Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Error Screen


  • Please log in to reply
25 replies to this topic

#1 bona

bona

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 08 February 2006 - 08:06 PM

My friend's computer gets a blue error screen whenever he starts it up regularly. The screen says the following: A PROBLEM HAS BEEN DETECTED AND WINDOWS HAS BEEN SHUT DOWN TO PREVENT DAMAGE TO YOUR COMPUTER. (BEGINNING DUMP OF PHYSICAL MEMORY... PHYSICAL MEMORY DUMP COMPLETE)

He is only able to start in SAFE MODE if he wants to use HijackThis. Any Help Would be great.

Logfile of HijackThis v1.99.1
Scan saved at 8:23:15 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Joe Landino\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0A0FA6D3-7DBF-FB29-F288-6D037519C144} - C:\WINDOWS\system32\syshg32.dll
O2 - BHO: Class - {23448DC9-3E89-9556-DAA1-31611C8C8C86} - C:\WINDOWS\ipvy32.dll
O2 - BHO: Class - {30D69B85-EE43-35E6-D2B5-25DF6A5DEDBF} - C:\WINDOWS\ienk32.dll
O2 - BHO: Class - {366A5CC1-428B-8EB8-6255-9B4D25C2A8EC} - C:\WINDOWS\system32\syshg32.dll
O2 - BHO: Class - {8A805C25-C0B7-1426-1D24-BC93152A99CA} - C:\WINDOWS\system32\ntsx.dll
O2 - BHO: Class - {95C2E350-02E5-F766-2847-040897D53CA0} - C:\WINDOWS\system32\ieiz32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C24DF449-6E92-EE5A-3AB6-7339624FBDA9} - C:\WINDOWS\ntac32.dll
O2 - BHO: Class - {E427A02F-1232-BA73-9E20-9935E73BA465} - C:\WINDOWS\sysbr32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HSM] C:\docume~1\joelan~1\locals~1\temp\HSM.exe
O4 - HKLM\..\Run: [Mxfmnd] C:\Program Files\Otra\Ylwavq.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Run Manager - Critical] C:\WINDOWS\syss32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [12.tmp] C:\DOCUME~1\JOELAN~1\LOCALS~1\Temp\12.tmp.exe
O4 - HKLM\..\Run: [13.tmp] C:\DOCUME~1\JOELAN~1\LOCALS~1\Temp\13.tmp.exe
O4 - HKLM\..\Run: [12.tmp.exe] C:\DOCUME~1\JOELAN~1\LOCALS~1\Temp\12.tmp.exe
O4 - HKLM\..\Run: [13.tmp.exe] C:\DOCUME~1\JOELAN~1\LOCALS~1\Temp\13.tmp.exe
O4 - HKLM\..\Run: [mfcfa.exe] C:\WINDOWS\mfcfa.exe
O4 - HKLM\..\Run: [sysbc.exe] C:\WINDOWS\system32\sysbc.exe
O4 - HKLM\..\Run: [ntqr.exe] C:\WINDOWS\system32\ntqr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [crek32.exe] C:\WINDOWS\system32\crek32.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcptr.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\d3fq.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Joe Landino\Local Settings\Temporary Internet Files\Content.IE5\FHLV0MIJ\SFUninstaller[1].exe" service (file missing)

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:32 PM

Posted 12 February 2006 - 01:59 PM

Hello bona and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.

Step #1

Download Cwshredder.exe and save it to a folder of its own. Start the program and click on the Check for Update button. If an update is available then download and install it. Close the program (do not run it yet).

Download CCleaner and install it but do not run it yet.

Download WinPFind.zip and unzip the contents to the C:\ folder. Now download the file attached to the bottom of this post (CWSClean.txt) to the folder c:\WinPFind\Plugins and rename it to CWSClean.def.

Double-click WinPfind.exe in the c:\WinPFind folder and click the Configure Scan Options button. On the Configuration page click the 2 buttons named Remove All at the bottom of the screen. Then on the right-hand side under the Run AddOn's checkbox click in the checkbox in front of CWSClean.def to select it and then click the Apply button. Now, back on the main screen click the Start Scan button. It should only take a second or 2 and when finished close WinPFind.

Step #2

Restart in Safe Mode
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rgwmv.dll/sp.html#93256%http://bulktom.com/r/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0A0FA6D3-7DBF-FB29-F288-6D037519C144} - C:\WINDOWS\system32\syshg32.dll
O2 - BHO: Class - {23448DC9-3E89-9556-DAA1-31611C8C8C86} - C:\WINDOWS\ipvy32.dll
O2 - BHO: Class - {30D69B85-EE43-35E6-D2B5-25DF6A5DEDBF} - C:\WINDOWS\ienk32.dll
O2 - BHO: Class - {366A5CC1-428B-8EB8-6255-9B4D25C2A8EC} - C:\WINDOWS\system32\syshg32.dll
O2 - BHO: Class - {8A805C25-C0B7-1426-1D24-BC93152A99CA} - C:\WINDOWS\system32\ntsx.dll
O2 - BHO: Class - {95C2E350-02E5-F766-2847-040897D53CA0} - C:\WINDOWS\system32\ieiz32.dll
O2 - BHO: Class - {C24DF449-6E92-EE5A-3AB6-7339624FBDA9} - C:\WINDOWS\ntac32.dll
O2 - BHO: Class - {E427A02F-1232-BA73-9E20-9935E73BA465} - C:\WINDOWS\sysbr32.dll
O4 - HKLM\..\Run: [HSM] C:\docume~1\joelan~1\locals~1\temp\HSM.exe
O4 - HKLM\..\Run: [Mxfmnd] C:\Program Files\Otra\Ylwavq.exe
O4 - HKLM\..\Run: [Run Manager - Critical] C:\WINDOWS\syss32.exe
O4 - HKLM\..\Run: [12.tmp] C:\DOCUME~1\JOELAN~1\LOCALS~1\Temp\12.tmp.exe
O4 - HKLM\..\Run: [13.tmp] C:\DOCUME~1\JOELAN~1\LOCALS~1\Temp\13.tmp.exe
O4 - HKLM\..\Run: [12.tmp.exe] C:\DOCUME~1\JOELAN~1\LOCALS~1\Temp\12.tmp.exe
O4 - HKLM\..\Run: [13.tmp.exe] C:\DOCUME~1\JOELAN~1\LOCALS~1\Temp\13.tmp.exe
O4 - HKLM\..\Run: [mfcfa.exe] C:\WINDOWS\mfcfa.exe
O4 - HKLM\..\Run: [sysbc.exe] C:\WINDOWS\system32\sysbc.exe
O4 - HKLM\..\Run: [ntqr.exe] C:\WINDOWS\system32\ntqr.exe
O4 - HKLM\..\Run: [crek32.exe] C:\WINDOWS\system32\crek32.exe
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcptr.exe
O8 - Extra context menu item: &Search - <a href="http://kl.bar.need2find.com/KL/menusearch.html?p=KL" target="_blank">http://kl.bar.need2find.com/KL/menusearch.html?p=KL</a>
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - <a href="http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab" target="_blank">http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab</a>
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - <a href="http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab" target="_blank">http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab</a>
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\d3fq.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Joe Landino\Local Settings\Temporary Internet Files\Content.IE5\FHLV0MIJ\SFUninstaller[1].exe" service (file missing)

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #4

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\system32\rgwmv.dll
C:\WINDOWS\system32\syshg32.dll
C:\WINDOWS\system32\ntsx.dll
C:\WINDOWS\system32\ieiz32.dll
C:\WINDOWS\system32\sysbc.exe
C:\WINDOWS\system32\ntqr.exe
C:\WINDOWS\system32\crek32.exe
C:\WINDOWS\System32\wcptr.exe
C:\WINDOWS\ipvy32.dll
C:\WINDOWS\ienk32.dll
C:\WINDOWS\ntac32.dll
C:\WINDOWS\sysbr32.dll
C:\WINDOWS\syss32.exe
C:\WINDOWS\mfcfa.exe
C:\WINDOWS\d3fq.exe
C:\Program Files\Otra\ <--folder
C:\Program Files\Ebates_MoeMoneyMaker\ <--folder

Step #5

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #6

Run CWShredder
  • Double-click on CWShredder.exe.
  • Click "Fix ->" and click "OK" at the prompt.
  • CWShredder will scan and clean your system of CWS files.
  • Click "Next->" and then "Exit".
Step #7

Reboot normally and run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

Step #8

If you do not already have Ad-Aware SE 1.06 then follow these download and setup instructions: Ad-Aware SE Setup. Otherwise, just check for updates.

Start Ad-aware SE, click the Start button and choose Perform Full System Scan. Click the Next button and wait for the scan to complete. If anything was found, right-click on the list and choose Select All and remove all it finds.

Step #9

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with the file from WinPFind (c:\winpfind\WinPFind.txt) and details of any problems you encountered performing the above steps and I will review it when it comes in.

OT

Attached Files


Edited by OldTimer, 12 February 2006 - 02:01 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 12 February 2006 - 08:45 PM

Can't find CWSSHREDDER.EXE anywhere. I tried the link you provided and it just was no where to be found. If you have the file anywhere to download... that would be awesome.

Thanks.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:32 PM

Posted 13 February 2006 - 04:42 PM

Hi bona. Very strange. I just downloaded it and it worked fine. The file comes directly from TrendMicro.

If you are unable to download it we could try AboutBuster and see how it handles the infection. Follow these directions for downloading and running and substitue them in the appropriate places in the fix.

To download AboutBuster

Download About:Buster.zip and unzip it to its own directory. Start AboutBuster and click the Ok button. Now click the Update button and then the Check for Update button. If an update is available click the Download Update button. When the updates have been downloaded close AboutBuster (do not run it yet).

To run AboutBuster

Run AboutBuster and save the logs:
  • Browse to where you saved AboutBuster and run AboutBuster.exe.
  • Click "OK" at the directions Read: Important! prompt.
  • Click the Update button to check for updates and install any that are available.
  • Click "Start" and then "OK" to allow AboutBuster to scan for Alternate Data Streams.
  • Click "Yes" at the About:Buster prompt to allow it to shutdown explorer.exe.
  • Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click "Save Log...". Make sure you save it as I will need a copy of it.
  • Click "Exit" and "Exit" again to exit AboutBuster.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 14 February 2006 - 09:24 AM

Hey you're right. the download worked this time. thanks so much for the help. i am goign to go finish the original instructios you gave me using the CWShredder. I will post a log very soon of hijack this. oh and his computer is able to turn on now without a blue screen error... and thats after just half of the directios you gave me. everything is working great so far. i'll post soon.

Thanks,
Bona

#6 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 15 February 2006 - 06:56 PM

I was able to do the steps as you specified. The computer will now turn on, finally not in safe mode. The online scan found about 800 viruses and two of them could not be removed. I even tried to remove them manually. Attached you will find the eTrust scan, the two viruses it didnt remove, and also the WinPFind txt file. This seems to have done some good except when we start the computer it just doesnt seem to finish loading. the task bar stops working (the programs do not load and the clock freezes). we just have to reset it or shut it down. So basically we can only still work in safe mode, which is where i will be submitting this HiJackThis log from. Sorry for the story... but thank you for your time.

Logfile of HijackThis v1.99.1
Scan saved at 4:20:21 PM, on 2/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Joe Landino\Desktop\hijackthis\Landino\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {6F8EC736-6522-74CB-8763-5B86830D7656} - C:\WINDOWS\ntkn.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [atldu32.exe] C:\WINDOWS\system32\atldu32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [netyk.exe] C:\WINDOWS\netyk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\wintg.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Joe Landino\Local Settings\Temporary Internet Files\Content.IE5\FHLV0MIJ\SFUninstaller[1].exe" service (file missing)

WinPFind File:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking Selected Startup Folders

Checking Selected Registry Keys


<<<<<<<<<< Checking for AddOn CWSClean.def information >>>>>>>>>>
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11F#`I;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11F#`I !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ 11F#`I;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ 11F#`I !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11F#`I;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11F#`I !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW !

Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2/14/2006 3:46:22 PM


eTrust Scan

Scan Results: 47982 files scanned. 737 viruses were detected.

File Infection Status Path
A0197249.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197250.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197251.exe Win32.Secdrop.BE infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197252.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197253.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197254.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197255.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197256.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197257.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197258.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197259.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197260.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197261.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197262.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197263.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197264.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197265.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197266.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197267.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197268.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197269.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197270.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197271.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197272.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197273.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197274.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197275.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197276.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197277.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197278.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197279.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197280.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197281.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197282.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197283.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197284.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197285.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197286.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197287.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197288.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197289.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197290.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197291.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197292.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197293.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197294.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197295.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197296.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197297.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197298.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197299.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197300.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197301.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197302.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197303.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197304.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197305.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197306.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197307.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197308.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197309.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197310.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197311.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197312.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197313.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197314.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197315.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197316.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197317.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197318.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197319.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197320.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197321.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197322.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197323.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197324.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197325.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197326.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197327.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197328.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197329.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197330.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197331.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197332.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197333.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197335.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197336.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197337.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197338.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197339.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197340.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197341.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197342.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197343.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197344.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197345.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197346.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197347.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197348.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197349.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197350.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197351.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197352.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197353.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197354.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197355.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197356.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197357.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197358.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197359.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197360.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197361.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197362.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197363.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197364.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197365.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197366.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197367.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197368.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197369.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197370.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197371.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197372.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197373.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197374.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197375.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197376.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197377.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197378.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197379.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197380.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197381.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197382.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197383.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197384.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197385.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197386.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197387.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197388.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197389.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197391.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197392.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197393.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197394.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197395.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197396.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197397.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197398.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197399.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197400.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197401.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197402.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197403.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197404.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197405.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197406.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197407.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197408.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197409.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197410.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197411.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197412.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197413.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197414.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197415.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197416.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197417.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197418.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197419.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197420.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197421.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197422.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197423.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197424.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197425.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197426.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197427.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197428.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197429.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197430.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197431.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197432.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197433.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197434.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197435.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197436.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197437.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197438.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197439.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197440.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197441.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197442.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197443.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197444.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197445.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197446.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197447.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197448.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197449.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197450.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197451.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197452.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197453.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197454.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197455.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197456.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197457.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197458.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197459.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197460.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197461.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197462.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197463.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197464.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197465.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197466.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197467.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197468.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197469.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197470.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197471.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197472.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197473.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197474.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197475.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197476.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197477.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197478.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197479.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197480.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197481.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197482.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197483.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197484.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197485.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197486.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197487.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197488.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197489.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197490.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197491.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197492.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197493.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197494.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197495.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197496.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197497.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197498.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197499.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197500.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197501.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197502.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197503.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197504.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197505.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197506.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197507.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197508.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197509.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197510.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197511.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197512.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197513.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197514.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197515.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197516.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197517.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197518.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197519.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197520.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197521.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197522.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197523.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197524.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197525.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197526.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197527.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197528.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197529.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197530.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197531.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197532.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197533.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197534.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197535.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197536.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197537.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197538.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197539.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197541.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197542.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197543.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197544.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197545.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197546.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197547.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197548.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197549.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197550.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197551.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197552.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197553.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197554.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197555.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197556.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197557.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197558.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197559.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197560.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197561.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197562.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197563.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197564.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197565.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197566.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197567.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197568.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197569.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197570.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197571.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197572.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197573.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197574.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197575.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197576.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197577.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197578.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197579.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197580.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197581.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197582.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197583.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197584.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197585.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197586.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197587.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197588.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197589.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197590.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197591.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197592.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197593.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197594.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197595.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197596.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197597.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197598.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197599.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:32 PM

Posted 16 February 2006 - 05:01 PM

Hi bona. The information is too long to get into 1 post and was cut off. Please break it up into individual posts for HijackThis, the eTrust scan and the WinPFind log.

Thanks.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 16 February 2006 - 08:20 PM

sorry. here we go.

Logfile of HijackThis v1.99.1
Scan saved at 4:20:21 PM, on 2/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Joe Landino\Desktop\hijackthis\Landino\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mpylc.dll/sp.html#93256%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {6F8EC736-6522-74CB-8763-5B86830D7656} - C:\WINDOWS\ntkn.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [atldu32.exe] C:\WINDOWS\system32\atldu32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [netyk.exe] C:\WINDOWS\netyk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\wintg.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Joe Landino\Local Settings\Temporary Internet Files\Content.IE5\FHLV0MIJ\SFUninstaller[1].exe" service (file missing)

#9 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 16 February 2006 - 08:21 PM

WinPFind scan:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking Selected Startup Folders

Checking Selected Registry Keys


<<<<<<<<<< Checking for AddOn CWSClean.def information >>>>>>>>>>
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11F#`I;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11F#`I !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ 11F#`I;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ 11F#`I !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11F#`I;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11F#`I !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE !
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW;Delete;
Error deleting registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW !

Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2/14/2006 3:46:22 PM

#10 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 16 February 2006 - 08:23 PM

eTrust Scan:

Scan Results: 47982 files scanned. 737 viruses were detected.

File Infection Status Path
A0197249.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197250.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197251.exe Win32.Secdrop.BE infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197252.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197253.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197254.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197255.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197256.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197257.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197258.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197259.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197260.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197261.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197262.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197263.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197264.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197265.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197266.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197267.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197268.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197269.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197270.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197271.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197272.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197273.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197274.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197275.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197276.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197277.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197278.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197279.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197280.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197281.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197282.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197283.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197284.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197285.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197286.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197287.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197288.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197289.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197290.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197291.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197292.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197293.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197294.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197295.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197296.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197297.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197298.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197299.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197300.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197301.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197302.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197303.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197304.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197305.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197306.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197307.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197308.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197309.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197310.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197311.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197312.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197313.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197314.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197315.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197316.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197317.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197318.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197319.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197320.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197321.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197322.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197323.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197324.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197325.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197326.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197327.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197328.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197329.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197330.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197331.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197332.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197333.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197335.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197336.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197337.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197338.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197339.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197340.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197341.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197342.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197343.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197344.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197345.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197346.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197347.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197348.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197349.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197350.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197351.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197352.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197353.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197354.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197355.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197356.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197357.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197358.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197359.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197360.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197361.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197362.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197363.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197364.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197365.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197366.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197367.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197368.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197369.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197370.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197371.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197372.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197373.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197374.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197375.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197376.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197377.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197378.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197379.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197380.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197381.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197382.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197383.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197384.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197385.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197386.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197387.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197388.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197389.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197391.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197392.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197393.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197394.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197395.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197396.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197397.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197398.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197399.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197400.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197401.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197402.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197403.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197404.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197405.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197406.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197407.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197408.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197409.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197410.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197411.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197412.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197413.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197414.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197415.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197416.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197417.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197418.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197419.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197420.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197421.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197422.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197423.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197424.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197425.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197426.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197427.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197428.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197429.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197430.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197431.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197432.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197433.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197434.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197435.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197436.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197437.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197438.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197439.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197440.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197441.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197442.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197443.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197444.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197445.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197446.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197447.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197448.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197449.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197450.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197451.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197452.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197453.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197454.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197455.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197456.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197457.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197458.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197459.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197460.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197461.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197462.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197463.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197464.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197465.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197466.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197467.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197468.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197469.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197470.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197471.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197472.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197473.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197474.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197475.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197476.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197477.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197478.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197479.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197480.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197481.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197482.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197483.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197484.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197485.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197486.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197487.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197488.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197489.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197490.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197491.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197492.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197493.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197494.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197495.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197496.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197497.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197498.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197499.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197500.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197501.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197502.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197503.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197504.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197505.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197506.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197507.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197508.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197509.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197510.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197511.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197512.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197513.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197514.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197515.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197516.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197517.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197518.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197519.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197520.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197521.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197522.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197523.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197524.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197525.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197526.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197527.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197528.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197529.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197530.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197531.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197532.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197533.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197534.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197535.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197536.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197537.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197538.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197539.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197541.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197542.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197543.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197544.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197545.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197546.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197547.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197548.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197549.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197550.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197551.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197552.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197553.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197554.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197555.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197556.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197557.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197558.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197559.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197560.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197561.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197562.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197563.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197564.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197565.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197566.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197567.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197568.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197569.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197570.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197571.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197572.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197573.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197574.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197575.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197576.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197577.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197578.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197579.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197580.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197581.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197582.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197583.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197584.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197585.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197586.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197587.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197588.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197589.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197590.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197591.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197592.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197593.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197594.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197595.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197596.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197597.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197598.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197599.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197600.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197601.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197602.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197603.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197604.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197605.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197606.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197607.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197608.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197609.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197610.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197611.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197612.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197613.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197614.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197615.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197616.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197617.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197618.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197619.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197620.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197621.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197622.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197623.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197624.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197625.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197626.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197627.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197628.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197629.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197630.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197631.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197632.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197633.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197634.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197635.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197636.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197637.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197638.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197639.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197640.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197641.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197642.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197643.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197644.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197645.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197646.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197647.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197648.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197649.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197650.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197651.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197652.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197653.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197654.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197655.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197656.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197657.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197658.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197659.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197660.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197661.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197662.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197663.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197664.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197665.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197666.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197667.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197668.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197669.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197670.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197671.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197672.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197673.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197674.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197675.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197676.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197677.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197678.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197679.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197680.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197681.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197682.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197683.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197684.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197685.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197686.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197687.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP10

#11 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 16 February 2006 - 08:24 PM

A0197688.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197689.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197690.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197691.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197692.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197693.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197694.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197695.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197696.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197697.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197698.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197699.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197700.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197701.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197702.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197703.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197704.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197705.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197706.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197707.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197708.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197709.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197710.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197711.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197712.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197713.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197714.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197715.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197716.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197717.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197718.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197719.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197720.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197721.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197722.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197723.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197724.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197725.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197726.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197727.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197728.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197729.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197730.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197731.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197732.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197733.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197734.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197735.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197736.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197737.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197738.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197739.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197740.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197741.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197742.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197743.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197744.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197745.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197746.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197747.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197748.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197749.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197750.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197751.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197752.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197753.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197754.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197755.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197756.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197757.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197758.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197759.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197760.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197761.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197762.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197763.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197764.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197765.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197766.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197767.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197768.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197769.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197770.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197771.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197772.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197773.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197774.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197775.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197776.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197777.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197778.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197779.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197780.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197781.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197782.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197783.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197784.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197785.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197786.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197787.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197788.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197789.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197790.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197791.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197792.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197793.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197794.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197795.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197796.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197797.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197798.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197799.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197800.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197801.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197802.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197803.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197804.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197805.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197806.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197807.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197808.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197809.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197810.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197811.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197812.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197813.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197814.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197815.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197816.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197817.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197818.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197819.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197820.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197821.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197822.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197823.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197824.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197825.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197826.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197827.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197828.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197829.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197830.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197831.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197832.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197833.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197834.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197835.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197836.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197837.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197838.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197839.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197840.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197841.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197842.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197843.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197844.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197845.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197846.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197847.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197848.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197849.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197850.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197851.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197852.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197853.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197854.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197855.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197856.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197857.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197858.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197859.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197860.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197861.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197862.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197863.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197864.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197865.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197866.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197867.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197868.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197869.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197870.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197871.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197872.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197873.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197874.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197875.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197876.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197877.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197878.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197879.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197880.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197881.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197882.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197883.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197884.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197885.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197886.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197887.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197888.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197889.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197890.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197891.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197892.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197893.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197894.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197895.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197896.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197897.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197898.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197899.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197900.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197901.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197902.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197903.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197904.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197905.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197906.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197907.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197908.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197909.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197910.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197911.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197912.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197913.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197914.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197915.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197916.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197917.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197918.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197919.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197920.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197921.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197922.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197923.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197924.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197925.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197926.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197927.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197928.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197929.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197930.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197931.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197932.dll Win32.Winshow.IN infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197933.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197934.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197935.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197936.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197937.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197938.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197939.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197940.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197941.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197942.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197943.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197944.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197945.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197946.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197947.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197948.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197949.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197950.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197951.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197952.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197953.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197954.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197955.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197956.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197957.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197958.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197959.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197962.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197963.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197964.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197965.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197966.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197967.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197968.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197969.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197970.exe Win32.Winshow.IS infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197971.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197972.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197973.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197974.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197975.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197976.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197977.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197978.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197979.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197980.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197981.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197982.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197983.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0197984.exe Win32.Winshow.IT infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
A0199273.exe Win32.Winshow.IU infected C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1025\
netyk.exe Win32.Winshow.IU infected C:\WINDOWS\
appay.exe Win32.Winshow.IS infected C:\WINDOWS\SYSTEM32\
iedk32.exe Win32.Winshow.IS infected C:\WINDOWS\SYSTEM32\
mpylc.dll Win32.Startpage.TF infected C:\WINDOWS\SYSTEM32\
winvt32.exe Win32.Winshow.IS infected C:\WINDOWS\

#12 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 16 February 2006 - 08:26 PM

Here's what wouldnt delete from eTrust... and the computer still won't load the taskbar programs on the right hand side at startup. clock still freezes. only works in safe mode. sorry about the long posts.

thank you.

eTrust... Not Deleted

netyk.exe Win32.Winshow.IU cannot delete C:\WINDOWS\
appay.exe Win32.Winshow.IS cannot delete C:\WINDOWS\SYSTEM32\

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:32 PM

Posted 18 February 2006 - 09:47 PM

Hi bona. Ok, let's run a full scan with WinPFind.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here and I will review the information when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 25 February 2006 - 03:33 PM

i will have the winpfind scan posted soon. sorry for the delay. i havent had access to that computer in a bit.

#15 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 28 February 2006 - 02:32 PM

We are able to turn the computer on in regular mode finally. Still popups with web browsing and I imagine a few left over viruses. here is the WiNPFind scan:

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PTech 4/14/2004 7:36:24 PM H 3002873 C:\kyf.dat

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
qoologic 11/17/2004 12:38:20 AM 3237 C:\WINDOWS\actnnn.dll
abetterinternet.com 11/17/2004 12:38:20 AM 3237 C:\WINDOWS\actnnn.dll
aspack 9/20/2004 10:59:18 PM 192000 C:\WINDOWS\ANCHORMAN_SS_1.scr
aspack 9/20/2004 10:59:12 PM 535040 C:\WINDOWS\flashax.exe

Checking %System% folder...
UPX! 9/17/2001 1:20:02 PM 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 1/25/2006 12:24:32 AM 91136 C:\WINDOWS\SYSTEM32\frxdqao.exe
PTech 1/12/2006 11:32:12 AM 543496 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 12/22/2005 8:46:00 AM 91136 C:\WINDOWS\SYSTEM32\mdekjcp.exe
PECompact2 2/8/2006 12:23:40 AM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2/8/2006 12:23:40 AM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/28/2006 2:10:36 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
2/28/2006 2:24:26 PM H 24 C:\WINDOWS\psJsK
2/28/2006 2:10:44 PM H 54156 C:\WINDOWS\QTFont.qfn
2/14/2006 3:53:52 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\438592bd0a35d9254fb9860cffa394f2\BIT5.tmp
1/3/2006 1:17:06 PM S 8792 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911564.cat
1/4/2006 12:39:38 AM S 11223 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911927.cat
1/2/2006 6:09:36 PM S 11223 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/13/2006 2:28:32 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913446.cat
2/28/2006 2:24:54 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
2/28/2006 2:10:38 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
2/28/2006 2:11:22 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
2/28/2006 2:24:54 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
2/28/2006 2:13:56 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
2/24/2006 8:30:26 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
2/12/2006 10:09:34 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\0ebc11d0-a753-4831-b545-c5b62acb5852
2/12/2006 10:09:34 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
2/28/2006 2:10:40 PM H 6 C:\WINDOWS\Tasks\SA.DAT
2/15/2006 4:11:16 PM HS 616448 C:\WINDOWS\Temp\xrbz3pxy.TMP

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/15/2005 9:36:22 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/31/2001 9:02:02 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
8/16/2004 6:05:54 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
7/31/2002 11:24:20 AM 875 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/31/2001 8:53:44 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
8/13/2003 11:29:48 PM 12 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt

Checking files in %USERPROFILE%\Startup folder...
8/31/2001 9:02:02 AM HS 84 C:\Documents and Settings\Joe Landino\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
8/31/2001 8:53:44 AM HS 62 C:\Documents and Settings\Joe Landino\Application Data\DESKTOP.INI
11/10/2004 5:46:14 PM 65024 C:\Documents and Settings\Joe Landino\Application Data\GDIPFONTCACHEV1.DAT
1/23/2006 11:33:54 PM 784 C:\Documents and Settings\Joe Landino\Application Data\mpauth.dat

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
FunWebProducts =
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{07AB41D0-0E74-476E-B629-DDAE84C68986} =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gmknmm
{4ee3c67d-4fe6-49a8-a4d5-a0321d3e71fd} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
NAV Agent C:\PROGRA~1\NORTON~1\navapw32.exe
atldu32.exe C:\WINDOWS\system32\atldu32.exe
netyk.exe C:\WINDOWS\netyk.exe
sdksr32.exe C:\WINDOWS\sdksr32.exe
windr32.exe C:\WINDOWS\system32\windr32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Ultimate Popup Killer C:\Program Files\Ultimate Popup Killer\Popupkiller.exe

Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
ares "C:\Program Files\Ares Lite Edition\Ares.exe" -h

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper 0
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
ClassicShell 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2/28/2006 2:25:08 PM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users