05-01 10:43 . 2005-06-04 09:11 85,504 --a------ C:\WINDOWS\system32\encdnet.dll
2008-05-01 10:43 . 2005-06-04 09:09 81,920 --a------ C:\WINDOWS\system32\ra3214_4.dll
2008-05-01 10:43 . 2005-06-04 09:09 72,704 --a------ C:\WINDOWS\system32\ra3228_8.dll
2008-05-01 10:43 . 2005-06-04 09:09 61,952 --a------ C:\WINDOWS\system32\decdnet.dll
2008-05-01 10:43 . 2005-06-04 09:09 21,504 --a------ C:\WINDOWS\system32\ra32dnet.dll
2008-05-01 10:41 . 2008-05-01 10:41 <DIR> d-------- C:\Program Files\Syncrosoft
2008-05-01 10:41 . 2005-02-01 04:34 700,416 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-05-01 10:41 . 2004-05-11 00:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-05-01 10:41 . 2003-08-01 05:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-05-01 10:41 . 2003-05-27 00:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-05-01 10:41 . 2003-05-27 00:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-05-01 10:41 . 2002-11-25 17:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-05-01 10:41 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 07:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-01 07:25 --------- d-----w C:\Program Files\Utilities
2008-05-01 07:25 --------- d-----w C:\Program Files\nLite
2008-03-05 23:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 23:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 23:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 22:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 22:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2006-11-29 13:26 28,160 ----a-w C:\WINDOWS\inf\MEDIAINF\myokent.dll
.

------- Sigcheck -------

2007-01-05 23:31 360576 e7dfcffa380749b8626ad71e8f367dcb C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-04 19:30 1253376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 11:49 36352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [2008-04-01 15:10 798720]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"P17Helper"="P17.dll" [2005-05-03 04:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-04 19:30 1253376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-03 21:00 388608 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-05-01 17:51:29 25214]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuPinnedList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuPinnedList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"MIDI1"= myokent.dll
"MIDI2"= myokent.dll
"MIDI3"= myokent.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 20:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 20:39]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 21:00]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 voxthing;Voice Thing service;C:\WINDOWS\system32\drivers\voxthing.sys [2007-07-20 14:30]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 00:44]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar]
C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s C:\VAIO\.\vshellext.dll
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 07:44:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 13:40:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2008-05-14 13:41:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 20:41:41

Pre-Run: 70,728,728,576 bytes free
Post-Run: 70,719,471,616 bytes free

262

SDFix: Version 1.182
Run by Admin on Wed 05/14/2008 at 01:26 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\nvchost.exe - Deleted
C:\WINDOWS\winlogon.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 13:30:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 21 Jul 2002       418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Thu 18 Jul 2002       390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002       574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Mon 19 Aug 2002       430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Mon 22 Jul 2002       390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002       399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002       388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002       388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Sun 1 Dec 2002       431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002       388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Sun 9 Mar 2008         1,536 A..H. --- "C:\Documents and Settings\All Users\Desktop\KEYGENS FOR PROGRAMS\Antares VoiceThing 1.0\Softwrap.dll"
Sun 9 Mar 2008         1,536 A..H. --- "C:\Documents and Settings\All Users\Desktop\KEYGENS FOR PROGRAMS\vst\Antares VoiceThing 1.0\Softwrap.dll"

Finished!

OverQuantize

Post #239466

RichieUK

Posted 5/15/2008 2:40 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Post the new Hijackthis log as requested if you will.

_______________________________________________________________

ASAP & UNITE member since 2006

Post #239470

sha_eddie

Posted 5/15/2008 8:20 PM

New Member

Group: Forum Members
Last Login: 7/10/2008 9:00 PM
Posts: 44, Visits: 63

Sorry! Here it is

Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46, on 2008-05-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6559 bytes

OverQuantize

Post #239536

RichieUK

Posted 5/16/2008 2:47 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Please download/install Avira AntiVir Personal - FREE Antivirus:
http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.

Download and scan with CCleaner:
http://www.ccleaner.com/downloadbuilds.asp
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.

In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "Exit" when done.

Download\install 'SuperAntiSpyware Free Version Home Users' from here:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
If you encounter any error messages while downloading the updates,manually download them from Here.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

_______________________________________________________________

ASAP & UNITE member since 2006

Post #239544

sha_eddie

Posted 5/16/2008 10:06 PM

New Member

Group: Forum Members
Last Login: 7/10/2008 9:00 PM
Posts: 44, Visits: 63

Avira AntiVir Personal
Report file date: 2008-05-14 19:21

Scanning for 1165085 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    PAL

Version information:
BUILD.DAT     : 8.1.00.295      16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes 2008-03-18 18:02:56
AVSCAN.DLL    : 8.1.1.0         53505 Bytes 2008-02-07 17:43:37
LUKE.DLL      : 8.1.2.9        151809 Bytes 2008-02-28 17:41:23
LUKERES.DLL   : 8.1.2.1         12033 Bytes 2008-02-21 17:28:40
ANTIVIR0.VDF : 6.40.0.0     11030528 Bytes 2007-07-18 19:33:34
ANTIVIR1.VDF : 7.0.3.2       5447168 Bytes 2008-03-07 22:08:58
ANTIVIR2.VDF : 7.0.3.62       337408 Bytes 2008-03-21 04:12:34
ANTIVIR3.VDF : 7.0.3.68        57856 Bytes 2008-03-25 17:27:50
Engineversion : 8.1.0.28
AEVDF.DLL     : 8.1.0.5        102772 Bytes 2008-02-25 18:58:21
AESCRIPT.DLL : 8.1.0.19       229754 Bytes 2008-04-08 00:34:44
AESCN.DLL     : 8.1.0.12       115060 Bytes 2008-04-08 00:34:44
AERDL.DLL     : 8.1.0.19       418164 Bytes 2008-04-08 00:34:44
AEPACK.DLL    : 8.1.1.0        364918 Bytes 2008-03-18 20:20:42
AEOFFICE.DLL : 8.1.0.15       192889 Bytes 2008-04-08 00:34:44
AEHEUR.DLL    : 8.1.0.15      1147253 Bytes 2008-04-08 00:34:44
AEHELP.DLL    : 8.1.0.11       115061 Bytes 2008-04-08 00:34:43
AEGEN.DLL     : 8.1.0.15       299379 Bytes 2008-04-08 00:34:43
AEEMU.DLL     : 8.1.0.5        430450 Bytes 2008-04-08 00:34:43
AECORE.DLL    : 8.1.0.25       168309 Bytes 2008-04-08 18:58:32
AVWINLL.DLL   : 1.0.0.7         14593 Bytes 2008-01-24 02:07:53
AVPREF.DLL    : 8.0.0.1         25857 Bytes 2008-02-18 19:37:50
AVREP.DLL     : 7.0.0.1        155688 Bytes 2007-04-16 22:26:47
AVREG.DLL     : 8.0.0.0         30977 Bytes 2008-01-24 02:07:49
AVARKT.DLL    : 1.0.0.23       307457 Bytes 2008-02-12 17:29:23
AVEVTLOG.DLL : 8.0.0.11       114945 Bytes 2008-02-28 17:31:31
SQLITE3.DLL   : 3.3.17.1       339968 Bytes 2008-01-23 02:28:02
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes 2008-01-24 02:08:39
NETNT.DLL     : 8.0.0.1          7937 Bytes 2008-01-25 21:05:10
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes 2008-03-10 23:37:25
RCTEXT.DLL    : 8.0.32.0        86273 Bytes 2008-03-06 21:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-05-14 19:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'USBGuard.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'cledx.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!
Master boot sector HD1
      [INFO]      No virus was found!
Master boot sector HD2
      [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!
Boot sector 'D:\'
      [INFO]      No virus was found!
Boot sector 'E:\'
      [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\inf\Other.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '4893a1d8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\WinSit.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '4899a1ce.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\config\Win.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '4899a1d0.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/nvchost.exe
      [DETECTION] Is the Trojan horse TR/Agent.aap.3
--> backups/winlogon.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Agent.KJ.20
      [NOTE]      The file was moved to '488ea1da.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP30\A0004314.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1ab.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP30\A0004315.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1ae.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP30\A0004316.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1b1.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP30\A0004317.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1b2.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004330.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1b6.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004331.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1bd.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004332.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1c0.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004333.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1c2.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004337.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1c4.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004338.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1c5.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004339.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1c7.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004347.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1c9.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004348.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1cb.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP31\A0004350.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1cd.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004397.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1d6.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004398.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1d8.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004399.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1db.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004400.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1dd.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004403.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1df.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004405.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1e0.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004406.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1f0.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004413.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1f2.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004414.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1f7.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004415.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61358.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004416.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1f9.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004425.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6135a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004426.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1f8.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004427.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61359.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004431.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1fa.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004432.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6135b.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004439.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1fb.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004440.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6135c.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004441.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1fd.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004479.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1fc.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004480.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6135e.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004486.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1ff.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004487.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a0.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004488.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba201.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004489.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6135d.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004502.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba1fe.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004503.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6135f.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004504.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61361.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004505.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a2.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004509.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba203.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004510.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a4.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP34\A0004511.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba205.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004520.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a6.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004521.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba207.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004522.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba200.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004523.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a1.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004527.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba202.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004528.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a3.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004529.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a8.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004535.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba209.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004536.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610aa.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004537.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba204.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004538.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a5.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004542.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba206.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004543.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a7.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP35\A0004544.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba20b.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004733.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ac.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004734.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba208.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004735.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610a9.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004736.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba20a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004752.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba20d.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004753.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ae.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004754.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ab.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004755.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba20c.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004758.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ad.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004759.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba20e.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004760.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba20f.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004770.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b0.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004771.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba211.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004772.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b2.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004773.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610af.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004777.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba210.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004778.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b1.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004779.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba212.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004785.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b3.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004788.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba213.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004789.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b4.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004791.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba214.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004792.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b5.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004794.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba216.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004796.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b7.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004799.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba215.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004802.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b6.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004803.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba218.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004805.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b9.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004808.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba21a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004809.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba217.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004812.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610b8.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004813.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba219.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004816.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610bb.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004818.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba21c.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004822.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610bd.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004824.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ba.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004826.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba21b.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004827.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610bc.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004828.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba21d.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004830.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba21e.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004832.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610bf.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004836.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610be.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004842.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba21f.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004845.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba260.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004847.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610c1.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004852.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba262.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004879.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61080.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004880.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610c3.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004881.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba264.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004882.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610c5.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004885.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba266.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004888.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba221.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004889.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61082.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004892.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba223.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004894.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610c7.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004895.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba268.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004901.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61084.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004902.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba225.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004903.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610c9.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004904.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba26a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004905.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610cb.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004907.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba26c.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004908.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61086.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004910.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba227.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004913.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba220.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004917.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61081.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004919.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba222.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004920.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61088.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004921.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba229.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004922.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6108a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004923.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba22b.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004924.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61083.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004926.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba224.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004928.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6108c.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004929.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba22d.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004930.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6108e.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004931.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61085.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004932.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba226.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004933.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61087.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004934.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba228.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004935.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba22f.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004938.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61090.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004947.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61089.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004948.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba22a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004949.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6108b.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP37\A0004950.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba231.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP39\A0005308.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61092.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP39\A0005309.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba22e.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP39\A0005310.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6108f.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP39\A0005311.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba230.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP39\A0005315.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61091.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP39\A0005316.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba233.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP39\A0005317.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61094.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005411.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba235.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005412.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61096.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005413.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba237.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005414.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba234.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005417.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61095.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005419.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba236.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005430.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61097.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005431.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61098.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005432.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba239.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005433.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6109a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005437.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba238.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005438.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61099.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005439.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba23a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005459.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba23b.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005460.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6109c.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005461.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba23d.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP42\A0005463.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6109e.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP43\A0005472.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba23f.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP43\A0005473.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e0.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP43\A0005474.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba241.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP43\A0005475.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e2.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP43\A0005479.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6109b.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005578.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba23c.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005579.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba243.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005580.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e4.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005581.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba245.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005597.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e6.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005598.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba23e.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005599.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6109f.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005600.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610cd.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005604.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba247.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005605.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e8.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005606.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba249.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005615.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba240.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005616.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e1.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005617.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba242.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005618.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e3.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005621.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ea.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005626.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba24b.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005627.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ec.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005628.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba24d.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005629.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba244.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005630.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e5.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005631.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba246.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005633.exe
      [DETECTION] Is the Trojan horse TR/Agent.aap.3
      [NOTE]      The file was moved to '49c610e7.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005634.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Agent.KJ.20
      [NOTE]      The file was moved to '49c610ee.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005638.exe
      [DETECTION] Is the Trojan horse TR/Agent.aap.3
      [NOTE]      The file was moved to '485ba24f.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005640.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Agent.KJ.20
      [NOTE]      The file was moved to '49c610f0.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005674.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba248.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005675.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba251.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005676.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610f2.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP44\A0005678.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba253.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP45\A0005685.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610e9.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP45\A0005686.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba24a.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP45\A0005687.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610eb.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP45\A0005688.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610f4.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP45\A0005689.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba255.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP45\A0005690.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba24c.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP45\A0005691.EXE
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ed.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005829.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba24e.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005830.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610ef.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005831.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610f6.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005832.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba257.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005833.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610f8.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005834.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba250.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005835.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c610f1.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005836.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba252.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005876.exe
      [DETECTION] Contains detection pattern of the dropper DR/Tool.CloseApp.A.5
      [NOTE]      The file was moved to '49c610f3.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005877.exe
      [DETECTION] Is the Trojan horse TR/Keygen.AO
      [NOTE]      The file was moved to '485ba259.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005878.exe
      [DETECTION] Is the Trojan horse TR/Keygen.AO
      [NOTE]      The file was moved to '49c610fa.qua'!
C:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005879.exe
      [DETECTION] Is the Trojan horse TR/DelAll.Q.2
      [NOTE]      The file was moved to '485ba25b.qua'!
Begin scan in 'D:\'
D:\nor_maklong\Removable Disk (G)\autorun.inf
      [DETECTION] Contains detection pattern of the VBS script virus VBS/IETitle.A
      [NOTE]      The file was moved to '489fa356.qua'!
D:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005880.inf
      [DETECTION] Contains detection pattern of the VBS script virus VBS/IETitle.A
      [NOTE]      The file was moved to '485ba343.qua'!
Begin scan in 'E:\'
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005837.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d0.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005838.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61171.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005839.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d2.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005840.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d1.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005841.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61172.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005842.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d3.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005843.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61174.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005844.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61173.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005845.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d4.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005846.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61175.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005847.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d6.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005848.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d5.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005849.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61176.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005850.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d7.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005851.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61178.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005852.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61177.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005853.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d8.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005854.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61179.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005855.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3da.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005856.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3d9.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005857.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6117a.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005858.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3db.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005859.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6117b.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005860.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3dc.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005861.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6117d.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005862.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3de.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005863.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6117c.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005864.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3dd.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005865.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6117e.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005866.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba3df.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005867.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c6117f.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005868.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '485ba320.qua'!
E:\System Volume Information\_restore{E0F2DC9D-D381-4410-99DC-0D176B4ABAD0}\RP47\A0005869.exe
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.21
      [NOTE]      The file was moved to '49c61181.qua'!

End of the scan: 2008-05-14 19:45
Used time: 23:12 min

The scan has been done completely.

   5081 Scanning directories
105053 Files were scanned
    265 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
    264 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
104788 Files not concerned
    670 Archives were scanned
      2 Warnings
    264 Notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46, on 2008-05-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7838 bytes

OverQuantize

Post #239602

RichieUK

Posted 5/17/2008 3:39 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Copy and paste the contents of the SuperAntiSpyware report into your next reply as requested.
Also let me know how your pc is running now.

_______________________________________________________________

ASAP & UNITE member since 2006

Post #239609

sha_eddie

Posted 5/19/2008 10:05 PM

New Member

Group: Forum Members
Last Login: 7/10/2008 9:00 PM
Posts: 44, Visits: 63

My PC running good now! No threat detected

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2008 at 07:07 PM

Application Version : 4.0.1154

Core Rules Database Version : 3462
Trace Rules Database Version: 1453

Scan type : Quick Scan
Total Scan Time : 00:08:10

Memory items scanned      : 378
Memory threats detected   : 0
Registry items scanned    : 333
Registry threats detected : 0
File items scanned        : 3813
File threats detected     : 41

Trojan.Net-Dungcoi
C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\NADA SURF\NADA SURF.EXE
C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\SHA\SHA.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYGENS FOR PROGRAMS\PC WASHER\PC WASHER V1.2.6\CRACK\CRACK.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYGENS FOR PROGRAMS\PC WASHER\PC WASHER V1.2.6\GET 'EM ALL ™\GET 'EM ALL ™.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYGENS FOR PROGRAMS\PC WASHER\PC WASHER V1.2.6\PC WASHER V1.2.6.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYGENS FOR PROGRAMS\PC WASHER\PC WASHER.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYGENS FOR PROGRAMS\TUNE UP UTILITIES 2008\KEYGEN\KEYGEN.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYGENS FOR PROGRAMS\TUNE UP UTILITIES 2008\TUNE UP UTILITIES 2008.EXE
E:\ALL ABOUT DAMIA\BABY RESOURCE\BEGINNING TO WALK\BEGINNING TO WALK.EXE
E:\ALL ABOUT DAMIA\BABY RESOURCE\CRAWLER\CRAWLER.EXE
E:\ALL ABOUT DAMIA\BABY RESOURCE\INDEPENDENT SITTER\INDEPENDENT SITTER.EXE
E:\ALL ABOUT DAMIA\BABY RESOURCE\SUPPORTED SITTER\SUPPORTED SITTER.EXE
E:\ALL ABOUT DAMIA\BABY RESOURCE\TODDLER\TODDLER.EXE
E:\ALL ABOUT DAMIA\BABY RESOURCE\TOUCH J&J\TOUCH J&J.EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (18)\NEW FOLDER (18).EXE
E:\ALL ABOUT DAMIA\SHA\ANNUAL DINNER AT SINGAPORE 2007\ANNUAL DINNER AT SINGAPORE 2007.EXE
E:\ALL ABOUT DAMIA\SHA\DAMIA\DAMIA.EXE
E:\ALL ABOUT DAMIA\SHA\HP\HP.EXE
E:\ALL ABOUT DAMIA\SHA\MAKCIK\MAKCIK.EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (20)\NEW FOLDER (20).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (11)\NEW FOLDER (11).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (10)\NEW FOLDER (10).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (13)\NEW FOLDER (13).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (12)\NEW FOLDER (12).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (15)\NEW FOLDER (15).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (14)\NEW FOLDER (14).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (17)\NEW FOLDER (17).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (16)\NEW FOLDER (16).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (19)\NEW FOLDER\NEW FOLDER.EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (19)\NEW FOLDER (19).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER\NEW FOLDER.EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (4)\NEW FOLDER (4).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (5)\NEW FOLDER (5).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (2)\NEW FOLDER (2).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (3)\NEW FOLDER (3).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (6)\NEW FOLDER (6).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (7)\NEW FOLDER (7).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (8)\NEW FOLDER (8).EXE
E:\ALL ABOUT DAMIA\SHA\NEW FOLDER (9)\NEW FOLDER (9).EXE
E:\SHA'S FILE\SAMPLE LETTERS\SAVE.EXE
E:\ZUL LYRIC\BEHRINGER VSTI AMP\BEHRINGER VSTI AMP.EXE

OverQuantize

Post #239768

RichieUK

Posted 5/20/2008 2:27 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Restart your pc.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Your log is clean,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.

You should now take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/tutorial82.html

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm

Hardening Windows Security - Part 1:
http://www.malwarehelp.org/Malware-Prevention-Hardening-Windows-Security1.html

Hardening Windows Security - Part 2:
http://www.malwarehelp.org/malware-prevention-hardening-windows-security2.html

_______________________________________________________________

ASAP & UNITE member since 2006

Post #239776

« Prev Topic | Next Topic »

All times are GMT -6:00, Time now is 6:26am