Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

From Internet Speed Monitor


  • This topic is locked This topic is locked
31 replies to this topic

#1 Gold Dragon

Gold Dragon

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 22 December 2007 - 11:11 PM

I get IE (which I actually don't use, but don't know how to uninstall the browser) popping up with that as page title as Internet Speed monitor, and it basically takes over my computer.

Already damaged trying to remove:

Virus Scanner (symantec Antivirus auto-protect features won't load, and it isn't letting me scan atm.)
At bootup, windows says it can't find some disk, which I suspect is a WinXP Pro Disk...)
Desktop background image reset

The first two came up after trying to run Ad-aware and Spybot S&D in Safe mode, and the third after restarting when McAffee Stinger finished.

Results from following prep guide:
Ran Ad-Aware 5 times (including the safe mode attempt), fifth time showed no infections...
Ran Spybot 3 times (including the safe mode attempt, which was done at the same time as the Ad-aware) final run had no infections found...

One of the infections that showed twice that I remember was Virtumonde

Virus scans: Usually run to scan entire computer, all files scanned, and zipped files to the 10th level

For the past week, 1 manual and several automatic scans showed viruses : jvmimpro.jar vmain.class Downloader

I traced this to a Java Installation, which as often as it popped up, I just simply uninstalled. At this point, it slowed from about every 2 minutes to every five.

Housecall AV: Wants me to re-install Java, which the AV stated was the cause of all this.... I skipped this step. and the last time I tried one of these, it caused even MORE trouble than it tried to solve (which it didn't) and wanted me to PAY for it. I seldom trust these sites.

Stinger: Came up empty.

I use whatever Firewall that came with WinXP. I just checked, and it is active.

I last used Windows Update in Mid-November. I tend to check once a month. I haven't done so yet this month, as it is the last step I do when system-checking (Virus scans, Disk defrag, etc...)

Hijackthis log attached.

I use Symantec AV, Windows XP pro with SP2.

As I typed this, a little yellow caution sign with an ! in it started popping up in the Taskbar.

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:34 AM

Posted 23 December 2007 - 08:29 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Gold Dragon

Gold Dragon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 December 2007 - 09:56 PM

Everything seems to be running normally, I think..

Here's the log.

EDIT: I can't remove or edit Symantec AV. It keeps getting Fatal Errors. How can I fix this? It's also saying that Auto-protect is disabled....

Attached Files


Edited by Gold Dragon, 23 December 2007 - 10:54 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:34 AM

Posted 24 December 2007 - 09:11 AM

ComboFix 07-12-21.4 - Michael 2007-12-23 19:35:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2557 [GMT -7:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michael\Application Data\macromedia\Flash Player\#SharedObjects\B78TZPZP\www.broadcaster.com
C:\Documents and Settings\Michael\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Michael\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Michael\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Michael\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Michael\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\QdrPack\trgts.gz
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\asembl~1
C:\WINDOWS\asembl~1\a?sembly\
C:\WINDOWS\asembl~1\ping .exe
C:\WINDOWS\asembl~1\ping.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\egmulhxk.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fccyyaw.dll
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sstem3~1\?poolsv.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wtscc.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\windows\xpupdate.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-23 19:46 . 2007-12-23 19:46 340,480 --------- C:\WINDOWS\system32\vtsts.dll
2007-12-22 22:29 . 2007-12-22 22:29 344,064 --a------ C:\WINDOWS\system32\RCX72.tmp
2007-12-22 22:25 . 2007-12-22 22:25 344,064 --a------ C:\WINDOWS\system32\RCX62.tmp
2007-12-22 21:55 . 2007-12-22 22:48 18,432 --a------ C:\WINDOWS\fkwggshm.exe
2007-12-22 21:33 . 2007-12-22 21:33 344,064 --a------ C:\WINDOWS\system32\RCX58.tmp
2007-12-22 21:17 . 2007-12-22 21:17 344,064 --a------ C:\WINDOWS\system32\RCX51.tmp
2007-12-22 20:45 . 2007-12-22 20:45 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-22 20:44 . 2007-12-22 20:44 8,711 --a------ C:\info.exe
2007-12-22 20:30 . 2007-12-22 20:30 344,064 --a------ C:\WINDOWS\system32\RCX46.tmp
2007-12-22 20:30 . 2007-12-22 21:17 30,168 --a------ C:\WINDOWS\xpupdate .exe
2007-12-22 19:30 . 2007-12-22 19:30 1,283,174 --a------ C:\Install
2007-12-22 19:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-22 19:28 . 2007-12-22 19:28 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-22 19:02 . 2007-12-22 19:02 344,064 --a------ C:\WINDOWS\system32\RCX44.tmp
2007-12-22 17:37 . 2007-12-22 17:37 344,064 --a------ C:\WINDOWS\system32\RCX43.tmp
2007-12-22 15:58 . 2007-12-23 19:26 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 14:58 . 2007-12-22 14:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-22 14:51 . 2007-12-23 19:46 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-22 11:59 . 2007-12-23 19:46 344,064 --a------ C:\WINDOWS\system32\vtsts.exe
2007-12-19 00:58 . 2007-12-22 20:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 00:58 . 2007-12-19 00:58 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-11 12:46 . 2007-12-11 12:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 12:46 . 2007-12-11 12:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 12:46 . 2007-12-11 12:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 12:45 . 2007-12-11 12:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 12:45 . 2007-12-11 12:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 12:43 . 2007-12-11 12:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-05 19:36 . 2004-03-08 21:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.ocx
2007-11-28 13:32 . 2007-11-28 13:32 <DIR> d-------- C:\Program Files\Macrovision Corporation
2007-11-28 13:32 . 2007-11-28 13:32 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 02:46 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-24 02:46 --------- d-----w C:\Program Files\QuickTime
2007-12-24 02:46 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-24 02:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-23 02:29 --------- d-----w C:\Program Files\Java
2007-12-22 02:18 --------- d-----w C:\Documents and Settings\Michael\Application Data\ZipGenius
2007-12-20 21:46 --------- d-----w C:\Documents and Settings\Michael\Application Data\Azureus
2007-12-20 20:55 --------- d-----w C:\Program Files\DivX
2007-12-11 02:11 --------- d-----w C:\Program Files\Azureus
2007-12-06 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 02:29 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-11-12 02:28 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-11-07 08:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-02 03:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\ATI
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB1F22D8-35C7-414C-BD53-8AEACCB0E0D7}]
2007-12-23 19:46 340480 --------- C:\WINDOWS\system32\vtsts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartFTP Drop]
@={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

[HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
2007-11-08 01:51 406840 --a------ C:\Program Files\SmartFTP Client 2.0\sfShellTools.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-23 19:35]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather .exe" [2007-12-23 19:46]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2007-12-23 19:36]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2007-12-23 19:36]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-12-23 19:36]
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" []
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-23 19:36]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-23 19:36]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2007-12-23 19:36]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2007-12-23 19:36]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2007-12-23 19:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-23 19:46]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2007-12-23 19:36]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2007-12-23 19:36]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-23 19:46]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2007-12-23 19:46]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2007-12-23 19:46]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2007-12-23 19:46]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2007-12-23 19:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-07 13:51:07]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\vtsts.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsts

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe


.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 19:47:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ststv.ini 391 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\vtsts.dll
.
Completion time: 2007-12-23 19:48:49 - machine was rebooted
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:34 AM

Posted 24 December 2007 - 09:23 AM

Going forward if you would please copy the text from the logs and paste it directly into your replies, it makes it much easier to review.

We'll come back to Symantec. You've still got plenty of malware that shows up in your log.


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.


File::
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\RCX72.tmp
C:\WINDOWS\system32\RCX62.tmp
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\system32\RCX58.tmp
C:\WINDOWS\system32\RCX51.tmp
C:\WINDOWS\system32\jpewocmz.ini
C:\info.exe
C:\WINDOWS\system32\RCX46.tmp
C:\WINDOWS\xpupdate .exe
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX43.tmp
C:\WINDOWS\system32\vtsts.exe

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.


===============


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Gold Dragon

Gold Dragon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 25 December 2007 - 08:35 PM

Superantispyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/24/2007 at 05:11 PM

Application Version : 3.9.1008

Core Rules Database Version : 3366
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 03:30:39

Memory items scanned : 442
Memory threats detected : 1
Registry items scanned : 6060
Registry threats detected : 6
File items scanned : 203274
File threats detected : 81

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\VTSTS.DLL
C:\WINDOWS\SYSTEM32\VTSTS.DLL
HKLM\Software\Classes\CLSID\{C6767601-7690-45E0-B8D3-10AE196F39F3}
HKCR\CLSID\{C6767601-7690-45E0-B8D3-10AE196F39F3}
HKCR\CLSID\{C6767601-7690-45E0-B8D3-10AE196F39F3}\InprocServer32
HKCR\CLSID\{C6767601-7690-45E0-B8D3-10AE196F39F3}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6767601-7690-45E0-B8D3-10AE196F39F3}

Adware.Tracking Cookie
C:\Documents and Settings\Michael\Cookies\michael@www.burstbeacon[1].txt
C:\Documents and Settings\Michael\Cookies\michael@eas.apm.emediate[2].txt
C:\Documents and Settings\Michael\Cookies\michael@media.adrevolver[1].txt
C:\Documents and Settings\Michael\Cookies\michael@zedo[2].txt
C:\Documents and Settings\Michael\Cookies\michael@stats2.reliablestats[1].txt
C:\Documents and Settings\Michael\Cookies\michael@redorbit[1].txt
C:\Documents and Settings\Michael\Cookies\michael@ad.yieldmanager[1].txt
C:\Documents and Settings\Michael\Cookies\michael@doubleclick[1].txt
C:\Documents and Settings\Michael\Cookies\michael@specificclick[1].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.monster[2].txt
C:\Documents and Settings\Michael\Cookies\michael@adrevolver[1].txt
C:\Documents and Settings\Michael\Cookies\michael@ad.outerinfoads[2].txt
C:\Documents and Settings\Michael\Cookies\michael@exitexchange[2].txt
C:\Documents and Settings\Michael\Cookies\michael@cz8.clickzs[1].txt
C:\Documents and Settings\Michael\Cookies\michael@cgi-bin[2].txt
C:\Documents and Settings\Michael\Cookies\michael@rotator.adjuggler[1].txt
C:\Documents and Settings\Michael\Cookies\michael@server.iad.liveperson[2].txt
C:\Documents and Settings\Michael\Cookies\michael@a[2].txt
C:\Documents and Settings\Michael\Cookies\michael@burstnet[1].txt
C:\Documents and Settings\Michael\Cookies\michael@adsrevenue[1].txt
C:\Documents and Settings\Michael\Cookies\michael@atlas.entrepreneur[2].txt
C:\Documents and Settings\Michael\Cookies\michael@www.burstnet[2].txt
C:\Documents and Settings\Michael\Cookies\michael@advertising[2].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.addynamix[1].txt
C:\Documents and Settings\Michael\Cookies\michael@mediatraffic[1].txt
C:\Documents and Settings\Michael\Cookies\michael@interclick[2].txt
C:\Documents and Settings\Michael\Cookies\michael@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Michael\Cookies\michael@eyewonder[1].txt
C:\Documents and Settings\Michael\Cookies\michael@questionmarket[1].txt
C:\Documents and Settings\Michael\Cookies\michael@adopt.specificclick[2].txt
C:\Documents and Settings\Michael\Cookies\michael@atdmt[2].txt
C:\Documents and Settings\Michael\Cookies\michael@46460995[1].txt
D:\Documents and Settings\Michael\Cookies\michael@adknowledge[2].txt
D:\Documents and Settings\Michael\Cookies\michael@burstnet[2].txt
D:\Documents and Settings\Michael\Cookies\michael@coolsavings[1].txt
D:\Documents and Settings\Michael\Cookies\michael@cz8.clickzs[2].txt
D:\Documents and Settings\Michael\Cookies\michael@ehg-dig.hitbox[1].txt
D:\Documents and Settings\Michael\Cookies\michael@findacelb[2].txt
D:\Documents and Settings\Michael\Cookies\michael@hentaicounter[1].txt
D:\Documents and Settings\Michael\Cookies\michael@icc.intellisrv[2].txt
D:\Documents and Settings\Michael\Cookies\michael@image.masterstats[1].txt
D:\Documents and Settings\Michael\Cookies\michael@nextag[2].txt
D:\Documents and Settings\Michael\Cookies\michael@pagetrack.iomega[2].txt
D:\Documents and Settings\Michael\Cookies\michael@register.screensaver[1].txt
D:\Documents and Settings\Michael\Cookies\michael@toplist[1].txt

Adware.AdSponsor/ISM
HKU\S-1-5-21-1844237615-854245398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run#QdrPack11 [ "C:\Program Files\QdrPack\QdrPack11.exe" ]
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRPACK\QDRPACK11 .EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644\A0120228.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645\A0121230.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645\A0121280.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645\A0121327.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646\A0121379.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647\A0121456.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647\A0121508.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647\A0121556.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647\A0121633.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647\A0121684.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647\A0121734.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121778.EXE

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\MICHAEL\FAVORITES\ONLINE SECURITY TEST.URL

Adware.WhenU
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

Adware.ClickSpring
C:\QOOBOX\QUARANTINE\C\WINDOWS\ASEMBL~1\PING .EXE.VIR
C:\qoobox\Quarantine\C\WINDOWS\system32\SSTEM3~1\POOLSV~1.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644\A0120225.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121796.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121797.EXE

Trojan.Downloader-FakeRX
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EGMULHXK.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121854.DLL

Trojan.Unclassified/LPCYWINP
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LPCYWINP.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121853.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WTSCC.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121770.EXE

Rogue.MalwareAlarm-Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\XPUPDATE .EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\XPUPDATE.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647\A0121510.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121805.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657\A0122329.EXE
D:\ZIPAPP\_C3RYDWNRBXLFBWE1X21IMQ_A2V5AW4_A2V5AW4_.EXE

Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121859.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649\A0121860.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\STSTV.INI

-------------------------------------------------------------------------------------------------------

ComboFix 07-12-21.4 - Michael 2007-12-24 13:21:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2582 [GMT -7:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\info.exe
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\system32\jpewocmz.ini
C:\WINDOWS\system32\RCX43.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX46.tmp
C:\WINDOWS\system32\RCX51.tmp
C:\WINDOWS\system32\RCX58.tmp
C:\WINDOWS\system32\RCX62.tmp
C:\WINDOWS\system32\RCX72.tmp
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtsts.exe
C:\WINDOWS\xpupdate .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\info.exe
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\system32\jpewocmz.ini
C:\WINDOWS\system32\RCX43.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX46.tmp
C:\WINDOWS\system32\RCX51.tmp
C:\WINDOWS\system32\RCX58.tmp
C:\WINDOWS\system32\RCX62.tmp
C:\WINDOWS\system32\RCX72.tmp
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtsts.exe
C:\WINDOWS\xpupdate .exe

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 13:28 . 2007-12-24 13:28 340,480 --------- C:\WINDOWS\system32\vtsts.dll
2007-12-23 20:47 . 2007-12-23 20:47 344,064 --a------ C:\WINDOWS\system32\RCX3C.tmp
2007-12-23 20:40 . 2007-12-23 20:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-12-23 20:15 . 2007-12-23 20:15 344,064 --a------ C:\WINDOWS\system32\RCX3B.tmp
2007-12-22 19:30 . 2007-12-22 19:30 1,283,174 --a------ C:\Install
2007-12-22 19:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-22 19:28 . 2007-12-22 19:28 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-22 15:58 . 2007-12-23 20:47 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 14:58 . 2007-12-22 14:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-22 14:51 . 2007-12-24 13:28 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-11 12:46 . 2007-12-11 12:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 12:46 . 2007-12-11 12:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 12:46 . 2007-12-11 12:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 12:45 . 2007-12-11 12:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 12:45 . 2007-12-11 12:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 12:43 . 2007-12-11 12:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-05 19:36 . 2004-03-08 21:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.ocx
2007-11-28 13:32 . 2007-11-28 13:32 <DIR> d-------- C:\Program Files\Macrovision Corporation
2007-11-28 13:32 . 2007-11-28 13:32 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 20:29 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-24 20:29 --------- d-----w C:\Program Files\QuickTime
2007-12-24 20:29 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-24 20:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-24 08:27 --------- d-----w C:\Documents and Settings\Michael\Application Data\ZipGenius
2007-12-23 02:29 --------- d-----w C:\Program Files\Java
2007-12-20 21:46 --------- d-----w C:\Documents and Settings\Michael\Application Data\Azureus
2007-12-20 20:55 --------- d-----w C:\Program Files\DivX
2007-12-11 02:11 --------- d-----w C:\Program Files\Azureus
2007-12-06 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 02:29 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-11-12 02:28 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-11-07 08:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-02 03:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\ATI
2006-12-06 03:41 262,144 ----a-w C:\Documents and Settings\All Users\ntusera.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_19.48.02.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-24 02:46:08 122,940 ----a-w C:\WINDOWS\system32\dla\DLACTRLW .EXE
+ 2007-12-24 20:28:53 122,940 ----a-w C:\WINDOWS\system32\dla\DLACTRLW .EXE
- 2007-12-24 02:36:06 493,568 ----a-w C:\WINDOWS\system32\dla\DLACTRLW.EXE
+ 2007-12-24 20:29:19 493,568 ----a-w C:\WINDOWS\system32\dla\DLACTRLW.EXE
- 2007-12-24 02:46:26 566,784 ----a-w C:\WINDOWS\system32\LVCOMSX.EXE
+ 2007-12-24 20:29:20 566,784 ----a-w C:\WINDOWS\system32\LVCOMSX.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6767601-7690-45E0-B8D3-10AE196F39F3}]
2007-12-24 13:28 340480 --------- C:\WINDOWS\system32\vtsts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartFTP Drop]
@={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

[HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
2007-11-08 01:51 406840 --a------ C:\Program Files\SmartFTP Client 2.0\sfShellTools.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-24 13:21]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather .exe" [2007-12-24 13:29]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2007-12-24 13:21]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2007-12-24 13:21]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-12-24 13:21]
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" []
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-24 13:29]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-24 13:29]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2007-12-24 13:29]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2007-12-24 13:29]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2007-12-24 13:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-24 13:29]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2007-12-24 13:29]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2007-12-24 13:29]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-24 13:29]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2007-12-24 13:29]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2007-12-24 13:29]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2007-12-24 13:29]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2007-12-24 13:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-07 13:51:07]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\vtsts.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsts

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe


.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 13:29:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ststv.ini 367 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\vtsts.dll
.
Completion time: 2007-12-24 13:31:33 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-23 19:48

Attached Files


Edited by Gold Dragon, 25 December 2007 - 08:36 PM.


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:34 AM

Posted 26 December 2007 - 08:55 AM

You've got a new infection that basically infects the programs that run on startup. In your case, nearly all of them are infected. This a new variant so we will try to disinfect those programs, but you will likely have to reinstall them at some point.

You may want to print out these instructions because much of this will need to be done in safe mode and you won't be able to access this page.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Don't run it yet.


=============


Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here for more info.

=============



Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.



F3 - REG:win.ini: load=C:\WINDOWS\system32\vtsts.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather .exe 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1



=================


Now let's run DrWeb.
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

===============


Reboot back into normal mode.
Please post the contents of the log from DrWeb and a new combofix log in your next reply.

Edited by Buckeye_Sam, 26 December 2007 - 08:56 AM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Gold Dragon

Gold Dragon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 26 December 2007 - 07:55 PM

Side note:

Hijackthis didn't find some of the things that you listed to be checked.
Dr.Web didn't perform any action on three files that I noticed.


ComboFix 07-12-21.4 - Michael 2007-12-26 17:31:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2635 [GMT -7:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\vtsts.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-26 17:37 . 2007-12-26 17:37 340,480 --------- C:\WINDOWS\system32\vtsts.dll
2007-12-26 17:29 . 2007-12-26 17:37 344,064 --a------ C:\WINDOWS\system32\vtsts.exe
2007-12-26 14:34 . 2007-12-26 14:34 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-12-24 13:36 . 2007-12-24 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-24 13:35 . 2007-12-26 16:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-24 13:35 . 2007-12-24 13:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 13:35 . 2007-12-24 13:35 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2007-12-23 20:40 . 2007-12-23 20:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-12-22 19:30 . 2007-12-22 19:30 1,283,174 --a------ C:\Install
2007-12-22 19:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-22 19:28 . 2007-12-22 19:28 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-22 15:58 . 2007-12-26 14:18 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 14:58 . 2007-12-22 14:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-22 14:51 . 2007-12-26 14:33 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-11 12:46 . 2007-12-11 12:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 12:46 . 2007-12-11 12:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 12:46 . 2007-12-11 12:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 12:45 . 2007-12-11 12:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 12:45 . 2007-12-11 12:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 12:43 . 2007-12-11 12:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-05 19:36 . 2004-03-08 21:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.ocx
2007-11-28 13:32 . 2007-11-28 13:32 <DIR> d-------- C:\Program Files\Macrovision Corporation
2007-11-28 13:32 . 2007-11-28 13:32 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 00:36 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-26 23:06 --------- d-----w C:\Program Files\QuickTime
2007-12-26 22:37 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-26 22:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-26 02:19 --------- d-----w C:\Documents and Settings\Michael\Application Data\ZipGenius
2007-12-23 02:29 --------- d-----w C:\Program Files\Java
2007-12-20 21:46 --------- d-----w C:\Documents and Settings\Michael\Application Data\Azureus
2007-12-20 20:55 --------- d-----w C:\Program Files\DivX
2007-12-11 02:11 --------- d-----w C:\Program Files\Azureus
2007-12-06 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 02:29 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-11-12 02:28 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-11-07 08:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-02 03:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\ATI
2006-12-06 03:41 262,144 ----a-w C:\Documents and Settings\All Users\ntusera.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_19.48.02.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-24 20:35:50 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-12-24 20:35:50 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-12-24 20:35:50 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-12-24 02:46:08 122,940 ----a-w C:\WINDOWS\system32\dla\DLACTRLW .EXE
+ 2007-12-26 21:06:35 122,940 ----a-w C:\WINDOWS\system32\dla\DLACTRLW .EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09B8E331-90FE-49E1-934F-27B5DBBAAA3A}]
2007-12-26 17:37 340480 --------- C:\WINDOWS\system32\vtsts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartFTP Drop]
@={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

[HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
2007-11-08 01:51 406840 --a------ C:\Program Files\SmartFTP Client 2.0\sfShellTools.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" []
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" []
"Weather"="C:\Program Files\AWS\WeatherBug\Weather .exe" [2007-12-26 17:37]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-07 13:51:07]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\vtsts.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsts

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe


.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 17:38:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ststv.ini 367 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\vtsts.dll
.
Completion time: 2007-12-26 17:40:04 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-24 13:31
C:\ComboFix3.txt ... 2007-12-23 19:48

#9 Gold Dragon

Gold Dragon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 27 December 2007 - 01:24 AM

It wouldn't let me upload the drweb.csv file.....

It's now in Zip. I can't get to it any other way (as MsOffice seems to have gotten damaged...)

Attached Files



#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:34 AM

Posted 27 December 2007 - 05:07 PM

minibugtransporter.dll;c:\windows\downloaded program files;Adware.Minibug;;
ctfmon.exe;c:\windows\system32;Trojan.MulDrop.9328;Deleted.;
lvcomsx.exe;c:\windows\system32;Trojan.MulDrop.9328;Deleted.;
RCX10.tmp;C:\Documents and Settings\Michael\Local Settings\Temp;Trojan.MulDrop.9328;Deleted.;
RCX1B.tmp;C:\Documents and Settings\Michael\Local Settings\Temp;Trojan.MulDrop.9328;Deleted.;
RCX1E.tmp;C:\Documents and Settings\Michael\Local Settings\Temp;Trojan.MulDrop.9328;Deleted.;
RCX21.tmp;C:\Documents and Settings\Michael\Local Settings\Temp;Trojan.MulDrop.9328;Deleted.;
RCX24.tmp;C:\Documents and Settings\Michael\Local Settings\Temp;Trojan.MulDrop.9328;Deleted.;
RCX7.tmp;C:\Documents and Settings\Michael\Local Settings\Temp;Trojan.MulDrop.9328;Deleted.;
RCXD.tmp;C:\Documents and Settings\Michael\Local Settings\Temp;Trojan.MulDrop.9328;Deleted.;
AdobeUpdateManager.exe;C:\Program Files\Adobe\Acrobat 7.0\Reader;Trojan.MulDrop.9328;Deleted.;
CLIStart.exe;C:\Program Files\ATI Technologies\ATI.ACE;Trojan.MulDrop.9328;Deleted.;
Weather .exe;C:\Program Files\AWS\WeatherBug;Trojan.MulDrop.9328;Deleted.;
Weather.exe;C:\Program Files\AWS\WeatherBug;Trojan.MulDrop.9328;Deleted.;
MidasAstralShrineTop01.nif;C:\Program Files\Bethesda Softworks\Oblivion\Data\Meshes\architecture\MidasAstralPlane;Modification of Win32.Kriz.3689;Moved.;
ccApp.exe;C:\Program Files\Common Files\Symantec Shared;Trojan.MulDrop.9328;Deleted.;
CTDetect.exe;C:\Program Files\Creative\MediaSource\Detector;Trojan.MulDrop.9328;Deleted.;
DVDLauncher.exe;C:\Program Files\CyberLink\PowerDVD;Trojan.MulDrop.9328;Deleted.;
daemon.exe;C:\Program Files\DAEMON Tools;Trojan.MulDrop.9328;Deleted.;
ADUserMon.exe;C:\Program Files\Iomega\AutoDisk;Trojan.MulDrop.9328;Deleted.;
deskup.exe;C:\Program Files\Iomega\DriveIcons;Trojan.MulDrop.9328;Deleted.;
ImgIcon.exe;C:\Program Files\Iomega\DriveIcons;Trojan.MulDrop.9328;Deleted.;
jusched.exe;C:\Program Files\Java\jre1.6.0_03\bin;Trojan.MulDrop.9328;Deleted.;
ISStart.exe;C:\Program Files\Logitech\Video;Trojan.MulDrop.9328;Deleted.;
LogiTray.exe;C:\Program Files\Logitech\Video;Trojan.MulDrop.9328;Deleted.;
ManifestEngine.exe;C:\Program Files\Logitech\Video;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
qttask.exe;C:\Program Files\QuickTime;Trojan.MulDrop.9328;Deleted.;
SUPERAntiSpyware.exe;C:\Program Files\SUPERAntiSpyware;Trojan.MulDrop.9328;Deleted.;
VPTray.exe;C:\Program Files\Symantec AntiVirus;Trojan.MulDrop.9328;Deleted.;
DesktopWeather.exe;C:\Program Files\The Weather Channel FW\Desktop Weather;Trojan.MulDrop.9328;Deleted.;
WiseInstallUtility.dll;C:\Program Files\The Weather Channel FW\Framework;Adware.Look2me.origin;;
info.exe.vir;C:\qoobox\Quarantine\C;Trojan.DownLoader.37981;Deleted.;
QdrDrive9.dll.vir;C:\qoobox\Quarantine\C\Program Files\QdrDrive;Adware.SearchAid.origin;;
QdrModule11.exe.vir;C:\qoobox\Quarantine\C\Program Files\QdrModule;Trojan.MulDrop.9328;Deleted.;
QdrPack11.exe.vir;C:\qoobox\Quarantine\C\Program Files\QdrPack;Trojan.MulDrop.9328;Deleted.;
mrofinu72.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.MulDrop.9328;Deleted.;
ping.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\ASEMBL~1;Trojan.MulDrop.9328;Deleted.;
RCX43.tmp.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX44.tmp.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX46.tmp.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX51.tmp.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX58.tmp.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX62.tmp.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX72.tmp.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
vtsts.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
A0119863.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP641;Trojan.DownLoader.38055;Deleted.;
A0120087.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120089.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120090.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120091.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120092.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120093.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120094.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120095.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120096.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120097.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120098.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120099.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120100.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120101.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120103.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120104.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120105.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120106.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120107.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120108.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120109.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120110.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120111.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120112.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120117.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120119.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120120.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120121.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120122.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120123.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120124.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120125.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120126.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120127.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120128.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120129.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120130.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120131.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120132.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120135.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120137.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Adware.ClickSpring;;
A0120144.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120145.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120146.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120147.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120148.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120149.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120150.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120151.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120152.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120153.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120154.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120155.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120156.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120157.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120158.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120159.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120160.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120161.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120162.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120163.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120164.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120165.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120177.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120188.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120190.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120191.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120192.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120193.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120194.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120195.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120196.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120197.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120198.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120199.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120200.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120202.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120203.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120204.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120205.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120206.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120207.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120208.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0120209.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP644;Trojan.MulDrop.9328;Deleted.;
A0121188.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121192.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121195.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121196.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121197.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121198.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121201.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121202.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121203.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121206.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121207.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121209.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121210.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121211.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121212.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121213.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121215.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121216.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121217.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121218.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121219.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121223.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121244.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121246.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121247.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121248.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121249.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121250.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121251.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121252.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121253.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121254.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121255.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121257.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121258.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121260.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121261.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121262.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121263.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121264.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121291.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121293.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121294.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121295.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121296.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121297.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121298.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121299.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121300.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121301.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121302.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121304.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121305.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121306.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121307.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121308.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121309.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121310.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121311.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP645;Trojan.MulDrop.9328;Deleted.;
A0121341.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121344.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121345.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121346.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121347.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121348.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121349.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121350.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121351.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121352.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121353.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121355.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121356.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121357.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121359.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121360.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121362.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121364.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP646;Trojan.MulDrop.9328;Deleted.;
A0121388.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121390.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121391.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121392.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121393.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121394.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121395.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121396.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121397.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121398.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121399.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121401.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121402.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121403.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121404.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121405.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121406.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121407.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121408.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121419.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121420.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121421.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121422.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121427.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121429.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121430.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121431.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121432.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121433.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121434.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121435.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121436.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121437.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121438.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121439.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121440.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121441.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121442.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121443.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121444.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121463.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121471.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121473.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121474.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121475.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121476.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121477.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121479.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121480.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121481.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121486.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121487.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121488.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121490.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121493.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121494.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121495.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121496.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121497.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121498.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121519.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121522.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121523.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121524.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121525.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121526.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121531.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121532.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121537.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121539.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121541.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121542.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121543.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121544.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121545.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121546.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121547.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121548.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121549.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121550.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121565.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121567.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121568.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121569.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121570.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121572.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121573.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121574.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121575.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121576.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121577.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121578.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121579.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121595.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121598.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121599.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121600.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121601.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121602.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121603.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121606.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121607.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121608.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121609.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121610.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121620.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121621.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121622.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121624.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121626.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121627.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121628.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121629.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121636.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121647.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121649.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121650.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121653.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121655.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121656.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121660.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121661.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121662.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121663.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121664.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121666.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121667.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121668.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121669.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121670.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121671.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121674.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121690.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121699.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121701.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121702.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121703.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121704.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121705.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121706.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121707.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121708.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121709.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121710.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121711.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121712.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121713.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121714.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121715.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121716.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121717.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121718.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121719.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121720.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121726.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP647;Trojan.MulDrop.9328;Deleted.;
A0121745.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121747.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121748.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121749.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121750.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121751.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121752.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121753.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121754.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121755.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121756.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121758.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121759.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121760.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121761.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121762.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121763.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121764.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121767.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP648;Trojan.MulDrop.9328;Deleted.;
A0121769.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121775.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121776.dll;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Adware.SearchAid.origin;;
A0121779.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121798.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121874.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121882.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121887.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121888.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121889.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121890.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121891.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121892.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121893.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121894.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121895.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121896.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121897.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121898.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121899.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121900.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121901.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121902.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121903.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP649;Trojan.MulDrop.9328;Deleted.;
A0121943.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121945.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121946.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121947.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121948.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121949.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121950.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121951.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121952.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121953.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121954.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121955.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121956.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121957.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121958.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121959.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121960.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121961.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP650;Trojan.MulDrop.9328;Deleted.;
A0121983.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121984.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121985.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121986.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121987.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121988.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121989.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121990.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121991.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121992.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121993.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121994.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121995.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121996.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121997.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121998.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0121999.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0122000.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0122001.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP651;Trojan.MulDrop.9328;Deleted.;
A0122007.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122008.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122009.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122010.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122011.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122012.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122013.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122014.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122015.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122016.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122017.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122018.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122019.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122020.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122021.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122022.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122023.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122024.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122025.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP654;Trojan.MulDrop.9328;Deleted.;
A0122029.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122035.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122038.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122039.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122040.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122045.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122047.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122048.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122049.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122050.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122051.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122052.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122053.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122054.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122055.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122056.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122057.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122058.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122059.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122078.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122079.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122080.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122081.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122082.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122084.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122085.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122086.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122087.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122088.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122089.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122090.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122091.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122169.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122171.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122173.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122174.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122175.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122176.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122177.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122178.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122179.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122180.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122181.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122183.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122184.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122185.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122186.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122187.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122188.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122189.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122192.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122214.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122230.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122231.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122232.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122233.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122234.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122235.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122236.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122237.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122238.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122239.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122240.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122241.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122242.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122243.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122244.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122245.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122246.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122247.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122248.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP655;Trojan.MulDrop.9328;Deleted.;
A0122303.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122305.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122306.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122307.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122308.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122309.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122310.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122311.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122312.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122314.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122315.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122316.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122317.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122318.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122319.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122320.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122323.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP656;Trojan.MulDrop.9328;Deleted.;
A0122325.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.DownLoader.37981;Deleted.;
A0122328.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122358.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122360.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122363.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122364.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122365.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122366.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122367.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122368.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122369.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122370.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122371.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122372.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122376.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122377.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122378.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122379.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122380.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP657;Trojan.MulDrop.9328;Deleted.;
A0122413.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Adware.SaveNow;;
A0122438.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122439.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122440.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122441.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122444.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122445.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122446.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122447.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122448.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122449.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122452.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122453.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122454.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122455.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122456.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122457.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.MulDrop.9328;Deleted.;
A0122465.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122466.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122467.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122468.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122469.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122472.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122473.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122474.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122475.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122476.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122479.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122480.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122481.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122482.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122483.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122484.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122485.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122486.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122487.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122515.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122517.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122518.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122519.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122520.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122521.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122522.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122523.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122524.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122525.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122527.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122528.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122529.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122530.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122531.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122532.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122533.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122534.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122548.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122562.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122563.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122564.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122565.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122566.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122568.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122569.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122570.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122571.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122572.EXE;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122573.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122574.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122575.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122582.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122583.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122584.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122585.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122586.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122587.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122588.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122589.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122590.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122591.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122592.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122593.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122594.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122595.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122596.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122597.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122598.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122599.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122600.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
A0122601.exe;C:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP660;Trojan.MulDrop.9328;Deleted.;
MiniBugTransporter.dll;C:\WINDOWS\Downloaded Program Files;Adware.Minibug;;
0.4370081.exe;C:\WINDOWS\system32;Trojan.MulDrop.9974;Deleted.;
ctfmon.exe.tmp;C:\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX3B.tmp;C:\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX3C.tmp;C:\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
RCX40.tmp;C:\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
vtsts.exe;C:\WINDOWS\system32;Trojan.MulDrop.9328;Deleted.;
DLACTRLW.EXE;C:\WINDOWS\system32\dla;Trojan.MulDrop.9328;Deleted.;
MiniBug.exe;D:\Documents and Settings\Michael\Local Settings\Temp;Adware.Minibug.origin;;
A0122414.exe;D:\System Volume Information\_restore{C91FBBA1-94FF-441A-9E7D-68F9E80AF8D7}\RP659;Trojan.Fakealert.origin;Incurable.Moved.;
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:34 AM

Posted 27 December 2007 - 05:10 PM

Please download this tool and save it to your desktop.

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Double click to run it and post the resulting log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Gold Dragon

Gold Dragon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 December 2007 - 03:52 PM

Ran on Fri 12/28/2007 - 13:49:47.85



----a-w		   313,472 2007-12-26 21:06:52  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe

----a-w			90,112 2007-12-26 21:06:32  C:\Program Files\ATI Technologies\ATI.ACE\CLIStart .exe

----a-w		   778,240 2007-12-28 20:47:40  C:\Program Files\AWS\WeatherBug\Weather  .exe

----a-w		 1,152,512 2007-12-27 00:29:05  C:\Program Files\AWS\WeatherBug\Weather .exe

----a-w			67,184 2007-12-26 21:06:29  C:\Program Files\Common Files\Symantec Shared\ccApp .exe

----a-w		   102,400 2007-12-26 21:06:43  C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe

----a-w			53,248 2007-12-26 21:06:34  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe

----a-w		   157,592 2007-12-26 21:06:30  C:\Program Files\DAEMON Tools\daemon .exe

----a-w		   147,456 2007-12-26 21:06:28  C:\Program Files\Iomega\AutoDisk\ADUserMon .exe

----a-w			32,768 2007-12-26 21:06:27  C:\Program Files\Iomega\DriveIcons\deskup .exe

----a-w			86,016 2007-12-26 21:06:28  C:\Program Files\Iomega\DriveIcons\ImgIcon .exe

----a-w		   217,088 2007-12-26 21:06:37  C:\Program Files\Logitech\Video\LogiTray .exe

----a-w		   196,608 2007-12-26 21:06:46  C:\Program Files\Logitech\Video\ManifestEngine .exe

----a-w		 1,318,912 2007-12-26 21:06:56  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe

----a-w		   120,640 2007-12-26 21:06:29  C:\Program Files\Symantec AntiVirus\VPTray .exe

----a-w		   728,176 2007-12-26 21:06:39  C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe

----a-w			15,360 2007-12-26 21:18:00  C:\WINDOWS\system32\ctfmon .exe

----a-w		   221,184 2007-12-26 21:33:08  C:\WINDOWS\system32\LVCOMSX .EXE

----a-w		   122,940 2007-12-26 21:06:35  C:\WINDOWS\system32\dla\DLACTRLW .EXE



 Entries:			   19  (19)

 Directories:			0  Files:			19

 Bytes:		  5,921,908  Blocks:	   11,570


#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:34 AM

Posted 29 December 2007 - 12:13 AM

Posted Image

Refering to the picture above, drag Log.txt into RenV.exe
When finished, it shall produce a new log for you. Post that log in your next reply.

Immediately run Combofix.exe and post that log also.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Gold Dragon

Gold Dragon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 29 December 2007 - 04:58 AM

ComboFix 07-12-21.4 - Michael 2007-12-29 2:42:07.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2641 [GMT -7:00]
Running from: D:\Zipapp\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\vtsts.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-29 02:48 . 2007-12-29 02:48 340,480 --------- C:\WINDOWS\system32\vtsts.dll
2007-12-29 02:36 . 2007-12-29 02:36 98,816 --a------ C:\Documents and Settings\Michael\sed.exe
2007-12-29 02:36 . 2007-12-29 02:36 27,136 --a------ C:\Documents and Settings\Michael\nircmd.exe
2007-12-29 02:20 . 2007-12-29 02:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-29 02:10 . 2007-12-29 02:48 344,064 --a------ C:\WINDOWS\system32\vtsts.exe
2007-12-29 02:02 . 2007-12-26 14:33 221,184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE
2007-12-29 02:02 . 2007-12-26 14:18 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-29 02:02 . 2007-12-26 14:18 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-28 20:36 . 2007-12-29 02:48 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2007-12-28 20:07 . 2007-12-28 20:07 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-27 02:14 . 2007-12-27 02:14 344,064 --a------ C:\WINDOWS\system32\RCX5.tmp
2007-12-26 23:21 . 2007-12-26 23:21 <DIR> d-------- C:\Documents and Settings\Michael\DoctorWeb
2007-12-26 14:34 . 2007-12-26 14:34 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-12-24 13:36 . 2007-12-24 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-24 13:35 . 2007-12-29 02:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-24 13:35 . 2007-12-24 13:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 13:35 . 2007-12-24 13:35 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2007-12-23 20:40 . 2007-12-23 20:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-12-22 19:30 . 2007-12-22 19:30 1,283,174 --a------ C:\Install
2007-12-22 19:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-22 19:28 . 2007-12-22 19:28 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-22 14:58 . 2007-12-22 14:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-11 12:46 . 2007-12-11 12:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 12:46 . 2007-12-11 12:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 12:46 . 2007-12-11 12:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 12:45 . 2007-12-11 12:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 12:45 . 2007-12-11 12:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 12:43 . 2007-12-11 12:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-05 19:36 . 2004-03-08 21:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 09:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 09:29 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-29 09:09 --------- d-----w C:\Documents and Settings\Michael\Application Data\ZipGenius
2007-12-29 03:20 --------- d-----w C:\Program Files\Clean Disk Security
2007-12-26 23:06 --------- d-----w C:\Program Files\QuickTime
2007-12-23 02:29 --------- d-----w C:\Program Files\Java
2007-12-20 21:46 --------- d-----w C:\Documents and Settings\Michael\Application Data\Azureus
2007-12-20 20:55 --------- d-----w C:\Program Files\DivX
2007-12-11 02:11 --------- d-----w C:\Program Files\Azureus
2007-12-06 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-28 20:32 --------- d-----w C:\Program Files\Macrovision Corporation
2007-11-28 20:32 --------- d-----w C:\Documents and Settings\Michael\Application Data\InstallShield
2007-11-12 02:29 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-11-12 02:28 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-11-07 08:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-02 03:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\ATI
2006-12-06 03:41 262,144 ----a-w C:\Documents and Settings\All Users\ntusera.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_19.48.02.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-14 22:40:54 40,960 ----a-r C:\WINDOWS\Installer\{848AC794-8B81-440A-81AE-6474337DB527}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2007-12-29 03:37:15 40,960 ----a-r C:\WINDOWS\Installer\{848AC794-8B81-440A-81AE-6474337DB527}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2006-05-14 22:40:54 40,960 ----a-r C:\WINDOWS\Installer\{848AC794-8B81-440A-81AE-6474337DB527}\NewShortcut4.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2007-12-29 03:37:15 40,960 ----a-r C:\WINDOWS\Installer\{848AC794-8B81-440A-81AE-6474337DB527}\NewShortcut4.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2006-05-14 22:40:54 40,960 ----a-r C:\WINDOWS\Installer\{848AC794-8B81-440A-81AE-6474337DB527}\NewShortcut5.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2007-12-29 03:37:15 40,960 ----a-r C:\WINDOWS\Installer\{848AC794-8B81-440A-81AE-6474337DB527}\NewShortcut5.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2007-12-24 20:35:50 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-12-24 20:35:50 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-12-24 20:35:50 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-12-24 02:36:06 493,568 ----a-w C:\WINDOWS\system32\dla\DLACTRLW.EXE
+ 2007-12-26 21:06:35 122,940 ----a-w C:\WINDOWS\system32\dla\DLACTRLW.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6A1041A-E823-44B4-8680-6CFC6DB00B4A}]
2007-12-29 02:48 340480 --------- C:\WINDOWS\system32\vtsts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartFTP Drop]
@={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

[HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
2007-11-08 01:51 406840 --a------ C:\Program Files\SmartFTP Client 2.0\sfShellTools.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-26 14:18]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-29 02:42]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2007-12-29 02:42]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2007-12-29 02:48]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-12-29 02:42]
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-12-29 02:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-29 02:48]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-29 02:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-07 13:51:07]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\vtsts.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsts

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe


.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 02:49:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ststv.ini 367 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\vtsts.dll
.
Completion time: 2007-12-29 2:50:56 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-29 02:18
C:\ComboFix3.txt ... 2007-12-26 17:40
------------------------------------------------------------------------------------------------------------------------------------
RenV:
Ran on Sat 12/29/2007 -  2:31:05.28

 Entries:				0  (0)
 Directories:			0  Files:			 0
 Bytes:				  0  Blocks:			0

A little side note with the running of RenV: It started an endless loop. I don't know if it fixed (or even DID) anything....

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:34 AM

Posted 29 December 2007 - 10:44 AM

Yes, it did exactly what it was supposed to do. I'm not sure about the endless loop, but the log looks good.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.


File::
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtsts.exe
C:\WINDOWS\system32\RCX5.tmp
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\Windows\xpupdate.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6A1041A-E823-44B4-8680-6CFC6DB00B4A}]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.


===============


After you post those logs here, please run this online virus scan. It will find any leftover files that we missed.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users