Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

P2p Virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 klun0023

klun0023

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 29 July 2007 - 08:11 PM

Hi,

I ran norton recenlty and it told me I have the w32sillyp2p virus. How do I get rid fo it? Here is my hijackthis info. Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:21 PM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\OSD\OSD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Documents and Settings\Lauren Klun\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\OSD\OSD.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Office-Web Mouse.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181265302758
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181281974523
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.cars.csom.umn.edu/viewer/active...tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 10208 bytes

BC AdBot (Login to Remove)

 


m

#2 klun0023

klun0023
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 30 July 2007 - 10:40 PM

i installed combofix and ran it here it the log. Thanks!

ComboFix 07-07-31 - "Lauren Klun" 2007-07-30 22:31:28.1 [GMT -5:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))


2007-07-30 22:30 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 19:41 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-29 19:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-19 23:49 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-19 23:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-19 22:53 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\Download Manager
2007-07-18 20:24 524,288 --a------ C:\WINDOWS\system32\MousePage.dll
2007-07-18 20:24 33,049 --a------ C:\WINDOWS\system32\drivers\HidMouse.sys
2007-07-18 20:24 110,592 --a------ C:\WINDOWS\system32\Hook.dll
2007-07-18 20:24 1,089,536 --a------ C:\WINDOWS\system32\XWheel.dll
2007-07-18 20:24 <DIR> d-------- C:\Program Files\Keyboard-Mouse-Set
2007-07-09 12:39 <DIR> d-------- C:\Program Files\Photodex Presenter
2007-07-09 12:39 <DIR> d-------- C:\Program Files\Photodex
2007-07-09 12:16 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-07-09 12:16 156,160 --a------ C:\WINDOWS\system32\unrar3.dll
2007-07-09 12:16 <DIR> d-------- C:\Program Files\TUGZip
2007-07-07 20:09 <DIR> d-------- C:\Program Files\Picasa2
2007-07-07 20:09 <DIR> d-------- C:\Program Files\Google
2007-07-04 17:06 <DIR> d-------- C:\Program Files\InterActual
2007-07-01 19:53 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\acccore
2007-07-01 19:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-07-01 19:51 <DIR> d-------- C:\Program Files\iPod
2007-07-01 19:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-01 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-01 19:46 <DIR> d-------- C:\Program Files\AIM6
2007-07-01 19:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-24 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-24 12:31 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\U3
2007-06-23 17:54 <DIR> d-------- C:\Program Files\Conceptworld
2007-06-23 17:54 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\Conceptworld
2007-06-23 17:31 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-06-23 17:31 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-06-23 17:30 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-23 17:30 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-21 16:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-06-21 13:40 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-06-21 13:38 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-21 13:37 <DIR> d-------- C:\Program Files\MSBuild
2007-06-21 13:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-21 13:36 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-06-21 12:23 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-21 12:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-21 12:16 <DIR> dr-h----- C:\MSOCache
2007-06-21 11:31 127,376 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2007-06-21 11:31 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2007-06-21 11:31 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-21 11:30 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2007-06-21 11:30 <DIR> d-------- C:\Program Files\Cisco Systems
2007-06-17 19:03 <DIR> d-------- C:\DOCUME~1\LAUREN~1\Contacts
2007-06-17 19:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-17 19:01 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-17 18:54 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\Skype
2007-06-17 18:48 <DIR> d-------- C:\Program Files\Skype
2007-06-17 18:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-06-13 20:34 <DIR> d-------- C:\Program Files\ACW
2007-06-12 20:52 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\CyberLink
2007-06-12 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-11 23:04 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\Move Networks
2007-06-10 21:14 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-09 21:16 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\AdobeUM
2007-06-08 08:34 <DIR> d-------- C:\WINDOWS\pss
2007-06-08 01:10 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-08 00:51 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\Talkback
2007-06-08 00:49 <DIR> d-------- C:\Program Files\DivX
2007-06-08 00:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-08 00:18 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-08 00:18 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-07 23:44 <DIR> d-------- C:\Program Files\Symantec_Client_Security
2007-06-07 23:26 <DIR> d-------- C:\Program Files\QuickTime
2007-06-07 23:26 <DIR> d-------- C:\Program Files\iTunes
2007-06-07 23:26 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-07 23:26 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\Apple Computer
2007-06-07 23:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-07 22:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
2007-06-07 22:50 <DIR> d-------- C:\Program Files\Ares
2007-06-07 22:46 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-07 22:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-07 22:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-07 22:44 <DIR> d-------- C:\Program Files\Maxtor
2007-06-07 22:41 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-07 22:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-07 22:21 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\DivX
2007-06-07 20:13 3,670,016 --ah----- C:\DOCUME~1\LAUREN~1\NTUSER.DAT
2007-06-07 20:13 <DIR> d--hs---- C:\DOCUME~1\LAUREN~1\UserData
2007-06-07 20:13 <DIR> d-------- C:\DOCUME~1\LAUREN~1\WINDOWS
2007-06-07 20:13 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-07 20:13 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\Symantec
2007-06-07 20:13 <DIR> d-------- C:\DOCUME~1\LAUREN~1\APPLIC~1\AOL
2007-06-07 20:12 <DIR> d---s---- C:\DOCUME~1\DEFAUL~1\UserData
2007-06-07 20:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-06-07 20:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-07 20:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
2007-06-07 20:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 20:51 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 20:44 --------- d-------- C:\Program Files\Common Files\aolshare
2007-07-18 20:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-01 19:47 --------- d-------- C:\Program Files\Common Files\AOL
2007-06-08 00:44 --------- d-------- C:\Program Files\Online Services
2007-06-08 00:29 --------- d-------- C:\Program Files\Home Cinema
2007-06-08 00:28 --------- d-------- C:\Program Files\Ahead
2007-06-08 00:27 --------- d-------- C:\Program Files\Musicmatch
2007-06-07 23:46 --------- d-------- C:\Program Files\Symantec
2007-06-07 22:44 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-07 22:38 --------- d-------- C:\Program Files\Pure Networks
2007-06-07 22:38 --------- d-------- C:\Program Files\Common Files\Ahead
2007-05-31 01:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 01:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 01:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 01:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 01:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:23 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 06:38 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-28 08:08]
"OSD"="C:\Program Files\OSD\OSD.EXE" [2004-08-20 20:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-09-10 16:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-09-10 16:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 23:24]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 11:35]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"QNPlus"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office-Web Mouse.lnk - C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe [2007-07-18 20:24:34]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lauren Klun^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Lauren Klun\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lauren Klun^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Lauren Klun\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2pex]
C:\WINDOWS\system32\p2pex.zip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)

R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
R2 NTPrime;NTPrime;C:\WINDOWS\system32\drivers\NTPrime.sys
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 NAVAP;NAVAP;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
R3 WBFIRDMA;Winbond Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\system32\DRIVERS\cben5.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 HidMouse;HidMouse;C:\WINDOWS\system32\Drivers\HidMouse.sys
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
S3 MXOPSWD;Maxtor OneTouch Security Driver;C:\WINDOWS\system32\DRIVERS\mxopswd.sys
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6720250-2278-11dc-8446-0040d0700d4f}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6720251-2278-11dc-8446-0040d0700d4f}]
AutoRun\command- G:\setupSNK.exe

*Newly Created Service* - HTTPFILTER

Contents of the 'Scheduled Tasks' folder
2007-06-10 14:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-07-31 03:14:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 22:34:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000c0

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-30 22:35:51

--- E O F ---

#3 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 08 August 2007 - 08:55 AM

Hello klun0023, sorry for the delay. I'm just looking over your log and will get back to you soon.

#4 klun0023

klun0023
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 08 August 2007 - 04:47 PM

k thanks!!

#5 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 11 August 2007 - 11:06 AM

Hello klun0023, my name is Rorschach and I'll be helping you with your problems.


Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.



We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on real-time protection (recommended)"
  • Remember to reactivate this feature when we have finished all our work.

Please run HijackThis, click "Do a system scan only" and check this entry

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Close all windows except for HijackThis and click "Fix checked".



Next we need to make a back up of the registry :

Go to Start > Run
Type:regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.


Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2pex]

Then double click on the fix.reg file, when it prompts to merge click "Yes".


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files in bold (if present):

C:\WINDOWS\system32\p2pex.zip.exe



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

So in your next reply please post the following : the two DSS texts in full, the Kaspersky Webscanner report, and tell me how your PC is running now and if you had any problems.

#6 klun0023

klun0023
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 11 August 2007 - 09:01 PM

Here are the reports you asked for. I'll post the kaspersky one next since it is about 7,00 lines long... Sorry!

My computer is kind of lagging. It takes longer than normal when I open programs and not just after startup. Also, right when I open internet explorer it is really slow but then loads the pages fine after that.

I was not able to find this file and delete it. I somewhat remember deleting it already through another program but Im not sure.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files in bold (if present): C:\WINDOWS\system32\p2pex.zip.exe

My antivirus program quarantined many of the files right away. Would this help prevent the backdoor Trojan or could they still have access to all my passwords and such?

I use a p2p program to download music and video files. I usually only download those types but I did try to download a few programs through it. I am guessing thats where I got the virus but I was wondering if it could have come in from the audio or video files I download. Thanks so much!!

Klun0023

Deckard's System Scanner v20070809.63
Run by Lauren Klun on 2007-08-11 at 18:21:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
56: 2007-08-11 23:22:02 UTC - RP71 - Deckard's System Scanner Restore Point
55: 2007-08-10 15:39:22 UTC - RP70 - Software Distribution Service 3.0
54: 2007-08-08 21:38:11 UTC - RP69 - Software Distribution Service 3.0
53: 2007-08-07 20:41:18 UTC - RP68 - System Checkpoint
52: 2007-08-05 23:16:25 UTC - RP67 - System Checkpoint


-- First Restore Point --
1: 2007-06-08 04:10:07 UTC - RP16 - Software Distribution Service 2.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Lauren Klun.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:04 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\OSD\OSD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Lauren Klun\Desktop\dss.exe
C:\DOCUME~1\LAUREN~1\Desktop\Lauren Klun.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\OSD\OSD.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Office-Web Mouse.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181265302758
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181281974523
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.cars.csom.umn.edu/viewer/active...tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 10208 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\LAUREN~1\Desktop\backups\) ------------

backup-20070811-180410-397 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 NTPrime - c:\windows\system32\drivers\ntprime.sys <Not Verified; mitac; mitac Script1 Application>

S3 catchme - c:\docume~1\lauren~1\locals~1\temp\catchme.sys (file missing)
S3 HidMouse - c:\windows\system32\drivers\hidmouse.sys <Not Verified; Office HID Mouse; 8 keys Office Mouse>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" <Not Verified; ; MaxBackServiceInt Module>
R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\onetouch\utils\syncservices.exe" <Not Verified; ; SyncServices>
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-08-11 18:11:35 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-06-10 09:26:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-07-30 22:58:40 0 d-------- C:\Program Files\Sun
2007-07-30 22:52:47 0 d-------- C:\Program Files\Java
2007-07-30 22:44:15 0 d-------- C:\Program Files\Common Files\Java
2007-07-29 19:41:44 0 d-------- C:\Program Files\Lavasoft
2007-07-29 19:41:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-29 19:41:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-19 23:49:52 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-07-19 23:49:36 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-19 22:53:02 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Download Manager
2007-07-18 20:24:34 1089536 --a------ C:\WINDOWS\system32\XWheel.dll <Not Verified; ; XWheel Dynamic Link Library>
2007-07-18 20:24:34 524288 --a------ C:\WINDOWS\system32\MousePage.dll <Not Verified; ; MousePage Module>
2007-07-18 20:24:34 110592 --a------ C:\WINDOWS\system32\Hook.dll
2007-07-18 20:24:34 33049 --a------ C:\WINDOWS\system32\drivers\HidMouse.sys <Not Verified; Office HID Mouse; 8 keys Office Mouse>
2007-07-18 20:24:34 0 d-------- C:\Program Files\Keyboard-Mouse-Set
2007-07-15 13:17:18 1343 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache


-- Find3M Report ---------------------------------------------------------------

2007-07-30 22:44:15 0 d-------- C:\Program Files\Common Files
2007-07-29 20:51:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 20:44:43 0 d-------- C:\Program Files\Common Files\aolshare
2007-07-27 00:27:33 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Adobe
2007-07-26 23:52:21 0 d-------- C:\Program Files\Skype
2007-07-19 23:49:56 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-18 20:24:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-14 15:51:59 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Move Networks
2007-07-09 20:06:06 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Skype
2007-07-09 12:39:45 0 d-------- C:\Program Files\Photodex Presenter
2007-07-09 12:39:44 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Mozilla
2007-07-09 12:39:29 0 d-------- C:\Program Files\Photodex
2007-07-09 12:17:52 0 d-------- C:\Program Files\InterActual
2007-07-09 12:17:26 0 d-------- C:\Program Files\DivX
2007-07-09 12:16:16 0 d-------- C:\Program Files\TUGZip
2007-07-07 20:18:02 0 d-------- C:\Program Files\Picasa2
2007-07-07 20:09:19 0 d-------- C:\Program Files\Google
2007-07-01 19:53:24 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\acccore
2007-07-01 19:52:25 0 d-------- C:\Program Files\AIM6
2007-07-01 19:51:52 0 d-------- C:\Program Files\iTunes
2007-07-01 19:51:26 0 d-------- C:\Program Files\iPod
2007-07-01 19:48:14 0 d-------- C:\Program Files\Common Files\Apple
2007-07-01 19:47:52 0 d-------- C:\Program Files\Common Files\AOL
2007-07-01 19:37:07 0 d-------- C:\Program Files\Apple Software Update
2007-06-24 19:17:32 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\U3
2007-06-23 17:54:23 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Conceptworld
2007-06-23 17:54:16 0 d-------- C:\Program Files\Conceptworld
2007-06-21 13:38:04 0 d-------- C:\Program Files\Microsoft Works
2007-06-21 13:37:51 0 d-------- C:\Program Files\MSBuild
2007-06-21 13:36:35 0 d-------- C:\Program Files\Common Files\ODBC
2007-06-21 13:36:34 0 d-------- C:\Program Files\Microsoft.NET
2007-06-21 11:30:59 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2007-06-21 11:30:58 0 d-------- C:\Program Files\Cisco Systems
2007-06-17 19:01:58 0 d-------- C:\Program Files\MSN Messenger
2007-06-13 20:34:25 0 d-------- C:\Program Files\ACW
2007-06-12 20:52:27 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\CyberLink
2007-05-31 01:44:55 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2007-05-31 01:44:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-31 01:44:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2007-05-31 01:44:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [07/01/2004 11:23 AM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [07/22/2004 06:38 AM C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [04/28/2003 08:08 AM]
"OSD"="C:\Program Files\OSD\OSD.EXE" [08/20/2004 08:01 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [09/10/2004 04:29 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/10/2004 04:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"ares"="C:\Program Files\Ares\Ares.exe" [05/14/2007 05:37 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"QNPlus"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office-Web Mouse.lnk - C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe [7/18/2007 8:24:34 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lauren Klun^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Lauren Klun\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lauren Klun^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Lauren Klun\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6720250-2278-11dc-8446-0040d0700d4f}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6720251-2278-11dc-8446-0040d0700d4f}]
AutoRun\command- G:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-08-11 at 18:28:15 ---------







Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.70GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 991.48 MiB / 578.59 MiB
Pagefile Memory (total/avail): 2390.21 MiB / 2089.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.6 MiB

C: is Fixed (NTFS) - 66.41 GiB total, 26.56 GiB free.
D: is Fixed (FAT32) - 8.14 GiB total, 4.15 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lauren Klun\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAUREN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lauren Klun
LOGONSERVER=\\LAUREN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp
USERDOMAIN=LAUREN
USERNAME=Lauren Klun
USERPROFILE=C:\Documents and Settings\Lauren Klun
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Lauren Klun (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AAD2762A-69ED-4685-A373-013CC3A16C78}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Acrobat 8.1.0 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Digital Editions --> C:\Documents and Settings\Lauren Klun\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions2x0\digitaleditions2x0.exe -uninstall
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agere Systems AC'97 Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
FIR Driver Setup program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29E65477-DB43-43D2-88F8-2D50C85727C4}\Setup.exe" -l0x9
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Lauren Klun\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Information about your PC --> MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Development Kit 6 Update 2 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Maxtor Backup --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9C3F9580-F5CF-4288-894E-9FF0EB24A21C} /l1033
Maxtor Encryption --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD} /l1033
Maxtor OneTouch III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9} /l1033
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Lauren Klun\Application Data\Move Networks\ie_bin\Uninst.exe
Office-Web Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235C3A50-559F-4CAA-BAC3-4CC9ABF51976}\Setup.exe"
OSD V1.0.2.4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Your Company Name\OSD\Uninst.isu"
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TUGZip 3.4 --> "C:\Program Files\TUGZip\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb936558) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B6B2802B-6631-4EBE-A062-44AE0C1F0BED}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event ID #6615: Warning
Event Submitted/Written: 08/11/2007 06:05:56 PM
Event Source: Userenv
Event Description:
Windows saved user LAUREN\Lauren Klun registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #6614: Warning
Event Submitted/Written: 08/11/2007 06:05:54 PM
Event Source: Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event ID #6597: Success
Event Submitted/Written: 08/11/2007 05:50:23 PM
Event Source: usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event ID #6591: Warning
Event Submitted/Written: 08/10/2007 10:40:27 PM
Event Source: Userenv
Event Description:
Windows saved user LAUREN\Lauren Klun registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #6590: Warning
Event Submitted/Written: 08/10/2007 10:40:26 PM
Event Source: Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #6164: Error
Event Submitted/Written: 08/11/2007 05:58:27 PM
Event Source: DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event ID #6161: Error
Event Submitted/Written: 08/11/2007 05:51:32 PM
Event Source: DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event ID #6158: Warning
Event Submitted/Written: 08/11/2007 05:46:57 PM
Event Source: Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event ID #6096: Warning
Event Submitted/Written: 08/10/2007 02:56:00 PM
Event Source: Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event ID #6080: Warning
Event Submitted/Written: 08/10/2007 10:34:27 AM
Event Source: Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-08-11 at 18:28:15 ---------

#7 klun0023

klun0023
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 11 August 2007 - 09:22 PM

I deleted a whole bunch of the "quarantined, deckard sys, and APTemp" lines because it was too long.
klun0023

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 11, 2007 8:55:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/08/2007
Kaspersky Anti-Virus database records: 378855
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 88907
Number of viruses found: 2
Number of infected objects: 7858
Number of suspicious objects: 0
Duration of the scan process: 02:08:53

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1A40.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1AD1.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1B66.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1B7D.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1B8.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1BE7.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1C0.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1C1F.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1C7B.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1D0C.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1D90.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1DA1.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1DE6.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1E5A.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1EA2.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1F51.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1FC1.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH1FFA.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH202A.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH2095.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH20DD.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH20E.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH218C.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH2206.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH2251.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH22C1.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH22C6.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWH232C.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFDA1.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFDAB.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFDB7.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFF30.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFF43.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFF7D.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFF8F.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFFD3.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DWHFFF0.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06102007-211446.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP10.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP100.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP101.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP102.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP103.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP104.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP105.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP106.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP107.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP108.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP109.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP11.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP110.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP111.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP112.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP113.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP114.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP115.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP116.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP117.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP118.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP119.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP12.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP120.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP121.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP122.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP123.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP124.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP125.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP126.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP127.exe Infected: P2P-C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP986.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP987.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP988.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP989.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP99.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP990.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP991.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP992.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP993.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP994.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP995.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP996.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP997.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP998.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP999.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1A91.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1A96.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1E7A.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1E9F.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1EA0.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1EA1.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1EA4.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1ED0.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1ED7.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\APQ1ED8.tmp Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0000.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0001.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0002.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0003.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0004.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0005.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0006.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0007.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0008.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03000010.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940107.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940108.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940109.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B94010A.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B94010B.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B94010C.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B94010D.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B94010E.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B94010F.VBN Infected: P2P-Worm.Win32.Agent.ag skipped
C:\Documents and Settings\Lauren Klun\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Lauren Klun\Application Data\Microsoft\Word\AutoRecovery save of reply.asd Object is locked skipped
C:\Documents and Settings\Lauren Klun\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lauren Klun\Desktop\reply.docx Object is locked skipped
C:\Documents and Settings\Lauren Klun\Desktop\~WRL0003.tmp Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\History\History.IE5\MSHist012007081120070812\index.dat Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Temp\~DFDBC8.tmp Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Temporary Internet Files\Content.Word\~WRF{7D7FF7EB-7A87-4733-85F0-E3747AAD238D}.tmp Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Temporary Internet Files\Content.Word\~WRS{0B49B3F4-D452-4D94-BF5C-4E7947C163B8}.tmp Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Temporary Internet Files\Content.Word\~WRS{2888911C-18C8-474B-BB69-01BE8DE4F345}.tmp Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Temporary Internet Files\Content.Word\~WRS{4743FCFA-4236-4607-8DB6-F3B487FF3101}.tmp Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Temporary Internet Files\Content.Word\~WRS{C97A9396-34E0-4D5C-9EFA-76BF780AFC9C}.tmp Object is locked skipped
C:\Documents and Settings\Lauren Klun\Local Settings\Temporary Internet Files\Content.Word\~WRS{F2D99F3B-00F9-4B7D-BE23-6A8261465326}.tmp Object is locked skipped
C:\Documents and Settings\Lauren Klun\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lauren Klun\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP51\A0010039.exe/Microsoft Money 2007 Deluxe/setup.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP51\A0010039.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP51\A0010160.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018470.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018471.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018472.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018473.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018474.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018475.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018476.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018477.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018478.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018479.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018480.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018481.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018482.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018483.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018484.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018485.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018486.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018487.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018488.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018489.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018490.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018491.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018492.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018493.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018494.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018495.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018496.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018497.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018498.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018499.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018500.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018501.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018502.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018503.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018504.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018505.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018506.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018507.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018508.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018509.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018510.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018511.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018512.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018513.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018514.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018515.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018516.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018517.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018518.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018519.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018520.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018521.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018522.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018523.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018524.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018525.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018526.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018527.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018528.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018529.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018530.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018531.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018532.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018533.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018534.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018535.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018536.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018537.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018538.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018539.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018540.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018541.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018542.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018543.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018544.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018545.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018546.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018547.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018548.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018549.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018550.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018551.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018552.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018553.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018554.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018555.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018556.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018557.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018558.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018559.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018560.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018561.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018562.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018563.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018564.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018565.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018566.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018567.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018568.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018569.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018570.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018571.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018572.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018573.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018574.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018575.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018576.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018577.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018578.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018579.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018580.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018581.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018582.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018583.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018584.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018585.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018586.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018587.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018588.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018589.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018590.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018591.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018592.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018593.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018594.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018595.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018596.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018597.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018598.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018599.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018600.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018601.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018602.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018603.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018604.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018605.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018606.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018607.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018608.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018609.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018610.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018611.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018612.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018613.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018614.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018615.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018616.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018617.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018618.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018619.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018620.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018621.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018622.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018623.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018624.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018625.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018626.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018627.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018628.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018629.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018630.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018631.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018632.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018633.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018634.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018635.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018636.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018637.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018638.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018639.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018640.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018641.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018642.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018643.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018644.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018645.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018646.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018647.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018648.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018649.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018650.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018651.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018652.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018653.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018654.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018655.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018656.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018657.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018658.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018659.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018660.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018661.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018662.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018663.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018664.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018665.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018666.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018667.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018668.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018669.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018670.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018671.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018672.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018673.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018674.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018675.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018676.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018677.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018678.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018679.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018680.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018681.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018682.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018683.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018684.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018685.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018686.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018687.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018688.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018689.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018690.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018691.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018692.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018693.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018694.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018695.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018696.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018697.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018698.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018699.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018700.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018701.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018702.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018703.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018704.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018705.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018706.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018707.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018708.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018709.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018710.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018711.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018712.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018713.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018714.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018715.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018716.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018717.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018718.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018719.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018720.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018721.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018722.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018723.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018724.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018725.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018726.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018727.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018728.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018729.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018730.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018731.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018732.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018733.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018734.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018735.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018736.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018737.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018738.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018739.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018740.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018741.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018742.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018743.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018744.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018745.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018746.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018747.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018748.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018749.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018750.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018751.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018752.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018753.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018754.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018755.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP64\A0019138.exe Infected: P2P-Worm.Win32.Agent.ag skipped
C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP71\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018756.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018757.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018758.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018759.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018760.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018761.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018762.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018763.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018764.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018765.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018766.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018767.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018768.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018769.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018770.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018771.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018772.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018773.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018774.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018775.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018776.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018777.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018778.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018779.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018780.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018781.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018782.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018783.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018784.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018785.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018786.exe Infected: P2P-Worm.Win32.Agent.ag skipped
skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018991.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60\A0018992.exe Infected: P2P-Worm.Win32.Agent.ag skipped
D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP71\change.log Object is locked skipped

Scan process completed.

#8 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 12 August 2007 - 08:40 AM

Hello Klun0023


Would this help prevent the backdoor Trojan or could they still have access to all my passwords and such?

Yes if your anti-virus quarantined the infection this would stop the backdoor trojan.

I am guessing thats where I got the virus but I was wondering if it could have come in from the audio or video files I download.

It's more than likely the infections came bundled with the p2p program, or through any .exe or .zip files you downloaded
from it.



We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on real-time protection (recommended)"
  • Remember to reactivate this feature when we have finished all our work.


Please run HijackThis, click "Do a system scan only" and check these entries in bold

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.cars.csom.umn.edu/viewer/active...tivexviewer.cab


Close all windows except for HijackThis and click "Fix checked".



* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


I see you have Viewpoint Manager installed on your PC

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.


So in your next reply please post the following : a new DSS log, the Dr. Web Cureit report, and tell me how your PC is running now.

#9 klun0023

klun0023
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 12 August 2007 - 09:54 PM

Hello Rorschach

Thank you so much for answering my questions and helping me so much. I did everything you told me in the last post. Here is the dss log and cureit log. My computer is the same but I did notice that when I load google (homepage) it uses the wrong icon up in the address bar of internet explorer. Could that be related? Thank you!!

klun0023

Deckard's System Scanner v20070809.63
Run by Lauren Klun on 2007-08-12 at 21:43:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lauren Klun.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:04 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\OSD\OSD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Lauren Klun\Desktop\dss.exe
C:\DOCUME~1\LAUREN~1\Desktop\Lauren Klun.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\OSD\OSD.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Office-Web Mouse.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181265302758
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181281974523
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.cars.csom.umn.edu/viewer/active...tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 10208 bytes

-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 18:29:04 0 d-------- C:\Documents and Settings\Lauren Klun\DoctorWeb
2007-08-11 18:33:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-11 18:33:31 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-30 22:58:40 0 d-------- C:\Program Files\Sun
2007-07-30 22:52:47 0 d-------- C:\Program Files\Java
2007-07-30 22:44:15 0 d-------- C:\Program Files\Common Files\Java
2007-07-29 19:41:44 0 d-------- C:\Program Files\Lavasoft
2007-07-29 19:41:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-29 19:41:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-19 23:49:52 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-07-19 22:53:02 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Download Manager
2007-07-18 20:24:34 1089536 --a------ C:\WINDOWS\system32\XWheel.dll <Not Verified; ; XWheel Dynamic Link Library>
2007-07-18 20:24:34 524288 --a------ C:\WINDOWS\system32\MousePage.dll <Not Verified; ; MousePage Module>
2007-07-18 20:24:34 110592 --a------ C:\WINDOWS\system32\Hook.dll
2007-07-18 20:24:34 33049 --a------ C:\WINDOWS\system32\drivers\HidMouse.sys <Not Verified; Office HID Mouse; 8 keys Office Mouse>
2007-07-18 20:24:34 0 d-------- C:\Program Files\Keyboard-Mouse-Set
2007-07-15 13:17:18 1343 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache


-- Find3M Report ---------------------------------------------------------------

2007-08-12 18:36:27 0 d-------- C:\Program Files\Common Files\Real
2007-08-12 18:26:31 0 d-------- C:\Program Files\Common Files
2007-07-29 20:51:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 20:44:43 0 d-------- C:\Program Files\Common Files\aolshare
2007-07-27 00:27:33 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Adobe
2007-07-26 23:52:21 0 d-------- C:\Program Files\Skype
2007-07-19 23:49:56 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-18 20:24:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-14 15:51:59 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Move Networks
2007-07-09 20:06:06 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Skype
2007-07-09 12:39:45 0 d-------- C:\Program Files\Photodex Presenter
2007-07-09 12:39:44 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Mozilla
2007-07-09 12:39:29 0 d-------- C:\Program Files\Photodex
2007-07-09 12:17:52 0 d-------- C:\Program Files\InterActual
2007-07-09 12:17:26 0 d-------- C:\Program Files\DivX
2007-07-09 12:16:16 0 d-------- C:\Program Files\TUGZip
2007-07-07 20:18:02 0 d-------- C:\Program Files\Picasa2
2007-07-07 20:09:19 0 d-------- C:\Program Files\Google
2007-07-01 19:53:24 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\acccore
2007-07-01 19:52:25 0 d-------- C:\Program Files\AIM6
2007-07-01 19:51:52 0 d-------- C:\Program Files\iTunes
2007-07-01 19:51:26 0 d-------- C:\Program Files\iPod
2007-07-01 19:48:14 0 d-------- C:\Program Files\Common Files\Apple
2007-07-01 19:47:52 0 d-------- C:\Program Files\Common Files\AOL
2007-07-01 19:37:07 0 d-------- C:\Program Files\Apple Software Update
2007-06-24 19:17:32 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\U3
2007-06-23 17:54:23 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Conceptworld
2007-06-23 17:54:16 0 d-------- C:\Program Files\Conceptworld
2007-06-21 13:38:04 0 d-------- C:\Program Files\Microsoft Works
2007-06-21 13:37:51 0 d-------- C:\Program Files\MSBuild
2007-06-21 13:36:35 0 d-------- C:\Program Files\Common Files\ODBC
2007-06-21 13:36:34 0 d-------- C:\Program Files\Microsoft.NET
2007-06-21 11:30:59 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2007-06-21 11:30:58 0 d-------- C:\Program Files\Cisco Systems
2007-06-17 19:01:58 0 d-------- C:\Program Files\MSN Messenger
2007-06-13 20:34:25 0 d-------- C:\Program Files\ACW
2007-06-12 20:52:27 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\CyberLink
2007-05-31 01:44:55 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2007-05-31 01:44:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-31 01:44:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2007-05-31 01:44:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [07/01/2004 11:23 AM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [07/22/2004 06:38 AM C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [04/28/2003 08:08 AM]
"OSD"="C:\Program Files\OSD\OSD.EXE" [08/20/2004 08:01 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [09/10/2004 04:29 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/10/2004 04:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"ares"="C:\Program Files\Ares\Ares.exe" [05/14/2007 05:37 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"QNPlus"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office-Web Mouse.lnk - C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe [7/18/2007 8:24:34 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lauren Klun^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Lauren Klun\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lauren Klun^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Lauren Klun\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6720250-2278-11dc-8446-0040d0700d4f}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6720251-2278-11dc-8446-0040d0700d4f}]
AutoRun\command- G:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-08-12 at 21:44:59 ---------

DWH1A40.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1AD1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1B66.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1B7D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1B8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1BE7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1C0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1C1F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1C7B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1D0C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1D90.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1DA1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1DE6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1E5A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1EA2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1F51.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1FC1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH1FFA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH202A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2095.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH20DD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH20E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH218C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2206.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2251.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH22C1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH22C6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH232C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH23B3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH244B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH245A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH249.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2515.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2538.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2567.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH260C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2663.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2685.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH275A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2787.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH27AB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH283C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2875.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH28B6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2994.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH29DC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH29F4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2A7E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2A8B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2AE7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2BCF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2C03.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2C91.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2CB2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2D2C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2E14.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2E3E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2E90.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2EE3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2F85.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH2FF0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3059.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH306F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH307.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH30A2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3114.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH31C0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH323F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH329F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH32A1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH32A8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3344.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH338.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH33F0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH347A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH34AA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH34C6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH34F7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH357F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3621.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH36A0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH36BD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH36ED.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH374F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3792.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3866.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH38DA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3914.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3935.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3976.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH39C3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3AA1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3AF6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3B4F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3BA7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3BAC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3C1C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3C2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3CDC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3CF5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3D75.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3DD8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3E4B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3E75.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3EFE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3F21.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3FBA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH3FD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH401D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH40B9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH40F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH40F4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4107.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4151.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH41E1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4243.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH42F4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4305.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH435.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4375.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH438C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4412.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH447E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4504.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4539.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH457E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH45BD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4643.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH46B9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4703.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4774.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH477D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4802.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4873.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4908.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH490B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH497B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH49B9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4A51.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4A9A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4B14.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4B2F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4B5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4B7A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4BE9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4C81.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4CC1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4D1D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4D83.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4D92.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4E38.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4EB2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4EE8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4F26.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4F8C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH4FE0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5087.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH50ED.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH510F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH512E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5180.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5225.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH52C2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5332.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5341.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5353.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH537.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5389.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5456.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH54F3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH554A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH556D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5570.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH557E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5691.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH56A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH572E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5753.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5791.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH57AB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH57BC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH58E0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5951.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5968.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5999.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH59DC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5A0A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5B25.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5B64.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5B8E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5BB7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5C17.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5C4F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5D63.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5D69.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5D97.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5DFC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5E5C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5E94.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5F76.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5F96.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5FA4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH5FD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH604B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6082.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH60B1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH617E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6194.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH61DF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH622.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH623.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6290.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH62BD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH62D8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH637D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6393.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH642E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH64DF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH64EE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH64FE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6592.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH659A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6673.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH671F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH672E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH672F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH67A5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH67AD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH684.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH68B8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6956.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH696E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6972.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH69B7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH69C0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6AFC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6B7D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6B9E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6BAD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6BCA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6BDC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6D41.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6DB8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6DD4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6DD9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6DDD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6E0D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6F9A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6FA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6FE6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6FE8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH6FF6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7016.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7023.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH71DF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH71E4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7213.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7237.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH723D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH724A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH73E3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7406.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7426.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH744F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7468.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH747A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH753.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH75E2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7641.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7656.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7662.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH76BF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH76CB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH77E0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7867.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7873.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7875.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH78F0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7910.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH79DF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7A7E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7A90.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7AA2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7B2B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7B41.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7BDE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7C7C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7CAD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7CBF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7D48.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7D7B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7DDD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7E8F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7EF2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7EFA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7F5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7F8C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7FC0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH7FDB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8098.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8135.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8140.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH81C7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH81E4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH81F1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH824.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH82AB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH837B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8383.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH83F7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8420.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8440.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH84A9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH854.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH85AA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH85C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH85C0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH85F6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH865B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH867B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH86BC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH87C7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH87EA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8819.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH88A0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH88C5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH88D4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH89F8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8A07.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8A68.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8AEC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8AEF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8B18.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8B5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8B5D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8BFC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8C33.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8CB7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8CF4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8D3E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8D53.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8E05.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8E59.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8EE7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8EFD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8F84.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8F8C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH8FF9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9094.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH90A5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH911A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9136.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH91C7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH91D3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH920C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH92D9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9323.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9371.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9376.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9402.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9404.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9415.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9514.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH952.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9521.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH953.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9589.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH95C0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9628.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9635.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH965B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH972A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH973B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9774.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH97FB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9830.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH986F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH988C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9933.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9958.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH997D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9A25.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9A36.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9ABC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9ABE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9B50.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9B71.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9B92.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9C2E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9C7A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9CF9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9D0B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9D66.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9D6D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9DC3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9E2D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9EBF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9F34.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9F46.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9F65.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9F9D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWH9FEA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA021.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA104.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA16E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA177.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA18D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA1E2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA21B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA220.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA335.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA376.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA3B2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA3DC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA3FF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA415.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA44C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA55.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA566.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA57F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA58.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA5E3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA60C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA612.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA646.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA686.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA788.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA7A1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA81A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA827.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA83.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA847.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA858.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA8B7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA8F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA99B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHA9D1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAA2D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAA61.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAA76.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAA8C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAAFC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHABB7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAC02.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAC4A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAC6A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHACB1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHACBD.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAD23.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHADDE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAE33.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAE69.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAE71.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAEEE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAEF6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAF68.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHAFA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB019.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB067.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB078.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB07A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB133.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB14F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB1C0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB22C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB266.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB29F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB2A0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB363.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB39E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB3E7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB467.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB479.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB4ED.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB4EF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB59E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB5B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB601.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB636.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB678.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB697.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB72A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB732.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB7C5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB871.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB876.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB8AA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB8BE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB95B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHB977.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBA0A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBA7F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBAB6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBAD1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBAF8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBB8C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBBC6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBC45.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBC88.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBCDA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBCF1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBD51.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBDDA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBDE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBE01.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBE75.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBE86.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBF2B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBF51.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHBF8C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC015.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC05A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC08F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC0C4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC177.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC1AC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC1DB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC250.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC27A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC28A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC2E1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC394.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC3F1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC434.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC481.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC483.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC4D9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC51C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC5BB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC640.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC68B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC68D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC702.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC732.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC757.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC7D8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC871.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC89E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC8D1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC933.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC977.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC9B0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHC9EA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCA89.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCAA2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCB34.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCB4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCB6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCB63.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCBC6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCC1B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCC4F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCC92.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCCD2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCD83.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCD9E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCE0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCE01.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCE24.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCE3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCE7F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCE86.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCEF9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCFCF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHCFDC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD02D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD05A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD099.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD0A6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD134.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD214.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD235.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD240.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD294.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD2A2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD2E1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD365.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD3E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD445.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD45C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD47A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD497.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD4D9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD51C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD58C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD64.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD679.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD68A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD69F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD6BF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD73C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD74D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD7D1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD896.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD8B0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD8B2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD917.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD97D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD98B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHD9ED.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDA9D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDAB3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDAE1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDB66.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDBCC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDBD0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDC0A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDCA6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDCD9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDD1C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDDB5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDE07.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDE0B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDE31.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDEAE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDF57.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHDFFA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE03B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE056.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE0BC.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE0C1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE0F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE19C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE23F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE262.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE2A5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE2D4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE2ED.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE38A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE3E0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE484.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE493.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE4D3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE4E0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE531.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE601.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE64D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE6BE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE6CE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE6D1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE724.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE762.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE81E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE87E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE8DA.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE909.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE917.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE969.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHE993.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEA4E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEAAF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEAED.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEB43.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEB52.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEBA4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEBB0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEC6B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHECF4.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHED00.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHED1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHED6A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHED97.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEDF3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEDF5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEE9C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEF1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEF1B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEF1C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEF9B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHEFF0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF039.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF042.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF0A5.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF10.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF11B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF15F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF1C2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF249.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF274.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF287.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF2B7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF31A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF3C2.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF407.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF48E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF4AF.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF4C1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF4DE.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF50.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF50F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF611.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF69C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF6C8.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF6D6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF705.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF70D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF71A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF76.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF86A.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF8D6.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF907.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF90C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF90D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF90E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHF94B.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFA1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFAB9.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFB11.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFB15.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFB35.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFB38.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFB5C.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFB90.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFD08.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFD28.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFD42.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFD5E.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFDA1.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFDAB.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFDB7.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFF30.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFF43.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFF7D.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFF8F.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFFD3.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
DWHFFF0.tmp;C:\Deckard\System Scanner\backup\WINDOWS\temp;Probably BACKDOOR.Trojan;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2;Probably BACKDOOR.Trojan;;
APQ1A91.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1A96.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1E7A.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1E9F.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1EA0.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1EA1.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1EA4.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1ED0.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1ED7.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
APQ1ED8.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp;Probably BACKDOOR.Trojan;;
A0010160.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP51;Trojan.MulDrop.5074;Deleted.;
A0018493.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018494.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018495.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018496.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018497.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018498.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018499.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018500.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018501.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018502.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018503.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018504.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018505.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018506.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018507.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018508.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018509.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018510.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018511.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018512.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018513.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018514.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018515.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018516.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018517.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018518.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018519.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018520.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018521.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018522.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018523.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018524.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018525.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018526.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018527.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018528.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018529.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018530.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018531.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018532.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018533.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018534.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018535.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018536.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018537.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018538.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018539.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018540.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018541.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018542.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018543.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018544.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018545.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018546.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018547.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018548.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018549.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018550.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018551.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018552.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018553.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018554.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018555.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018556.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018557.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018558.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018559.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018560.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018561.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018562.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018563.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018564.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018565.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018566.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018567.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018568.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018569.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018570.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018571.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018572.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018573.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018574.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018575.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018576.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018577.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018578.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018579.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018580.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018581.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018582.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018583.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018584.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018585.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018586.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018587.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018588.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018589.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018590.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018591.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018592.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018593.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018594.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018595.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018596.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018597.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018598.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018599.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018600.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018601.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018602.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018603.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018604.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018605.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018606.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018607.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018608.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018609.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018610.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018611.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018612.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018613.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018614.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018615.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018616.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018617.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018618.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018619.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018620.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018621.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018622.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018623.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018624.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018625.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018626.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018627.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018628.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018629.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018630.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018631.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018632.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018633.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018634.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018635.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018636.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018637.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018638.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018639.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018640.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018641.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018642.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018643.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018644.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018645.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018646.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018647.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018648.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018649.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018650.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018651.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018652.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018653.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018654.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018655.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018656.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018657.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018658.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018659.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018660.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018661.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018662.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018663.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018664.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018665.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018666.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018667.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018668.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018669.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018670.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018671.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018672.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018673.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018674.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018675.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018676.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018677.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018678.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018679.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018680.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018681.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018682.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018683.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018684.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018685.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018686.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018687.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018688.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018689.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018690.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018691.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018692.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018693.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018694.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018695.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018696.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018697.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018698.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018699.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018700.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018701.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018702.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018703.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018704.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018705.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018706.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018707.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018708.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018709.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018710.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018711.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018712.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018713.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018714.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018715.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018716.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018717.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018718.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018719.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018720.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018721.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018722.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018723.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018724.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018725.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018726.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018727.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018728.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018729.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018730.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018731.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018732.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018733.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018734.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018735.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018736.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018737.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018738.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018739.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018740.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018741.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018742.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018743.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018744.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018745.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018746.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018747.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018748.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018749.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018750.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018751.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018752.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018753.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018754.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018755.exe;C:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018756.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018757.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018758.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018759.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018760.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018761.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018762.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018763.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018764.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018765.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018766.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018767.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018768.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018769.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018770.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018771.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018772.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018773.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018774.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018775.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018776.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018777.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018778.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018779.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018780.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018781.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018782.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018783.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018784.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018785.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018786.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018787.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018788.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018789.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018790.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018791.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018792.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018793.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018794.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018795.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018796.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018797.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018798.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018799.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018800.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018801.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018802.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018803.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018804.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018805.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018806.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018807.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018808.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018809.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018810.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018811.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018812.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018813.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018814.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018815.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018816.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018817.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018818.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018819.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018820.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018821.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018822.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018823.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018824.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018825.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018826.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018827.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018828.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018829.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018830.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018831.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018832.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018833.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018834.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018835.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018836.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018837.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018838.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018839.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018840.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018841.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018842.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018843.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018844.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018845.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018846.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018847.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018848.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018849.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018850.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018851.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018852.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018853.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018854.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018855.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018856.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018857.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018858.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018859.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018860.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018861.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018862.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018863.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018864.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018865.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018866.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018867.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018868.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018869.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018870.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018871.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018872.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018873.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018874.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018875.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018876.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018877.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018878.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018879.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018880.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018881.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018882.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018883.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018884.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018885.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018886.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018887.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018888.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018889.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018890.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018891.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018892.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018893.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018894.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018895.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018896.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018897.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018898.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018899.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018900.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018901.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018902.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018903.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018904.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018905.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018906.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018907.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018908.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018909.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018910.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018911.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018912.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018913.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018914.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018915.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018916.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018917.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018918.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018919.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018920.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018921.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018922.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018923.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018924.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018925.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018926.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018927.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018928.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018929.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018930.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018931.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018932.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018933.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018934.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018935.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018936.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018937.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018938.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018939.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018940.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018941.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018942.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018943.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018944.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018945.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018946.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018947.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018948.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018949.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018950.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018951.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018952.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018953.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018954.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018955.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018956.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018957.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018958.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018959.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018960.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018961.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018962.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018963.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018964.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018965.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018966.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018967.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018968.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018969.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018970.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018971.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018972.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018973.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018974.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018975.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018976.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018977.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018978.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018979.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018980.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018981.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018982.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018983.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018984.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018985.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018986.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018987.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018988.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018989.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018990.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018991.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;
A0018992.exe;D:\System Volume Information\_restore{422F0977-CF31-4FD1-B3CB-D69232D83BEE}\RP60;Probably BACKDOOR.Trojan;;

#10 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 13 August 2007 - 09:49 AM

Hello Klun0023


when I load google (homepage) it uses the wrong icon up in the address bar of internet explorer.

What is the icon there look like? If possible could you take a screenshot and post it here for me to see.


Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.


Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.


So in your next reply please post the following : the BitDefender results, the GMER results, and tell me how your PC is running now.

#11 klun0023

klun0023
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 August 2007 - 10:52 PM

Hi Rorschach,

Here are the reports. I save the bitdefender one in txt but I think it should have been done in html. Anyway, here is a piece of it becasue it deleted around 11,000 files and it was too long again. Most of the lines were pretty much the same thing as below.

My computer is running the same, programs load a bit slowly when you first open it even though I have 1GB of RAM. I use iGoggle but the icon that comes up in the address bar is for facebook.com. I have no clue why it would do that. Thank you very much!!

klun0023

------Bitdefender----


<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002E8.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002E9.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002E9.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002E9.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EA.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EA.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EA.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EB.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EB.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EB.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EC.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EC.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EC.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002ED.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002ED.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002ED.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EE.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EE.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EE.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EF.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EF.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002EF.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F0.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F0.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F0.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F1.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F1.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F1.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F2.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F2.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F2.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F3.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F3.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F3.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F4.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F4.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F4.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F5.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F5.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F5.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\030002F6.VBN=>(Quarantine-PE)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Worm.P2P.AC</font></p>
</td>
</tr><tr>











GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-13 22:31:34
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1048] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2A1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1048] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A0277 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1048] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A01F8 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1048] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A023C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1048] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A0184 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1048] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A01BE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1048] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A02B2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1048] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F3164E C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [EDCD6C90] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [EDCD6FA0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [EDCD6F00] SYMEVENT.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [F7075DD0] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [F7075DD0] SynTP.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [EDCD6C90] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [EDCD6FA0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [EDCD6F00] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [EDCD6F00] SYMEVENT.SYS

---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\Lauren Klun\Local Settings\Application Data\Microsoft\Messenger\kellyklun@hotmail.com\SharingMetadata\dandoosha75@hotmail.com\DFSR\Staging\CS{8CAFC6C9-6B74-6864-A88B-5A2B71DDDBDC}\01\10-{8CAFC6C9-6B74-6864-A88B-5A2B71DDDBDC}-v1-{B9392BF1-396D-432B-BFCD-7113D05A063A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.13 ----

#12 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 14 August 2007 - 10:16 AM

Hello Klun0023


Please go to Start > Run > copy and paste this C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp > Click ok > click edit > select all > hit the delete button



Next download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

So in your next reply please post the following : the AVG Anti-Spyware report, a new DSS log, and tell me how your PC is running now and if you had any problems.

#13 klun0023

klun0023
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 14 August 2007 - 10:20 PM

Hi,

I did the scan in safe mode but wasn't able to save it right. It just deleted a bunch of cookies. I did a fast scan in normal mode but it didn't find anything. sorry about that. Computer is running good, a bit faster I think.

thanks!
klun0023



Deckard's System Scanner v20070809.63
Run by Lauren Klun on 2007-08-14 at 21:47:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lauren Klun.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:38 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\OSD\OSD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe
C:\Documents and Settings\Lauren Klun\Desktop\VIRUS CLEANUP\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\LAUREN~1\Desktop\Lauren Klun.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\OSD\OSD.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Office-Web Mouse.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181265302758
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181281974523
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.cars.csom.umn.edu/viewer/active...tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 9172 bytes

-- Files created between 2007-07-14 and 2007-08-14 -----------------------------

2007-08-14 16:11:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-13 17:56:59 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-12 18:29:04 0 d-------- C:\Documents and Settings\Lauren Klun\DoctorWeb
2007-08-11 18:33:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-11 18:33:31 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-30 22:58:40 0 d-------- C:\Program Files\Sun
2007-07-30 22:52:47 0 d-------- C:\Program Files\Java
2007-07-30 22:44:15 0 d-------- C:\Program Files\Common Files\Java
2007-07-29 19:41:44 0 d-------- C:\Program Files\Lavasoft
2007-07-29 19:41:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-29 19:41:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-19 23:49:52 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-07-19 22:53:02 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Download Manager
2007-07-18 20:24:34 1089536 --a------ C:\WINDOWS\system32\XWheel.dll <Not Verified; ; XWheel Dynamic Link Library>
2007-07-18 20:24:34 524288 --a------ C:\WINDOWS\system32\MousePage.dll <Not Verified; ; MousePage Module>
2007-07-18 20:24:34 110592 --a------ C:\WINDOWS\system32\Hook.dll
2007-07-18 20:24:34 33049 --a------ C:\WINDOWS\system32\drivers\HidMouse.sys <Not Verified; Office HID Mouse; 8 keys Office Mouse>
2007-07-18 20:24:34 0 d-------- C:\Program Files\Keyboard-Mouse-Set
2007-07-15 13:17:18 1343 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache


-- Find3M Report ---------------------------------------------------------------

2007-08-12 18:36:27 0 d-------- C:\Program Files\Common Files\Real
2007-08-12 18:26:31 0 d-------- C:\Program Files\Common Files
2007-07-29 20:51:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 20:44:43 0 d-------- C:\Program Files\Common Files\aolshare
2007-07-27 00:27:33 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Adobe
2007-07-26 23:52:21 0 d-------- C:\Program Files\Skype
2007-07-19 23:49:56 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-18 20:24:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-14 15:51:59 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Move Networks
2007-07-09 20:06:06 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Skype
2007-07-09 12:39:45 0 d-------- C:\Program Files\Photodex Presenter
2007-07-09 12:39:44 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Mozilla
2007-07-09 12:39:29 0 d-------- C:\Program Files\Photodex
2007-07-09 12:17:52 0 d-------- C:\Program Files\InterActual
2007-07-09 12:17:26 0 d-------- C:\Program Files\DivX
2007-07-09 12:16:16 0 d-------- C:\Program Files\TUGZip
2007-07-07 20:18:02 0 d-------- C:\Program Files\Picasa2
2007-07-07 20:09:19 0 d-------- C:\Program Files\Google
2007-07-01 19:53:24 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\acccore
2007-07-01 19:52:25 0 d-------- C:\Program Files\AIM6
2007-07-01 19:51:52 0 d-------- C:\Program Files\iTunes
2007-07-01 19:51:26 0 d-------- C:\Program Files\iPod
2007-07-01 19:48:14 0 d-------- C:\Program Files\Common Files\Apple
2007-07-01 19:47:52 0 d-------- C:\Program Files\Common Files\AOL
2007-07-01 19:37:07 0 d-------- C:\Program Files\Apple Software Update
2007-06-24 19:17:32 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\U3
2007-06-23 17:54:23 0 d-------- C:\Documents and Settings\Lauren Klun\Application Data\Conceptworld
2007-06-23 17:54:16 0 d-------- C:\Program Files\Conceptworld
2007-06-21 13:38:04 0 d-------- C:\Program Files\Microsoft Works
2007-06-21 13:37:51 0 d-------- C:\Program Files\MSBuild
2007-06-21 13:36:35 0 d-------- C:\Program Files\Common Files\ODBC
2007-06-21 13:36:34 0 d-------- C:\Program Files\Microsoft.NET
2007-06-21 11:30:59 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2007-06-21 11:30:58 0 d-------- C:\Program Files\Cisco Systems
2007-06-17 19:01:58 0 d-------- C:\Program Files\MSN Messenger
2007-05-31 01:44:55 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2007-05-31 01:44:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-31 01:44:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2007-05-31 01:44:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [07/01/2004 11:23 AM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [07/22/2004 06:38 AM C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [04/28/2003 08:08 AM]
"OSD"="C:\Program Files\OSD\OSD.EXE" [08/20/2004 08:01 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [09/10/2004 04:29 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/10/2004 04:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [08/14/2007 03:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"ares"="C:\Program Files\Ares\Ares.exe" [05/14/2007 05:37 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"QNPlus"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office-Web Mouse.lnk - C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe [7/18/2007 8:24:34 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lauren Klun^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Lauren Klun\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lauren Klun^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Lauren Klun\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6720250-2278-11dc-8446-0040d0700d4f}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6720251-2278-11dc-8446-0040d0700d4f}]
AutoRun\command- G:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-08-14 at 21:48:50 ---------

#14 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 15 August 2007 - 07:26 AM

Hello Klun0023, your logs are looking good! We need to do a few little things.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Next :

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders in bold (if present):

C:\Deckard




To re-enable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection options"
  • Check "Turn on real-time protection (recommended)


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Kleins article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#15 klun0023

klun0023
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 19 August 2007 - 06:56 PM

Dear Rorschach,

I just wanted to thank you so much for helping me with this virus. I would have never figured it out without you. My computer is running great now and I downloaded all the stuff you told me to help prevent new stuff. Thanks again!!

klun0023




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users