Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help - Vitumonde; Abetterinternet; Command...


  • This topic is locked This topic is locked
18 replies to this topic

#1 cluner

cluner

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 April 2008 - 10:39 PM

Ran CC Cleanser, ADAware and SPTBOT. Still had Virtumonde. ABetterInternebt, Command Service, Mediamotor and Mirar.
Also ran Trend Officescan Client and noticed thousands of ZIP files at C:\\WINDOWS\Fonts\ _ \XXX.ZIP The XXX is the different names. Most names are related to music.

Thanking you in advance.

This is the DSS Main Text:

Deckard's System Scanner v20071014.68
Run by Robert on 2008-04-04 21:55:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
41: 2008-04-05 02:55:17 UTC - RP1191 - Deckard's System Scanner Restore Point
40: 2008-04-04 23:38:40 UTC - RP1190 - Spybot-S&D Spyware removal
39: 2008-04-04 21:43:16 UTC - RP1189 - System Checkpoint
38: 2008-04-02 12:06:22 UTC - RP1188 - Spybot-S&D Spyware removal
37: 2008-04-01 23:21:02 UTC - RP1187 - Spybot-S&D Spyware removal


-- First Restore Point --
1: 2008-02-04 22:51:23 UTC - RP1151 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).
System Drive C: has 1.4 GiB (less than 15%) free.


-- HijackThis (run as Robert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:02 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\Um9iZXJ0IENsdW5l\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\TEMP\FV48E6.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Robert\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robert.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: {55cc33c4-87b1-4c9a-2654-7871c6caa020} - {020aac6c-1787-4562-a9c4-1b784c33cc55} - C:\WINDOWS\system32\bawavukn.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_2_3_0.dll (file missing)
O2 - BHO: (no name) - {0CA4737B-AC52-4879-A945-5B036F3B6D55} - C:\Program Files\MSN Gaming Zone\dimavegis89104.dll (file missing)
O2 - BHO: 0 - {0FC7D037-DB9E-418E-3EA4-C2FF5AF43BC4} - C:\Program Files\ComPlus Applications\lacusylag801.dll
O2 - BHO: (no name) - {3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA} - C:\WINDOWS\system32\jkkkhfe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57448B20-797C-41D1-AEBE-A07199875E44} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {db9dd999-2a46-4ccb-9056-d11f6dbed6f4} - C:\WINDOWS\system32\clbshrb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_2_3_0.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_2_3_0.cab
O20 - Winlogon Notify: jkkkhfe - jkkkhfe.dll (file missing)
O20 - Winlogon Notify: ltorbyxa - ltorbyxa.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9iZXJ0IENsdW5l\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 9554 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>

S3 basic2 - c:\windows\system32\drivers\basic2.sys (file missing)
S3 Rksample - c:\windows\system32\drivers\rksample.sys (file missing)
S3 SetupSys (Conexant Setup API) - c:\windows\system32\drivers\setupsys.sys <Not Verified; Conexant; Diagnostic Interface>
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\progra~1\verizo~1\vzacce~1\smndis5.sys (file missing)
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 cmdService (Command Service) - c:\windows\um9izxj0iensdw5l\command.exe
R2 OfcPfwSvc (OfficeScanNT Personal Firewall) - c:\program files\trend micro\officescan client\ofcpfwsvc.exe <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 tmlisten (OfficeScanNT Listener) - c:\program files\trend micro\officescan client\tmlisten.exe <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_3189109F&REV_01\3&61AAA01&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_3189109F&REV_01\3&61AAA01&0&FD
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-01 20:17:08 260 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-02-22 13:52:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 20:59:55 0 dr-h----- C:\Documents and Settings\Robert\Recent
2008-03-29 15:08:45 85568 --a------ C:\WINDOWS\system32\hapebtib.dll
2008-03-16 14:21:19 0 dr-h----- C:\Documents and Settings\John\Recent
2008-03-10 07:01:55 93760 --a------ C:\WINDOWS\system32\bawavukn.dll
2008-03-10 07:01:21 37888 --a------ C:\WINDOWS\system32\opnolih.dll
2008-03-10 07:01:17 243 --a------ C:\870.bat
2008-03-10 07:00:39 89152 --a------ C:\WINDOWS\system32\bdrwsmhr.dll
2008-03-10 06:59:52 77 --a------ C:\Documents and Settings\Robert\4825.bat


-- Find3M Report ---------------------------------------------------------------

2008-04-04 21:57:48 0 d-------- C:\Program Files\Trend Micro
2008-04-01 07:37:55 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-29 15:08:53 274470 --ahs---- C:\WINDOWS\system32\aybeg.ini2
2008-03-29 14:02:47 155648 --a------ C:\WINDOWS\b.exe
2008-03-10 07:11:33 0 d-------- C:\Documents and Settings\Robert\Application Data\Adobe
2008-03-10 07:01:01 143360 -----n--- C:\csrss.exe
2008-03-10 07:00:32 111839 --a------ C:\smss.exe
2008-03-10 07:00:17 9296 --a------ C:\services.exe
2008-03-10 06:59:38 40960 --a------ C:\svchost.exe
2008-03-03 23:14:58 117204 --a------ C:\z.dat
2008-03-03 23:14:57 1184 --a------ C:\x.dat
2008-03-03 23:14:50 134 --a------ C:\n.bat
2008-03-03 23:13:12 300 --a------ C:\4654.bat
2008-03-03 23:12:54 172032 --a------ C:\winlogon.exe
2008-03-03 23:12:51 35328 --a------ C:\WINDOWS\system32\vturpop.dll
2008-03-03 23:06:42 0 -rahs---- C:\MSDOS.SYS
2008-03-03 23:06:42 0 -rahs---- C:\IO.SYS
2008-03-03 18:33:11 135168 --a------ C:\WINDOWS\tk58.exe
2008-03-03 18:32:33 300 --a------ C:\6930.bat
2008-03-03 18:04:36 35328 --a------ C:\WINDOWS\system32\khfddda.dll
2008-03-03 18:03:28 95296 --a------ C:\WINDOWS\system32\micibbah.dll
2008-03-03 18:02:00 91712 --a------ C:\WINDOWS\system32\rgermywf.dll
2008-02-28 21:30:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-28 17:36:00 111839 --a------ C:\c.exe
2008-02-28 17:35:57 34816 --a------ C:\WINDOWS\system32\ssqonon.dll
2008-02-28 17:35:52 52736 -----n--- C:\b.exe
2008-02-28 17:35:40 9296 --a------ C:\a.exe
2008-02-28 17:23:58 52736 --a------ C:\e.exe
2008-02-27 19:58:05 0 d-------- C:\Program Files\Common Files
2008-02-27 19:05:36 85056 --a------ C:\WINDOWS\system32\vqfylrol.dll
2008-02-27 19:00:52 90176 --a------ C:\WINDOWS\system32\vnwyaorv.dll
2008-02-27 18:59:21 91712 --a------ C:\WINDOWS\system32\tmruklen.dll
2008-02-27 18:58:42 34816 --a------ C:\WINDOWS\system32\tuvtqqp.dll
2008-02-26 07:01:26 89152 --a------ C:\WINDOWS\system32\vivdaitv.dll
2008-02-26 06:55:17 91712 --a------ C:\WINDOWS\system32\qpcrrpvx.dll
2008-02-25 21:56:30 0 d-------- C:\Program Files\StorageProtector
2008-02-25 18:04:00 0 d-------- C:\Program Files\Common Files\StorageProtector
2008-02-25 17:14:59 36864 --a------ C:\WINDOWS\system32\khfgdde.dll
2008-02-25 06:58:35 90688 --a------ C:\WINDOWS\system32\jamcrdnt.dll
2008-02-25 06:55:36 163904 --a------ C:\WINDOWS\system32\qfjyfwsa.dll
2008-02-24 18:29:38 36864 --a------ C:\WINDOWS\system32\pmnmkjj.dll
2008-02-24 18:17:21 0 d-------- C:\Program Files\RABCO
2008-02-24 14:11:54 0 d-------- C:\Documents and Settings\Robert\Application Data\Canon
2008-02-24 06:56:53 90176 --a------ C:\WINDOWS\system32\npttakhy.dll
2008-02-23 23:23:53 0 d-------- C:\Program Files\NoDNS
2008-02-23 17:49:19 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-03 13:47:15 37760 --a------ C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{020aac6c-1787-4562-a9c4-1b784c33cc55}]
03/10/2008 07:01 AM 93760 --a------ C:\WINDOWS\system32\bawavukn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CA4737B-AC52-4879-A945-5B036F3B6D55}]
C:\Program Files\MSN Gaming Zone\dimavegis89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FC7D037-DB9E-418E-3EA4-C2FF5AF43BC4}]
03/03/2008 06:34 PM 70144 --a------ C:\Program Files\ComPlus Applications\lacusylag801.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}]
C:\WINDOWS\system32\jkkkhfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57448B20-797C-41D1-AEBE-A07199875E44}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9dd999-2a46-4ccb-9056-d11f6dbed6f4}]
C:\WINDOWS\system32\clbshrb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [03/26/2002 11:28 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [03/26/2002 11:20 PM]
"SoundMan"="SOUNDMAN.EXE" [06/27/2002 12:00 PM C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/08/2005 11:40 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [08/31/2005 03:21 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 04:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [10/29/2003 12:01 PM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [07/13/2000 03:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}"= C:\WINDOWS\system32\jkkkhfe.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfe]
jkkkhfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ltorbyxa]
ltorbyxa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


-- End of Deckard's System Scanner: finished at 2008-04-04 22:16:33 ------------

This is DSS extra text:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.00GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 253.98 MiB / 79.13 MiB
Pagefile Memory (total/avail): 624.96 MiB / 382.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.47 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.22 GiB total, 1.4 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400EB-00CPF0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.22 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\aim\\aim.exe"="C:\\Program Files\\aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Rand McNally\\TripMaker Deluxe\\Trpmaker.exe"="C:\\Program Files\\Rand McNally\\TripMaker Deluxe\\Trpmaker.exe:*:Enabled:Trpmaker"
"C:\\Westwood\\RA2\\gamemd.exe"="C:\\Westwood\\RA2\\gamemd.exe:*:Disabled:Main executable for Yuri's Revenge"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\aim\\aim.exe"="C:\\Program Files\\aim\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robert\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe HE 3.1\AdobeConnectables;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROBERT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robert
LOGONSERVER=\\ROBERT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Robert\LOCALS~1\Temp
TMP=C:\DOCUME~1\Robert\LOCALS~1\Temp
USERDOMAIN=ROBERT
USERNAME=Robert
USERPROFILE=C:\Documents and Settings\Robert
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Robert (admin)
Andrea (admin)
John (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe PhotoDeluxe Home Edition 3.1 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.1\DeIsL2.isu" -c"C:\Program Files\PhotoDeluxe HE 3.1\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~3\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~3\Install.log
Adobe Type Manager 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL2.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP450 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}\DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant SoftK56 Modem(M) --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200214F1
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Elecard MPEG-2 Decoder&Streaming Plug-in for WMP --> "C:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP\Uninstall.exe" "C:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP\install.log" -u
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\setup.exe" -inteluninstall
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia 2000 --> "C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe" /uninstall
Microsoft Learning and Research Plus Support Files --> MsiExec.exe /I{00000000-3976-4267-9F39-1DC4745090B7}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Internet Software --> C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe
MSN Messenger 5.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314B00540}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Quicken Lawyer 2003 Personal --> C:\WINDOWS\unvise32.exe C:\Program Files\Quicken Lawyer 2003 Personal\uninstal.log
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SafeCast Shared Components --> C:\WINDOWS\CDAC13BA.EXE /uninstall
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Companion --> rundll32.exe C:\WINDOWS\DOWNLO~1\YCOMP5~1.DLL,DllCommand ui

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:13 AM

Posted 05 April 2008 - 06:04 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 cluner

cluner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 06 April 2008 - 07:48 AM

Ran ComboFix. Log follows:


ComboFix 08-04-04.1 - Robert 2008-04-06 7:05:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.72 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: Windir.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\{382F5~1
C:\Program Files\Common Files\{382F5~1\MyToolBar.dll
C:\Program Files\Common Files\{D82F5~1
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\ComPlus Applications\lacusylag.dll
C:\Program Files\ComPlus Applications\lacusylag460.dll
C:\Program Files\ComPlus Applications\lacusylag801.dll
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\RABCO
C:\Program Files\RABCO\un_RABCOSetup_16230.exe
C:\Program Files\StorageProtector
C:\Program Files\StorageProtector\swupd.log
C:\smss.exe
C:\svchost.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BMdb1c6059.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\-
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\bawavukn.dll
C:\WINDOWS\system32\bdrwsmhr.dll
C:\WINDOWS\system32\bitbepah.ini
C:\WINDOWS\system32\hapebtib.dll
C:\WINDOWS\system32\khfddda.dll
C:\WINDOWS\system32\khfgdde.dll
C:\WINDOWS\system32\lorlyfqv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nGpxx18\nGpxx182328.exe
C:\WINDOWS\system32\npttakhy.dll
C:\WINDOWS\system32\opnolih.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnmkjj.dll
C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\tuvtqqp.dll
C:\WINDOWS\system32\vnwyaorv.dll
C:\WINDOWS\system32\vqfylrol.dll
C:\WINDOWS\system32\vturpop.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\tk58.exe
C:\WINDOWS\Um9iZXJ0IENsdW5l\
C:\WINDOWS\Um9iZXJ0IENsdW5l\\asappsrv.dll
C:\WINDOWS\Um9iZXJ0IENsdW5l\\command.exe
C:\WINDOWS\Um9iZXJ0IENsdW5l\\oA62trLXKHhPxqc5.vbs
C:\WINDOWS\Um9iZXJ0IENsdW5l\command.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService


((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-04 21:54 . 2008-04-04 21:54 <DIR> d-------- C:\Deckard
2008-04-04 20:58 . 2008-04-06 06:52 0 --a------ C:\WINDOWS\system32\atmtd.dll.tmp
2008-03-29 14:38 . 2008-03-29 14:38 386 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-10 07:04 . 2008-03-29 14:38 1,318,343 ---hs---- C:\WINDOWS\system32\nhnnyyca.ini
2008-03-10 07:01 . 2008-03-10 07:01 243 --a------ C:\870.bat
2008-03-10 06:59 . 2008-03-10 06:59 77 --a------ C:\Documents and Settings\Robert\4825.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 02:57 --------- d-----w C:\Program Files\Trend Micro
2008-04-05 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 19:02 155,648 ----a-w C:\WINDOWS\b.exe
2008-03-10 12:01 143,360 ------w C:\csrss.exe
2008-03-10 12:00 9,296 ----a-w C:\services.exe
2008-03-10 11:59 40,960 ----a-w C:\Documents and Settings\Robert\services.exe
2008-03-04 04:14 134 ----a-w C:\n.bat
2008-03-04 04:13 40,960 ----a-w C:\Documents and Settings\Robert\f.exe
2008-03-04 04:13 300 ----a-w C:\4654.bat
2008-03-04 04:10 77 ----a-w C:\Documents and Settings\Robert\4708.bat
2008-03-03 23:35 --------- d-----w C:\Documents and Settings\Andrea\Application Data\LimeWire
2008-03-03 23:32 77 ----a-w C:\Documents and Settings\Andrea\8387.bat
2008-03-03 23:32 36,864 ----a-w C:\Documents and Settings\Andrea\services.exe
2008-03-03 23:32 300 ----a-w C:\6930.bat
2008-02-29 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 22:36 115,988 ----a-w C:\y.zip
2008-02-28 22:36 111,839 ----a-w C:\c.exe
2008-02-28 22:35 9,296 ----a-w C:\a.exe
2008-02-28 22:35 77 ----a-w C:\Documents and Settings\John\2572.bat
2008-02-28 22:35 52,736 ------w C:\b.exe
2008-02-28 22:34 36,864 ----a-w C:\Documents and Settings\John\services.exe
2008-02-28 22:23 77 ----a-w C:\Documents and Settings\John\6097.bat
2008-02-28 22:23 52,736 ----a-w C:\e.exe
2008-02-28 22:11 77 ----a-w C:\Documents and Settings\John\7966.bat
2008-02-28 21:57 77 ----a-w C:\Documents and Settings\John\6813.bat
2008-02-28 19:51 77 ----a-w C:\Documents and Settings\Andrea\3745.bat
2008-02-26 02:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-25 23:04 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-24 19:11 --------- d-----w C:\Documents and Settings\Robert\Application Data\Canon
2008-02-03 18:47 37,760 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
2007-09-08 19:43 37,760 ----a-w C:\Documents and Settings\Andrea\Application Data\GDIPFONTCACHEV1.DAT
2006-03-12 17:56 5,175,696 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CA4737B-AC52-4879-A945-5B036F3B6D55}]
C:\Program Files\MSN Gaming Zone\dimavegis89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57448B20-797C-41D1-AEBE-A07199875E44}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9dd999-2a46-4ccb-9056-d11f6dbed6f4}]
C:\WINDOWS\system32\clbshrb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-10-29 12:01 524288]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 15:00 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-03-26 23:28 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-03-26 23:20 106496]
"SoundMan"="SOUNDMAN.EXE" [2002-06-27 12:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-08 11:40 180269]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 15:21 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 11:21 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfe]
jkkkhfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ltorbyxa]
ltorbyxa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= wmv9vcm.dll
"vidc.tscc"= tsccvid.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
S3 SetupSys;Conexant Setup API;C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 10:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 18:52:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 01:17:08 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 07:34:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\TEMP\MU44FD.EXE
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-06 7:38:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 12:38:48
Pre-Run: 1,425,797,120 bytes free
Post-Run: 7,139,942,400 bytes free
.
2008-03-29 19:40:01 --- E O F ---

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:13 AM

Posted 07 April 2008 - 06:18 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\nhnnyyca.ini
C:\870.bat
C:\Documents and Settings\Robert\4825.bat
C:\WINDOWS\b.exe
C:\csrss.exe
C:\services.exe
C:\Documents and Settings\Robert\services.exe
C:\n.bat
C:\Documents and Settings\Robert\f.exe
C:\4654.bat
C:\Documents and Settings\Robert\4708.bat
C:\Documents and Settings\Andrea\8387.bat
C:\Documents and Settings\Andrea\services.exe
C:\6930.bat
C:\y.zip
C:\c.exe
C:\a.exe
C:\Documents and Settings\John\2572.bat
C:\b.exe
C:\Documents and Settings\John\services.exe
C:\Documents and Settings\John\6097.bat
C:\e.exe
C:\Documents and Settings\John\7966.bat
C:\Documents and Settings\John\6813.bat
C:\Documents and Settings\Andrea\3745.bat
C:\Program Files\MSN Gaming Zone\dimavegis89104.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\clbshrb.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CA4737B-AC52-4879-A945-5B036F3B6D55}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57448B20-797C-41D1-AEBE-A07199875E44}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9dd999-2a46-4ccb-9056-d11f6dbed6f4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ltorbyxa]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.


====================



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 cluner

cluner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 07 April 2008 - 07:29 PM

Thanks for your time, I am postng ComboFix, HiJackThis and DrWeb logs.
Lots of scary stuff!

HERE IS COMBOFIX #2:

ComboFix 08-04-04.1 - Robert 2008-04-07 6:32:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.51 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robert\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\4654.bat
C:\6930.bat
C:\870.bat
C:\a.exe
C:\b.exe
C:\c.exe
C:\csrss.exe
C:\Documents and Settings\Andrea\3745.bat
C:\Documents and Settings\Andrea\8387.bat
C:\Documents and Settings\Andrea\services.exe
C:\Documents and Settings\John\2572.bat
C:\Documents and Settings\John\6097.bat
C:\Documents and Settings\John\6813.bat
C:\Documents and Settings\John\7966.bat
C:\Documents and Settings\John\services.exe
C:\Documents and Settings\Robert\4708.bat
C:\Documents and Settings\Robert\4825.bat
C:\Documents and Settings\Robert\f.exe
C:\Documents and Settings\Robert\services.exe
C:\e.exe
C:\n.bat
C:\Program Files\MSN Gaming Zone\dimavegis89104.dll
C:\services.exe
C:\WINDOWS\b.exe
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\clbshrb.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\nhnnyyca.ini
C:\y.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\4654.bat
C:\6930.bat
C:\870.bat
C:\a.exe
C:\b.exe
C:\c.exe
C:\csrss.exe
C:\Documents and Settings\Andrea\3745.bat
C:\Documents and Settings\Andrea\8387.bat
C:\Documents and Settings\Andrea\services.exe
C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\think-adz.lnk
C:\Documents and Settings\John\2572.bat
C:\Documents and Settings\John\6097.bat
C:\Documents and Settings\John\6813.bat
C:\Documents and Settings\John\7966.bat
C:\Documents and Settings\John\services.exe
C:\Documents and Settings\John\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\John\Start Menu\Programs\Startup\think-adz.lnk
C:\Documents and Settings\Robert\4708.bat
C:\Documents and Settings\Robert\4825.bat
C:\Documents and Settings\Robert\f.exe
C:\Documents and Settings\Robert\services.exe
C:\e.exe
C:\n.bat
C:\services.exe
C:\WINDOWS\b.exe
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\fjjmmqaw.ini
C:\WINDOWS\system32\ltorbyxa.dllbox
C:\WINDOWS\system32\nhnnyyca.ini
C:\WINDOWS\system32\uafoajwc.ini
C:\WINDOWS\system32\wejurtij.ini
C:\y.zip

.
((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.

2008-04-04 21:54 . 2008-04-04 21:54 <DIR> d-------- C:\Deckard
2008-03-29 14:38 . 2008-03-29 14:38 386 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 02:57 --------- d-----w C:\Program Files\Trend Micro
2008-04-05 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 19:07 118,343 ----a-w C:\WINDOWS\Fonts\x.zip
2008-03-03 23:35 --------- d-----w C:\Documents and Settings\Andrea\Application Data\LimeWire
2008-03-03 23:03 95,296 ----a-w C:\WINDOWS\system32\micibbah.dll
2008-03-03 23:02 91,712 ----a-w C:\WINDOWS\system32\rgermywf.dll
2008-02-29 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 23:59 91,712 ----a-w C:\WINDOWS\system32\tmruklen.dll
2008-02-26 12:01 89,152 ----a-w C:\WINDOWS\system32\vivdaitv.dll
2008-02-26 11:55 91,712 ----a-w C:\WINDOWS\system32\qpcrrpvx.dll
2008-02-26 02:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-25 23:04 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-25 11:58 90,688 ----a-w C:\WINDOWS\system32\jamcrdnt.dll
2008-02-25 11:55 163,904 ----a-w C:\WINDOWS\system32\qfjyfwsa.dll
2008-02-24 19:11 --------- d-----w C:\Documents and Settings\Robert\Application Data\Canon
2008-02-23 22:49 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-02-03 18:47 37,760 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
2007-09-08 19:43 37,760 ----a-w C:\Documents and Settings\Andrea\Application Data\GDIPFONTCACHEV1.DAT
2006-03-12 17:56 5,175,696 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-10-29 12:01 524288]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 15:00 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-03-26 23:28 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-03-26 23:20 106496]
"SoundMan"="SOUNDMAN.EXE" [2002-06-27 12:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-08 11:40 180269]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 15:21 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 11:21 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= wmv9vcm.dll
"vidc.tscc"= tsccvid.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
S3 SetupSys;Conexant Setup API;C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 10:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 18:52:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 01:17:08 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 06:36:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-07 6:37:45
ComboFix-quarantined-files.txt 2008-04-07 11:37:28
ComboFix2.txt 2008-04-06 12:39:01
Pre-Run: 7,126,667,264 bytes free
Post-Run: 7,108,141,056 bytes free
.
2008-03-29 19:40:01 --- E O F ---



HERE IS HIJACK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:59 AM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_2_3_0.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_2_3_0.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_2_3_0.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 8210 bytes


HERE IS DRWEB:

#1 DVD Ripper 3.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
007 MP3 Sound Recorder v1.00.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
1st Email Address Verifier 2006.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
32bit Convert It vc9.92.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
3D Crazy Mechanic Clock Screensaver.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
3D Screensavers Space Tour collection.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
3D Space Screensaver 2.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
737 Pilot In Command.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
A-one DVD Copy v4.22.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
A-one DVD Creator v4.22.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Absolute DVD Copy v1.4.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Absolute Uninstaller v.2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Absolute Video Converter v2.5.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Absolute Video Converter v2.7.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Absolute Video Splitter Joiner v1.6.7.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AbsoluteTelnet ver 3.85.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Acala DVD Ripper v2.2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ACD Systems Canvas X 925.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ACD Systems FotoSlate v4.0.21.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ACDSee Photo Editor 4.0.211.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ace DVD Audio Extractor 1.2.26.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ace DVD Backup 1.2.32.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ace Pro Screensaver Creator 3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Acme Photo ScreenSaver Maker v1.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Active KeyBoard v3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ActiveExit XP 3.21.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ad Muncher ver. 4.7.18335 Beta.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AD Sound Recorder 3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AddSnippet 1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Adobe Flex Builder v2.0.143459 Retail.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ADSL Kota v2.1 Pro.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Advanced e-Learning Builder 3.5.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Advanced e-Learning Builder 3.6.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Advanced Intuit Password Recovery 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Advanced MP3 Catalog Pro 3.35.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Advanced RAR Repair v1.1 Retail.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Adware Spyware Be Gone 2.1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Age of Pirates Caribbean Tales - RELOADED.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AggPub v1.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ahead DVD Ripper 2.4.2.09.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ahead DVD Ripper SE v2.3.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Aio Xp Helper.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AIPL Singulator 1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Airfoil 1.0 beta 2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AirXonix 1.45.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AK Research NotesHolder 1.52.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Alawar Arkanoid 4000 v1.20.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Alchemy Mindworks Pagan Daybook 3 v5.0a21.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Alfa Antiterror.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AlgoLab Photo Vector v1.98.49.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Alien Shooter 2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Alive WMA MP3 Recorder v3.2.0.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Alleysoft AutoRun Design Specialty.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Almeza MultiSet 4.1.185.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Alpha Ball v1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ALSoft Duplicate File Detector 2.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ALSoft Fast Printer Chooser 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ALSoft Slideshow Movie Producer 1.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ALSoft Video Converter 1.7.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Alteros 3D v2.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Amadis DVD Ripper Pro v1.2.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AMUST Registry Cleaner 3.50.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
An Introduction to Computer Simulation.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Animated GIF Producer.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Annapolis DVDRip Xvid.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Anti Tracks v5.9.8 Eclipse.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Aone Ultra AVI Converter v2.1.8 WinALL.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Apex Video Converter Pro v.5.84.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ApexSQL Clean v2005.07.0122.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ApexSQL Diff v2005.10.0198.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Aplus DVD to Divx Xvid Ripper 8.28.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Archivarius 3000 v3.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ardamax Keylogger v2.x-v2.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ArGoSoft Mail Server .NET Edition v1.0.1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Arial Audio Converter V2.3.48.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ashampoo Burning Studio v.7.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ashampoo Magic Defrag.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ashampoo UnInstaller Platinum 2 v2.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Astersoft DBF Doctor v1.68.54 Cracked.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Atani 4.2.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Atomic Clock Service v2.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Auction Auto Bidder 6.1.578.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Auction Wizard 2000 v2.3.252.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Audio Commander v3.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Audio Convertor Plus 2.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Audio Editor Gold v7.6.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Audio Editor Plus 2.7.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AudioList Plus v4.0.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Auto FTP Manager v3.40.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Autodesk AutoCAD Mechanical v2007.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Automatic Windows And Internet Washer v5.0.47.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AutoPatcher Win 2000 XP 2003 98 ME.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AutoRun Design Specialty v7.0.6.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AutoRun Pro v6.0.0.40.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Avatar The Last AirBender.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AVI ToolBox v.1.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Avira Premium Security Suite 2008 7.06.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Avira Premium Security Suite 8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
AxySoft AirXoniX v1.45.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Backline American Records Vol 32.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Bad Cd Repair Pro v 4.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Balloon Blast v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Bambi II 2006 Sapphire XVID DVDRip.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Basic Inventory Control v5.0.120.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Batch Image Resizer 2.88.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Batch Video Joiner v1.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Batch Watermark Creator 5.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Batch WMV to AVI MPEG WMV VCD SVCD DVD 3.5.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Battlefield 2142 - Razor 1911.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BayGenie eBay Auction Sniper Pro Edition v2.8.4.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Belltech Greeting Cards Designer v3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Belltech Greeting Cards Designer v4.0.rar.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Best Uninstaller 2.12.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Better JPEG.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Biathlon Champion 2007 GERMAN.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BitComet 0.61.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Blacksun Software Disk Recon v3.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Blaze 3D Studio v1.5.0.216.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BlazingTools Perfect Keylogger v1.6.6.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Book Collector Pro v5.0.1 © 2007.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BookBag Plus v4.1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Boxed Screensaver v.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Brasfoot 2006.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Breeze Browser v2.11 (Full).exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Broken Sword I - II and III.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BS 1 Professional 2007.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BS-1 Accounting 2007.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BS-1 Enterprise with Manufacturing 2007.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BS1 General Ledger 2007.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
BSplayer Pro v2.0 Retail.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Business Letter Pro 2006 5.2.0.0 Full.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
CachemanXP 1.1.2.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Caesar IV - RELOADED.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Cam Upload v1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
CaptureXT Screen Capture 2.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Casino Island To Go.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Catz 6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Championship Manager 01-02.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Championship Manager 06.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Change Case of Directory Names 7.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Charm Real Converter Pro 6.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Cheetah DVD Burner v1.53.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Civil Air Patrol - CRIME.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Clean Space Ultimate v11.00.1605.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
CleanCenter Full.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Cleanerzoomer v3.64a.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Clipboard Box V3.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
CodeLocker v2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
CoffeeCup Flash Form Builder ver. 4.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
CoffeeCup Live Chat v4.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Computer Security Tool v4.0.0.57.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Converio v2.2.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Cool All Video Audio to MP3 WAV Converter v2.55.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Cool MP3 Splitter v2.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Cool Music Card v3.60.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
CopyKiller 3.99 (pre 4.0).exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
CopyPod Photo 1.10.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Corel® Photo Album™ 6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Cossacks 2 Battle For Europe-DIE.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Crypto System Personal v1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
D-Route Light 2007.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Daily Bible and Prayer v. 2.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Dameware NT Utilities 6.7.0.7.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DAP v8.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Dark Files v4.0.1.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DDD Pool v1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Deckadance 1.20.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Design Color Wheel 1.00.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DialogBlocks v4.10.UNICODE.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DialupMaster 1.3 Pocket PC.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Digital ObjectRescue Professional 4.5.169.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Direct Stream Recorder.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Disk Drive Security 1.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Disk Drive Security 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DiskEncryptor 1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Divcom Software Active Tray 2.2.5.1028.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Dokmee Professional v.1.9.2.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Dominoes For Windows v5.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Dplot 2.1.1.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DSL Speed 3.7.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Duke Nukem 2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Duke Nukem 3D.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DupExplorer 1.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DVD Rip Factory Pro 8.0.10.10.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DVD to iPod Video Converter Suite v3.15.3.26 Retail.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DVD-Cloner IV v4.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DVD2oneX v2.0.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
DVDFab Platinum 3.1.0.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Easy Drive Lock 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Easy DVD to DivX VCD SVCD Converter Version 3.0.48.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Easy DVD to VCD Burner v2.0.57.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Easy DVD-Video Copy v3.0.33.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Easy File Sharing FTP Server 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Easy Music CD Burner v3.0.23.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Easy Real Converter v1.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Easy Video To iPod MP4 PSP 3GP Converter 1.2.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
EasyImage Batch v1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
EasyWay 1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
EMS Data Comparer 2007 for Oracle 2.0.0.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Enterprise Threat Shield v3.00.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Error Repair Pro 1.1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ESET NOD32 Antivirus 3.0.636.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Europa Universalis III PL.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Event Horizon DVDRip Xvid.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Evidence Destructor v2.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ExamDiff Pro v3.42.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Express Archiver v3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Express Burn Plus.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Express Plus v2.1.2.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
EzyTuner 1.36.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Fake Webcam 3.9.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Family 2007 PersonalFinance R06.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Farcry iSO.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FarStone DriveClone Pro Server v5.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Fast Recorder v3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FeedForAll 2.0.2.9.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FileMaker Pro 8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FileMatrix v8.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FileName Pro 2.0.17.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FindDoubleFiles 1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Flash Favorite v1.6.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Flash2Video v2.26.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Folder Security Personal v.4.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FolderHighlight 1.4.1128.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FolderNews 1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Font Fitting Room Deluxe v2.8.2.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FontExplorerL.M. v4.2.2 Build 1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Football Manager 2007 v7.0.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Football Mogul 2007 RELOADED.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ford Racing 3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Forex Tester Pro 1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Fox Video Capture Convert Burn Studio 7.9.6.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Foxmail Backup Expert 1.12.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
FTPRush 1.0.0605 UNICODE.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Fun Morph 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Galactic Civilizations II Dread Lords-RELOADED iSO.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Galaxy Journey 3D Screensaver 1.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Game Key Revealer 0.2.05.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Gangsters 2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Genie Backup Manager Professional v7.0.138.309.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
GetData Recover My Files 3.98.5178.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Glucose Tracker v5.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
GPSMapEdit 1.0.31.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
GrabJPG 2.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Gradekeeper 6.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Graphe Easy v2.20.0.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
GROUND ZERO GENESIS OF A NEW WORLD GERMAN-POSTMORTEM.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Hando Video Converter Pro v2.5.0.1200.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Happy Birthday v1.0 XP.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Hard Drive Inspector 2.0.317.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
HDClone v3.1.11 Pro.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Headsoft Clone Cleaner Pro v1.02.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Hearts of Iron - Armageddon.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Hex Workshop 4.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
HidesFiles 1.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
HiFi Recorder 1.1.0.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Hiren's BootCD 9.4 2008.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Hoodwinked DVDR.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
HOYLE GAMES 2007.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
HyperSnap-DX 6.10.02 WORKING.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
HyperSnap-DX v5.60.06.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
HyperSnap-DX v5.63.00.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ID Folder Protector 1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ID Registry Cleaner 1.2.2b.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ID USB Lock Key 1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
iDesksoft Desktop Icon Toy 3.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Idm Ultraedit v11.10B Plus 1 German.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Image Grabber II.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Image Sizer 1.04.18.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO AVI To DVD Converter v1.0.00.1201B.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO DivX To DVD Converter v2.0.00.1202B.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO DVD Creator 2.0.13 build-0915.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO DVD Creator v1.0.00.1129B.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO DVD to DivX Converter 4.0.57 build-1018.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO DVD To DivX Converter v4.0.28.1201.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO DVD to iPod Converter 4.0.56 build-0928.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO iPod Computer Transfer 2.0.86.02.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ImTOO MPEG To DVD Converter v1.0.00.1201B.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Instant Color Picker v2.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Internet Trace Destroyer 1.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Jig Art Quest v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
JimsQuest Woofpool 2006 v11.10.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Juiced iSO.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Kari Virtual Girlfriend 2.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Kaspersky Anti-Virus 7.0.1.325.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Kaspersky Internet Security 7.0.1.325.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
KGB Archiver 1.2.1.24.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
KGB SPy.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Kingdia DVD Audio Ripper 3.0.7.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Kingdia DVD Ripper 3.0.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Kingdia DVD Ripper 3.0.7.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Kings Quest 8 The Mask Of Eternity.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
KLS Backup 2006 Professional.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
KungFu Master v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Lady Fantasy Screensaver v.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Lan2net NAT Firewall 1.7.00.0135.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Lock My Computer 3.60.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Magic ISO Maker 5.4.255.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Media Show Pro v1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
MediaMonkey 2.5.1.934.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Medieval 2 Total War GERMAN.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Melomania v.1.75.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Microsoft Money 2006 Small Business.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Microsoft Windows Server 2003 R2 Datacenter Edition.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Mind Travel Screensaver v.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Mini Talking Expression 2.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
MiniPortal v1.3.9.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
mIRC 6.16.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
mIRC Power Pack 8.00.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
MobiSystems MSDict Viewer v7.00.04 PalmOS.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Moleskinsoft Clone Remover v1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Morgan JPEG ToolBox v2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Mortal Kombat 1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Mortal Kombat 3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Moyea DVD Ripper 1.6.1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
MP3 Sound Cutter Classic v1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
MP3 Splitter & Joiner 3.03 Build 1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Mp3 Wav Studio v5.76 build6010.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
MP3Resizer 1.8.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Multi Password Recovery.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
MuPAD Pro v4.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Need for Speed Carbon.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
NetLimiter Pro v2.0.9.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Network File Monitor Pro v2.21.11.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
NetWorx 3.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
New Star Soccer 3.16.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
NewLive All Media Fixer Pro v7.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Nice Recorder v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
NoAdware 5.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Norton GoBack 4.0 Retail.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Nsauditor Network Security Auditor 1.5.9.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
OOBOX iTuner 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Opera 8.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
OrangeNettrace 2006 v2.15.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
OrangeProcesstrace 2006 v2.15.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Outlook Express Protector 1.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
OUTRUN 2006 MULTI-TECHNiC.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
P2P TV Recorder 1.63.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Pacific General.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PacMan World Rally.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PADexpress 1.43.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PassMan Plus For Windows.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Password Protector v1.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PasswordWiz 1.0.0.9.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Patch Tweak XP Pro 4.0.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PC Auto Shutdown v3.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PC Tools File Recover v5.0.1.15.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PDF Converter 4.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PDF Enhancer 3.1.160.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PDF Image Stamp v1.00.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PDF Merge Split 1.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PECompact v2.79 Final Retail.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Personal PC Spy 1.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Photo Gadget Pro 2.3 Build 070327.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Photo Shaman v1.8T.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Photo Show 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Photocopier Pro v3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Photoplorer v1.17.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Photoplorer v2.04h.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Picture Doctor v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Picture Resize Genius 2.5.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Pixel Creator Pro v4.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PixFiler 5.0.11.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Plato DVD Copy v4.38.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Plato DVD Ripper v1.29.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PostSmile 6.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Power Data Recovery 4.0.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Power Video Converter 1.5.24.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PowerISO 3.7.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
PowerKey Encryption Toolkit 2.11.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Prince Of Persia 3 The Two Thrones.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Privacy Inspector v1.70.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Privacy Shield v3.0.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Pro Stroke Golf World Tour 2007.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ProClassify v1.4.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Project IGI 2 Covert Strike.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ProPoster 2.01.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Proxy Finder Enterprise v1.90.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Quake 4 MAC.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Rally Trophy iSO.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RAM Booster .Net 3.1 Released.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RAM Booster Pro 5.0.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ram Saver Pro 7.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RapidKill PRO 5.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RapidRefresh 1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RAR Password Cracker v 4.12.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RealDRAW 4 Pro.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Recover My Files.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Registry Operator 3.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Restorator 2.50.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RoadRash 2000.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Robin Hoods Quest.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Rocket Bowl v1.2.r136.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Roni Music Amazing Slow Downer 3.1.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RSS Edit 1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
RSS Submit 2.27.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Safarp 0.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SafeBit 1.7.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Sagasoft MP3 Cutter v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Sagasoft MP3 Joiner v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SAS Anti-Terror Force.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SecretDrive 1.02.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Secura Archiver v1.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Sensible Soccer 2006-RELOADED iSO.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Sensible Sudoku 2 SmartPhone.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Sensible Sudoku 2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Simple CD DVD Menu 1.3.4.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Simple CD DVD Menu v1.3.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Site Map Pro 2.2.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Smart Wedding 4.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Snappy Fax Network Server 2.6.1.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SoftPerfect Traffic Meter 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Sonic PDF Creator 1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Space Rangers 2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Speed CD Ripper v1.0.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Speed DVD Creator v2.33.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Speed Video Splitter v2.1.9.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SpellForce 2 - Shadow Wars iSO.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Spellforce 2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Split PDF v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SpyRemover v2.62.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SpySweeper v5.0.7.1608(Full).exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SQL Server Backup v6.1.2.1086.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
StartClean v1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Strategic Command 2 Blitzkrieg.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Strike Ball 2.13 Deluxe.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Super Bikes Riding Challenge - iTWINS.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Super Explorer 1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Super Internet TV v.6.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Super Screen Recorder 2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Super Text Search 2.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Super Utilities Pro 2008 7.8.1983.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Super Video Joiner v2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Supreme Commander.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
SWF Encrypt v3.x.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
The Avionics Handbook.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
The Lord Of The Rings Battle For Middle Earth 2 - The Witch.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
The Privacy Guard v1.5.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Tinynice MP3Cutter v2.51.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Toolbar Studio v1.5.4.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Top Spin 2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Total Game Control v3.3.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Tracker Checker 1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Treasure of Persia v1.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
TrialReset v3.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Tropical Dream Screensaver 1.2.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Tunebite Platnium v5.0.330.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ultimate Mortal Kombat 3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
UltimateDefrag v1.32.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ultra avi converter v2.2.2 winall.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Ultra MPEG Converter v1.8.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
UltraCompare Professional v3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
UltraISO Media Edition 7.6.0.1081.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Undercover Operation Wintersonne.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Unrelated Inventions Audio Tools v5.3.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Video Convert Master 3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Video Convert Premier 8.0.10.25.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Video To Audio Converter v1.30.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Video to FLV Converter.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ViVi MP4 Converter v2.0.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Vopt 8.18 (portable).exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Webcam Zone Trigger v1.8.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
webcamXP PRO 2006.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WeBuilder 2006 7.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Webyog Sqlyog V4.07 Enterprise Edition.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Win AntiSpyware 2006 v3.2.101.0 Retail.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WinFTP Server 2.0.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Winter Sports.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Winter Town 3D Screensaver GENERIC.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WinTools.net Professional 9.2.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WinZip 10.0 Deutsch.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WinZip Pro v11.0.7313.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WireKeys 3.5.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WiseDesktop 1.5.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Wolfenstein 3D.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WorldWide FTP v2.43.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
XChat 2.8.3b.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Xeru Image Converter v1.1.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Xilisoft DVD Ripper 4.0.74 build-0419.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Xilisoft DVD Ripper Platinum 5.0.27.01.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Xilisoft DVD Ripper Platinum 5.0.27.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Xilisoft Video Converter 3.1.52.201.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Xlight FTP Server 2.83 Professional.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
XYplorer 5.10.0004.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
xzxzxzxzxzxz.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Yahoo Widgets Engine 3.0.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
YoutubeGet 4.2.6.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
Zone Labs All In One.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
ZoneAlarm Pro 6.0.591.002 beta.exe;C:\Documents and Settings\John\Shared\_;Trojan.MulDrop.3338;Deleted.;
WkUFind.exe;C:\Program Files\Common Files\Microsoft Shared\Works Shared;Trojan.Packed.409;Deleted.;
ppctl.dll;C:\Program Files\Common Files\Scanner;Probably DLOADER.Trojan;;
a.exe.vir;C:\QooBox\Quarantine\C;Trojan.DownLoader.49432;Deleted.;
b.exe.vir;C:\QooBox\Quarantine\C;Trojan.Virtumod.240;Deleted.;
csrss.exe.vir;C:\QooBox\Quarantine\C;Trojan.MulDrop.12058;Deleted.;
e.exe.vir;C:\QooBox\Quarantine\C;Trojan.Virtumod.240;Deleted.;
services.exe.vir;C:\QooBox\Quarantine\C;Trojan.DownLoader.50050;Deleted.;
winlogon.exe.vir\data001;C:\QooBox\Quarantine\C\winlogon.exe.vir;Tool.FirePassword;;
winlogon.exe.vir\data002;C:\QooBox\Quarantine\C\winlogon.exe.vir;Tool.Netpass;;
winlogon.exe.vir\data003;C:\QooBox\Quarantine\C\winlogon.exe.vir;Tool.PassView;;
winlogon.exe.vir;C:\QooBox\Quarantine\C;Archive contains infected objects;Moved.;
f.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Robert;Tool.FirePassword;;
strpmon.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\StorageProtector;Trojan.MulDrop.10998;Deleted.;
MyToolBar.dll.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\{382F5~1;Adware.IWantSearch;;
lacusylag.dll.vir;C:\QooBox\Quarantine\C\Program Files\ComPlus Applications;Trojan.StartPage.19992;Deleted.;
lacusylag460.dll.vir;C:\QooBox\Quarantine\C\Program Files\ComPlus Applications;Trojan.StartPage.19992;Deleted.;
lacusylag801.dll.vir;C:\QooBox\Quarantine\C\Program Files\ComPlus Applications;Trojan.StartPage.19992;Deleted.;
tk58.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.StartPage.19993;Deleted.;
bawavukn.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.269;Deleted.;
bdrwsmhr.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.280;Deleted.;
khfddda.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.240;Deleted.;
khfgdde.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.240;Deleted.;
opnolih.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.286;Deleted.;
pmnmkjj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.240;Deleted.;
vturpop.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.240;Deleted.;
nGpxx182328.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx18;Trojan.DownLoader.24715;Deleted.;
asappsrv.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\Um9iZXJ0IENsdW5l;Trojan.Proxy.493;Deleted.;
command.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Um9iZXJ0IENsdW5l;Trojan.Proxy.493;Deleted.;
A0410340.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1169;Trojan.MulDrop.3338;Deleted.;
A0411266.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1169;Trojan.DownLoader.38523;Deleted.;
A0411267.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1169;Trojan.Virtumod.240;Deleted.;
A0411271.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1169;Trojan.DownLoader.24715;Deleted.;
A0411275.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1169;Trojan.DownLoader.45546;Deleted.;
A0411314.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1171;Trojan.DnsChange;Deleted.;
A0412255.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1171;Trojan.Virtumod.274;Deleted.;
A0412264.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1171;Trojan.DownLoader.38523;Deleted.;
A0412265.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1171;Trojan.Virtumod.240;Deleted.;
A0412269.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1171;Trojan.DownLoader.45546;Deleted.;
A0412293.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1172;BackDoor.Cookies;Deleted.;
A0414325.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1174;Trojan.DownLoader.38523;Deleted.;
A0414327.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1174;Trojan.Virtumod.240;Deleted.;
A0415297.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1174;Trojan.Virtumod.272;Deleted.;
A0416305.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1174;Trojan.DownLoader.45546;Deleted.;
A0416310.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1174;Trojan.DownLoader.24715;Deleted.;
A0416311.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1174;Trojan.DownLoader.45546;Deleted.;
A0416321.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1175;Trojan.DownLoader.38523;Deleted.;
A0416323.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1175;Trojan.Virtumod.240;Deleted.;
A0416324.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1175;Tool.FirePassword;;
A0417327.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1176;Trojan.DownLoader.49432;Deleted.;
A0417354.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1176;Trojan.DownLoader.49432;Deleted.;
A0418353.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1176;Trojan.DownLoader.49432;Deleted.;
A0418355.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1176;Trojan.DownLoader.45546;Deleted.;
A0419473.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1178;Trojan.StartPage.19993;Deleted.;
A0419476.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1178;Trojan.DownLoader.24715;Deleted.;
A0420478.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1178;Trojan.StartPage.19993;Deleted.;
A0420485.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179;Trojan.DownLoader.45546;Deleted.;
A0420495.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179;Trojan.DownLoader.45546;Deleted.;
A0420496.exe\data001;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179\A0420496.exe;Tool.FirePassword;;
A0420496.exe\data002;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179\A0420496.exe;Tool.Netpass;;
A0420496.exe\data003;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179\A0420496.exe;Tool.PassView;;
A0420496.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179;Archive contains infected objects;Moved.;
A0420497.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179;Trojan.DownLoader.45546;Deleted.;
A0420512.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179;Trojan.DownLoader.45546;Deleted.;
A0420516.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179;Trojan.DownLoader.49432;Deleted.;
A0420521.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179;Trojan.DownLoader.24715;Deleted.;
A0420522.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1179;Trojan.DownLoader.45546;Deleted.;
A0422531.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1182;Trojan.DownLoader.45546;Deleted.;
A0422534.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1182;Trojan.MulDrop.3338;Deleted.;
A0422537.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1182;Trojan.Virtumod.260;Deleted.;
A0422538.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1182;Trojan.Virtumod.240;Deleted.;
A0422553.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1183;Trojan.DownLoader.45546;Deleted.;
A0422554.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1183;Trojan.DownLoader.45546;Deleted.;
A0422555.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1183;Trojan.MulDrop.13671;Deleted.;
A0422580.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1186;Adware.Mirarbar;;
A0422584.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1186;Adware.ZenoSearch;;
A0423665.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.MulDrop.10998;Deleted.;
A0423671.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.StartPage.19993;Deleted.;
A0423672.exe\data001;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192\A0423672.exe;Tool.FirePassword;;
A0423672.exe\data002;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192\A0423672.exe;Tool.Netpass;;
A0423672.exe\data003;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192\A0423672.exe;Tool.PassView;;
A0423672.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Archive contains infected objects;Moved.;
A0423675.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Virtumod.269;Deleted.;
A0423676.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Virtumod.280;Deleted.;
A0423677.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Virtumod.240;Deleted.;
A0423678.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Virtumod.240;Deleted.;
A0423679.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Virtumod.286;Deleted.;
A0423680.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Virtumod.240;Deleted.;
A0423683.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Virtumod.240;Deleted.;
A0423686.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Proxy.493;Deleted.;
A0423687.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.StartPage.19992;Deleted.;
A0423688.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.StartPage.19992;Deleted.;
A0423689.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.StartPage.19992;Deleted.;
A0423690.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Adware.IWantSearch;;
A0423691.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.DownLoader.24715;Deleted.;
A0423692.dll;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Trojan.Proxy.493;Deleted.;
A0423695.bat;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Probably BATCH.Virus;;
A0423707.EXE;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Program.PsExec.170;;
A0423728.bat;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1192;Probably SCRIPT.Virus;;
A0423766.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.DownLoader.49432;Deleted.;
A0423767.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.Virtumod.240;Deleted.;
A0423769.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.12058;Deleted.;
A0423780.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Tool.FirePassword;;
A0423782.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.Virtumod.240;Deleted.;
A0423784.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.DownLoader.50050;Deleted.;
A0423795.EXE;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Program.PsExec.170;;
A0423798.bat;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Probably BATCH.Virus;;
A0423804.bat;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Probably SCRIPT.Virus;;
A0423826.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423827.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423828.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423829.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423830.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423831.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423832.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423833.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423834.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423835.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423836.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423837.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423838.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423839.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423840.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423841.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423842.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423843.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423844.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423845.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423846.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423847.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423848.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423849.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423850.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423851.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423852.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423853.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423854.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423855.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423856.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423857.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423858.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423859.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423860.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423861.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423862.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423863.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423864.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423865.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423866.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423867.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423868.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423869.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423870.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423871.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423872.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423873.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423874.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423875.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423876.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423877.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423878.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423879.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423880.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423881.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423882.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423883.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423884.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423885.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423886.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423887.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423888.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423889.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423890.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423891.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423892.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423893.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423894.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423895.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423896.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423897.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423898.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423899.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423900.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423901.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423902.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423903.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423904.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423905.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423906.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423907.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423908.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423909.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423910.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423911.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423912.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423913.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423914.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423915.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423916.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423917.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423918.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423919.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423920.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423921.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423922.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423923.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423924.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423925.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423926.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423927.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423928.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423929.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423930.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423931.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423932.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423933.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423934.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423935.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423936.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423937.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423938.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423939.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423940.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423941.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423942.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423943.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423944.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423945.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423946.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423947.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423948.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423949.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423950.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423951.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423952.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423953.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423954.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423955.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423956.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423957.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423958.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423959.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423960.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423961.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423962.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423963.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423964.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423965.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423966.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423967.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423968.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423969.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423970.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423971.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423972.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423973.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423974.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423975.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423976.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423977.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423978.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423979.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423980.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423981.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423982.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423983.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423984.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423985.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423986.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423987.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423988.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423989.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423990.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423991.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423992.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423993.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423994.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423995.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423996.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423997.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423998.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0423999.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424000.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424001.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424002.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424003.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424004.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424005.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424006.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424007.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424008.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424009.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424010.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424011.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424012.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424013.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424014.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424015.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424016.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424017.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424018.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424019.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424020.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424021.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424022.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424023.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424024.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424025.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424026.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424027.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424028.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424029.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424030.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424031.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424032.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424033.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424034.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424035.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424036.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424037.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424038.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424039.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424040.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424041.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424042.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424043.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424044.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424045.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424046.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424047.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424048.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424049.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424050.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424051.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424052.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424053.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424054.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424055.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424056.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424057.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424058.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424059.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424060.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424061.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424062.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424063.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424064.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424065.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424066.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424067.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424068.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424069.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424070.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424071.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424072.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424073.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424074.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424075.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424076.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424077.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424078.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424079.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424080.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424081.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424082.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424083.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424084.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424085.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424086.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424087.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424088.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424089.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424090.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424091.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424092.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424093.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424094.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424095.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424096.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424097.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424098.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424099.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424100.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424101.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424102.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424103.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424104.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424105.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424106.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424107.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424108.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424109.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424110.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424111.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424112.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424113.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424114.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424115.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424116.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424117.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424118.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424119.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424120.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424121.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424122.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424123.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424124.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424125.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424126.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424127.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424128.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424129.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424130.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424131.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424132.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424133.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424134.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424135.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424136.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424137.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424138.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424139.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424140.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424141.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424142.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424143.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424144.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424145.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424146.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424147.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424148.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424149.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424150.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424151.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424152.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424153.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424154.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424155.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424156.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424157.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424158.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424159.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424160.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424161.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424162.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424163.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424164.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424165.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424166.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424167.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424168.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424169.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424170.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424171.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424172.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424173.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424174.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424175.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424176.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424177.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424178.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424179.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424180.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424181.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424182.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424183.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424184.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424185.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424186.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424187.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424188.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424189.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424190.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424191.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424192.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424193.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424194.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424195.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424196.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424197.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424198.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424199.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424200.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424201.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424202.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424203.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424204.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424205.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424206.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424207.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424208.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424209.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424210.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424211.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424212.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424213.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424214.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424215.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424216.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424217.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424218.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424219.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424220.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424221.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424222.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424223.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424224.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424225.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424226.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424227.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424228.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424229.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424230.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424231.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424232.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424233.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424234.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424235.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424236.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424237.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424238.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424239.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424240.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424241.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424242.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424243.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424244.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424245.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424246.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424247.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424248.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424249.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424250.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424251.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424252.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424253.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424254.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424255.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424256.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424257.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424258.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424259.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424260.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424261.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424262.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424263.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424264.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424265.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424266.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424267.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424268.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424269.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424270.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424271.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424272.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424273.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424274.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424275.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424276.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424277.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424278.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424279.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424280.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424281.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424282.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424283.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424284.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424285.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424286.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424287.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424288.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424289.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424290.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424291.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424292.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424293.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424294.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424295.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424296.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424297.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424298.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424299.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424300.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424301.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424302.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424303.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424304.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424305.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424306.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424307.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424308.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424309.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424310.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424311.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424312.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424313.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424314.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.MulDrop.3338;Deleted.;
A0424315.exe;C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP1193;Trojan.Packed.409;Deleted.;
elitesix.ocx;C:\WINDOWS;Adware.MediaMotor;;
extract.exe;C:\WINDOWS;Trojan.MulDrop.4313;Deleted.;
PSEXESVC.EXE;C:\WINDOWS;Program.PsExec.170;;
flash.inf;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.3634;Deleted.;
jamcrdnt.dll;C:\WINDOWS\system32;Trojan.Virtumod.274;Deleted.;
qfjyfwsa.dll;C:\WINDOWS\system32;Trojan.Virtumod.260;Deleted.;
qpcrrpvx.dll;C:\WINDOWS\system32;Trojan.Virtumod.280;Deleted.;
rgermywf.dll;C:\WINDOWS\system32;Trojan.Virtumod.280;Deleted.;
tmruklen.dll;C:\WINDOWS\system32;Trojan.Virtumod.280;Deleted.;
vivdaitv.dll;C:\WINDOWS\system32;Trojan.Virtumod.337;Deleted.;
revbodr3.exe;C:\WINDOWS\system32\ff3;Trojan.DownLoader.5013;Deleted.;
iDlo182328.exe;C:\WINDOWS\system32\iDlo18;Trojan.DownLoader.24715;Deleted.;
marbdrive91.exe;C:\WINDOWS\system32\jk5;Trojan.DownLoader.38523;Deleted.;

Attached Files



#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:13 AM

Posted 08 April 2008 - 06:00 AM

Let's see what your combofix log looks like now that Dr Web cleaned out a bunch of stuff for you.
And how is your computer working now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 cluner

cluner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 08 April 2008 - 07:22 AM

Hi Sam
Computer is running much faster, but I have a couple of questions.
I tried to run ComboFix another time. It does not run. It starts as usual but then it just quits. Is that normal? I posted the ComboFix log #2 (before I ran DrWeb) last time.
I ran Spybot last night and it came up with Media.Motor and Mirar again. When I tried to remove them, it locked up the computer when trying to create a restore point.
When I try to run Trend OfficeScan Client, I get an alert message that says "The kernal drivers are not available. (Error code = -2002) Please check with your system administrator." What should I do about that? I use Trend as my antivirus software.
I want to check an external hard drive (I downloaded files to it from this computer). What programs should I use? Will malware and viruses attach to word docs or Itunes songs?
Thanks again for your time, expertise and help.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:13 AM

Posted 09 April 2008 - 06:31 AM

When I try to run Trend OfficeScan Client, I get an alert message that says "The kernal drivers are not available. (Error code = -2002) Please check with your system administrator." What should I do about that? I use Trend as my antivirus software.

You may just need to reboot your computer to clear a file that's in use.

Were you able to get combofix to run yet. If not, try renaming combofix.exe to cf.exe and then run it.
We just need to see what's still left after running DrWeb.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:13 AM

Posted 09 April 2008 - 06:33 AM

I want to check an external hard drive (I downloaded files to it from this computer). What programs should I use? Will malware and viruses attach to word docs or Itunes songs?

As long as your external drive is connected you should be able to scan it with any antivirus or antispyware application you have installed. The malware that I've seen in your logs should not attach to word documents or music files. It's still a good idea to scan everything there just to be safe though.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 cluner

cluner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 09 April 2008 - 06:49 AM

Hi Sam
I am rerunning all programs with my external hard drive connected. DrWeb is running right now (75% done).

Spybot removed MediaMoter and Mirar, again.

I will rename combofix to cf and try to run it. If that does not work, then should I download a new version? I know that you gave me some commands to drag into combofix. Will that have to be done again if I download a new copy of combofix?

I rebooted and Trend still gives me same message. I think I will have to uninstall and download new.

Thanks again for your help.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:13 AM

Posted 09 April 2008 - 07:09 AM

Can you post for me the exact files or registry entries that Spybot keeps finding?

You don't have to drag anything over this time for Combofix. Just double click to run it and then let it do it's thing. You can try downloading a new copy of combofix. Here's the link.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

I'm hearing a lot of issues lately with Trend Micro. I think you may be on the right track with a reinstallation.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 cluner

cluner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 09 April 2008 - 07:27 AM

SPYBOT found 9 problems in registry change (and said it fixed them).

MediaMotor: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1654611430-2347880737-2159391913-1005\Software\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\mmohsix.com\*!=W=4

MediaMotor: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1654611430-2347880737-2159391913-1005\Software\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\media-motor.net\*!=W=4

MediaMotor: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1654611430-2347880737-2159391913-1005\Software\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\elitemediagroup.net\*!=W=4

Mirar: User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\mirarsearch.com\redirect\https!=W=4

Mirar: User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\mirarsearch.com\redirect\http!=W=4

Mirar: User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\mirarsearch.com\click\https!=W=4

Mirar: User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\mirarsearch.com\redirect\http!=W=4

Mirar: User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\getmirar.com\click\https!=W=4

Mirar: User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\getmirar.com\click\http!=W=4

#13 cluner

cluner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 09 April 2008 - 08:20 AM

Also...Downloaded new version of ComboFix and here is Log:

ComboFix 08-04-08.10 - Robert 2008-04-09 8:09:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.75 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 03:01 . 2008-04-09 03:04 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-07 06:52 . 2008-04-07 09:06 <DIR> d-------- C:\Documents and Settings\Robert\DoctorWeb
2008-04-04 21:54 . 2008-04-04 21:54 <DIR> d-------- C:\Deckard
2008-03-29 14:38 . 2008-03-29 14:38 386 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 12:10 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-09 00:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-05 02:57 --------- d-----w C:\Program Files\Trend Micro
2008-03-29 19:07 118,343 ----a-w C:\WINDOWS\Fonts\x.zip
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 23:35 --------- d-----w C:\Documents and Settings\Andrea\Application Data\LimeWire
2008-03-03 23:03 95,296 ----a-w C:\WINDOWS\system32\micibbah.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 23:04 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-24 19:11 --------- d-----w C:\Documents and Settings\Robert\Application Data\Canon
2008-02-23 22:49 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-03 18:47 37,760 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
2007-09-08 19:43 37,760 ----a-w C:\Documents and Settings\Andrea\Application Data\GDIPFONTCACHEV1.DAT
2006-03-12 17:56 5,175,696 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-06_ 7.38.20.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-27 00:12:55 288,712 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-09 08:21:10 288,712 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-10-29 12:01 524288]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 15:00 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-03-26 23:28 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-03-26 23:20 106496]
"SoundMan"="SOUNDMAN.EXE" [2002-06-27 12:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-08 11:40 180269]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 15:21 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 11:21 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
S3 SetupSys;Conexant Setup API;C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 10:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 18:52:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 01:17:08 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 08:13:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 8:15:56
ComboFix-quarantined-files.txt 2008-04-09 13:15:49
ComboFix2.txt 2008-04-07 11:37:47
ComboFix3.txt 2008-04-06 12:39:01
Pre-Run: 6,909,128,704 bytes free
Post-Run: 6,897,737,728 bytes free
.
2008-04-09 08:05:03 --- E O F ---

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:13 AM

Posted 09 April 2008 - 05:49 PM

First let's take care of the spybot issue for you.


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Registry::
[-HKEY_USERS\S-1-5-21-1654611430-2347880737-2159391913-1005\Software\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\mmohsix.com]
[-HKEY_USERS\S-1-5-21-1654611430-2347880737-2159391913-1005\Software\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\media-motor.net]
[-HKEY_USERS\S-1-5-21-1654611430-2347880737-2159391913-1005\Software\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\elitemediagroup.net]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\mirarsearch.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settins\Zonemap\Domains\getmirar.com]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.


===================


There are a couple files that show up in your log that I'd like to get some more info on. Please go to http://www.virustotal.com/ and submit both of these files to be scanned. Once you send them in be patient as they are scanned. It may take a few minutes.

C:\WINDOWS\Fonts\x.zip

C:\WINDOWS\system32\micibbah.dll


When the scan is complete, copy the text and paste it back here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 cluner

cluner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 09 April 2008 - 09:03 PM

Hi Sam
Again, I cannot thank you enough.
Ran ComboFix again. Results follow.
Ran Virustotal for C:\WINDOWS\system32\micibbah.dll. Results also follow.
I could not find C:\WINDOWS\Fonts\x.zip when I tried to upload to Virustotal. That was disappointing because I know there is a ton of files hiding in there. (When I ran Trend, I saw it scanning thousands of ZIP files).

COMBOFIX:

ComboFix 08-04-08.10 - Robert 2008-04-09 20:31:13.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.83 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robert\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 03:01 . 2008-04-09 03:04 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-07 06:52 . 2008-04-07 09:06 <DIR> d-------- C:\Documents and Settings\Robert\DoctorWeb
2008-04-04 21:54 . 2008-04-04 21:54 <DIR> d-------- C:\Deckard
2008-03-29 14:38 . 2008-03-29 14:38 386 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 12:10 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-09 00:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-05 02:57 --------- d-----w C:\Program Files\Trend Micro
2008-03-29 19:07 118,343 ----a-w C:\WINDOWS\Fonts\x.zip
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 23:35 --------- d-----w C:\Documents and Settings\Andrea\Application Data\LimeWire
2008-03-03 23:03 95,296 ----a-w C:\WINDOWS\system32\micibbah.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 23:04 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-24 19:11 --------- d-----w C:\Documents and Settings\Robert\Application Data\Canon
2008-02-23 22:49 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-03 18:47 37,760 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
2007-09-08 19:43 37,760 ----a-w C:\Documents and Settings\Andrea\Application Data\GDIPFONTCACHEV1.DAT
2006-03-12 17:56 5,175,696 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-10-29 12:01 524288]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 15:00 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-03-26 23:28 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-03-26 23:20 106496]
"SoundMan"="SOUNDMAN.EXE" [2002-06-27 12:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-08 11:40 180269]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 15:21 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 11:21 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
S3 SetupSys;Conexant Setup API;C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 10:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 18:52:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 01:17:08 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.


VIRUSTOTAL:

File micibbah.dll received on 04.10.2008 03:50:38 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 23/32 (71.88%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 47 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.4.9.0 2008.04.09 -
AntiVir 7.6.0.81 2008.04.09 TR/Vundo.Gen
Authentium 4.93.8 2008.04.10 -
Avast 4.8.1169.0 2008.04.09 Win32:TratBHO
AVG 7.5.0.516 2008.04.09 Lop
BitDefender 7.2 2008.04.10 Trojan.Vundo.EBH
CAT-QuickHeal 9.50 2008.04.10 -
ClamAV 0.92.1 2008.04.10 Trojan.Vundo-1765
DrWeb 4.44.0.09170 2008.04.09 Trojan.Virtumod.based
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5686 2008.04.10 Win32/Vundo.QM
Ewido 4.0 2008.04.09 -
F-Prot 4.4.2.54 2008.04.08 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13260.0 2008.04.10 Vundo.gen90
FileAdvisor 1 2008.04.10 -
Fortinet 3.14.0.0 2008.04.09 -
Ikarus T3.1.1.26.0 2008.04.10 Trojan.Vundo.EBH
Kaspersky 7.0.0.125 2008.04.10 Packed.Win32.Monder.gen
McAfee 5270 2008.04.09 -
Microsoft 1.3408 2008.04.10 Trojan:Win32/Vundo.gen!D
NOD32v2 3014 2008.04.09 Win32/BHO.NCC
Norman 5.80.02 2008.04.09 Vundo.gen90
Panda 9.0.0.4 2008.04.10 Spyware/Virtumonde
Prevx1 V2 2008.04.10 Trojan.Vundo
Rising 20.39.22.00 2008.04.10 AdWare.Win32.Virtumonde.ggi
Sophos 4.28.0 2008.04.10 Troj/Virtum-Gen
Sunbelt 3.0.1032.0 2008.04.08 -
Symantec 10 2008.04.10 Trojan.Vundo
TheHacker 6.2.92.271 2008.04.10 Adware/Virtumonde.gen
VBA32 3.12.6.4 2008.04.06 AdWare.Win32.Virtumonde.gen
VirusBuster 4.3.26:9 2008.04.09 Adware.Vundo.Gen!Pac.18
Webwasher-Gateway 6.6.2 2008.04.09 Trojan.Vundo.Gen
Additional information
File size: 95296 bytes
MD5...: 5cc4f08bdae2e06feb75a7b38c6390db
SHA1..: 724da58e3e2421519f4542b9263aacec463dd1bc
SHA256: 3e26e790c7e57c412923ebf4608c8f513b74a3c8e7f0dd0f40c3add64582648d
SHA512: a7117b7e1832a311762c548995bc888927d94d88b82f2fb6b2372ad3b036f6d7
9c9b17709e9ea81db4a753f55caa7d81acead89f3ff4f043d44fc814721213c9
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100011aa
timedatestamp.....: 0x47a21a45 (Thu Jan 31 18:58:13 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a000 0x5400 7.01 6c4d97e557e8be1128729e7d1552e6f6
.data 0x1b000 0x12000 0x11200 8.00 506655315e670412816ef17ac3ce9060
.rdata 0x2d000 0x1000 0x400 7.40 010709f5dae6b39b67431bfb3546f6bc
.idata 0x2e000 0x1000 0x600 2.61 8562c67a3952c5c3526c8153c8c5b895

( 2 imports )
> user32.dll: EmptyClipboard, EnableScrollBar, EndDeferWindowPos, DrawTextA, EndPaint, FillRect, DrawStateA, DispatchMessageA, DestroyIcon, DefDlgProcA, CreateIcon, CopyImage, CloseWindow, EndMenu, CharToOemBuffA
> kernel32.dll: lstrcatA, SetCurrentDirectoryA, GetModuleHandleA, GetFileSize, GetDateFormatA, EnumResourceLanguagesW, CloseHandle, lstrlenA

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp...F6DA6007D868F47




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users