« previous next »
Pages: [1]

Author Topic: Outgoing e-mail Spam!  (Read 1415 times)

Offline AntonioGG

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Outgoing e-mail Spam!
« on: November 13, 2005, 11:23:50 PM »
Hi, my computer sends hundreds of emails (upon internet connection). I'm sure it's a kind of Trojan virus that installs with its own smtp engine. Norton Internet Security can't help me - every time after scan it says: system clean, but it's not.
I have seen the same  topic already (a couple weeks ago), but that guy didn't point cleary how to cope with it.
Could you help me pleeeeease?! I include the hijackthis log below (my primary XP system is on D: drive, secondary win98 is on C: drive)


Logfile of HijackThis v1.99.1
Scan saved at 6:42:12, on 14.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINXP\system32\spoolsv.exe
D:\WINXP\Explorer.exe
D:\WINXP\System32\kernels32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINXP\System32\PDesk\PDesk.exe
D:\WINXP\System32\kxmixer.exe
D:\WINXP\System32\kernels32.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
D:\WINXP\System32\ctfmon.exe
D:\WINXP\System32\wіnspool.exe
D:\Program Files\oeaa\mcal.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
D:\PROGRA~1\Magic\Magic.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\WINXP\System32\mgabg.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINXP\system32\srvany.exe
D:\WINXP\system32\resetservice.exe
D:\WINXP\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
D:\Program Files\Norton Internet Security Professional\AlertAst.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\OPScan.exe
D:\WINXP\system32\NOTEPAD.EXE
D:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
F2 - REG:system.ini: Shell=Explorer.exe D:\WINXP\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {88504FB7-B568-DB9C-03D2-85B3CB547DFF} - D:\WINXP\System32\eyqxni.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {B87D7FBF-982D-9EAE-2EE7-B29E8A6050CF} - D:\WINXP\System32\eyqxni.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Радио - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINXP\Updreg.exe
O4 - HKLM\..\Run: [DevconDefaultDB] D:\WINXP\READREG /PSCONV={NO}
O4 - HKLM\..\Run: [Matrox Powerdesk] D:\WINXP\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [kX Mixer] D:\WINXP\System32\kxmixer.exe --startup
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [System] D:\WINXP\System32\kernels32.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] D:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NexusServer] "D:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Hlcve] D:\WINXP\System32\wіnspool.exe
O4 - HKCU\..\Run: [Tern] "D:\Program Files\oeaa\mcal.exe" -vt mt
O4 - Startup: Magic.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RaConfig2500.lnk = D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINXP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINXP\web\related.htm
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {8CF9043D-68DD-49E7-BE1D-AF21A3188EF2} (FilialRemoteMonitoring Class) - https://www.impexbank.ru/rmc/battle/FilialRCon.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=5049
O20 - Winlogon Notify: reset5 - D:\WINXP\SYSTEM32\reset5.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - D:\WINXP\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - D:\WINXP\System32\imapi.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - D:\WINXP\System32\mgabg.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - D:\WINXP\System32\mnmsrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Служба сетевого DDE (NetDDE) - Корпорация Майкрософт - D:\WINXP\system32\netdde.exe
O23 - Service: Диспетчер сетевого DDE (NetDDEdsdm) - Корпорация Майкрософт - D:\WINXP\system32\netdde.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - D:\WINXP\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - D:\WINXP\system32\sessmgr.exe
O23 - Service: Reset 5 - Unknown owner - D:\WINXP\system32\srvany.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Модуль поддержки смарт-карт (SCardDrv) - Корпорация Майкрософт - D:\WINXP\System32\SCardSvr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - D:\WINXP\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - D:\WINXP\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - D:\WINXP\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - D:\WINXP\System32\wbem\wmiapsrv.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Outgoing e-mail Spam!
« Reply #1 on: November 13, 2005, 11:53:09 PM »
Can you do the following please

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Don't run a scan yet


Download and save too desktop
FixBlast.exe from Symantec's
Don't run it yet

Download and UNZIP to desktop Deldomains.zip
So you now have DelDomains.inf extracted

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

In safe mode
Run FixBlast.exe and allow to scan your drive and fix what it finds

When it's done

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Do another scan with Hijackthis and put a check next to these entries:

F2 - REG:system.ini: Shell=Explorer.exe D:\WINXP\System32\kernels32.exe

O2 - BHO: (no name) - {88504FB7-B568-DB9C-03D2-85B3CB547DFF} - D:\WINXP\System32\eyqxni.dll (file missing)

O2 - BHO: (no name) - {B87D7FBF-982D-9EAE-2EE7-B29E8A6050CF} - D:\WINXP\System32\eyqxni.dll (file missing)

O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe

O4 - HKLM\..\Run: [System] D:\WINXP\System32\kernels32.exe
O4 - HKCU\..\Run: [Hlcve] D:\WINXP\System32\wіnspool.exe
O4 - HKCU\..\Run: [Tern] "D:\Program Files\oeaa\mcal.exe" -vt mt

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINXP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINXP\web\related.htm

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=5049

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

==Right Click on DelDomains.inf>>Choose Install from the menu bar
This will delete all your Trusted and Ranges entries


Reboot back to normal mode

Post a new hijackthis log and the whole report from Ewidos
« Last Edit: November 13, 2005, 11:57:17 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline AntonioGG

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Outgoing e-mail Spam!
« Reply #2 on: November 14, 2005, 07:23:01 PM »
Hi
Questolo, first of all thank you very much for your quick reply!
Well, I did exactly what you said step-by-step, but the problem still remains. So I don't know what to do with that damned outgoing e-mail spamming... :-(

Below is the logs of hijackthis and ewido.


Logfile of HijackThis v1.99.1
Scan saved at 3:10:36, on 15.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINXP\system32\spoolsv.exe
D:\WINXP\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINXP\System32\PDesk\PDesk.exe
D:\WINXP\System32\kxmixer.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
D:\WINXP\System32\ctfmon.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
D:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXKERNL.Exe
D:\PROGRA~1\ICQ\ICQ.exe
D:\PROGRA~1\Magic\Magic.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINXP\System32\mgabg.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINXP\system32\srvany.exe
D:\WINXP\system32\resetservice.exe
D:\WINXP\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
D:\HJT\HijackThis.exe
D:\WINXP\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Радио - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINXP\Updreg.exe
O4 - HKLM\..\Run: [DevconDefaultDB] D:\WINXP\READREG /PSCONV={NO}
O4 - HKLM\..\Run: [Matrox Powerdesk] D:\WINXP\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [kX Mixer] D:\WINXP\System32\kxmixer.exe --startup
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] D:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NexusServer] "D:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: Magic.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RaConfig2500.lnk = D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {8CF9043D-68DD-49E7-BE1D-AF21A3188EF2} (FilialRemoteMonitoring Class) - https://www.impexbank.ru/rmc/battle/FilialRCon.cab
O20 - Winlogon Notify: reset5 - D:\WINXP\SYSTEM32\reset5.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - D:\WINXP\system32\services.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - D:\WINXP\System32\imapi.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - D:\WINXP\System32\mgabg.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - D:\WINXP\System32\mnmsrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Служба сетевого DDE (NetDDE) - Корпорация Майкрософт - D:\WINXP\system32\netdde.exe
O23 - Service: Диспетчер сетевого DDE (NetDDEdsdm) - Корпорация Майкрософт - D:\WINXP\system32\netdde.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - D:\WINXP\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - D:\WINXP\system32\sessmgr.exe
O23 - Service: Reset 5 - Unknown owner - D:\WINXP\system32\srvany.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Модуль поддержки смарт-карт (SCardDrv) - Корпорация Майкрософт - D:\WINXP\System32\SCardSvr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - D:\WINXP\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - D:\WINXP\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - D:\WINXP\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - D:\WINXP\System32\wbem\wmiapsrv.exe


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         2:16:53, 15.11.2005
 + Report-Checksum:      1DD7DD46

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1\CLSID\\ -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINXP/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINXP/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINXP/Downloaded Program Files/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINXP/Downloaded Program Files/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINXP/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINXP/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINXP/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-1060284298-1606980848-1343024091-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning
   [836] D:\WINXP\System32\kernels32.exe -> TrojanDownloader.Small.bpm : Cleaned with backup
   C:\WINDOWS\Temporary Internet Files\Content.IE5\KLUBKPUJ\empty[1].html -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected] -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected] -> Spyware.Cookie.Clickagents : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected] -> Spyware.Cookie.Valueclick : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@bfast(1).txt -> Spyware.Cookie.Bfast : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@advertising(1).txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected] -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hg1_hitbox.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@fastclick[4].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hotlog[6].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@ad-flow[2].txt -> Spyware.Cookie.Ad-flow : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@fastclick[6].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hotlog[4].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hitbox[4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@gator[4].txt -> Spyware.Cookie.Gator : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][4].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hotlog[2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@spylog[5].txt -> Spyware.Cookie.Spylog : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@spylog[6].txt -> Spyware.Cookie.Spylog : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@gator[2].txt -> Spyware.Cookie.Gator : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@spylog[3].txt -> Spyware.Cookie.Spylog : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@oxcash[2].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Gator : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@x10[2].txt -> Spyware.Cookie.X10 : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@spylog[4].txt -> Spyware.Cookie.Spylog : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@dbbsrv[1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Gator : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@fastclick[3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Trakkerd : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@gator[3].txt -> Spyware.Cookie.Gator : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@trafficmp[3].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@hotlog[3].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@oxcash[3].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Counted : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\WINDOWS\Cookies\coffin@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
   C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
   C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\C5INKH6V\mm[2].js -> Spyware.Chitika : Cleaned with backup
   C:\Program Files\GlobalSCAPE\CuteFTP\CTInstall.exe -> Spyware.TimeSink : Cleaned with backup
   C:\lo-458426835.exe -> TrojanDownloader.Small.bpm : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@adviva[1].txt -> Spyware.Cookie.Adviva : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@excite[1].txt -> Spyware.Cookie.Excite : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@hotlog[2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\coffin@xxxtoolbar[2].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
   D:\Documents and Settings\Coffin\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
   D:\Documents and Settings\Coffin\Local Settings\Temporary Internet Files\Content.IE5\STY3852N\mm[1].js -> Spyware.Chitika : Cleaned with backup
   D:\Program Files\GlobalSCAPE\CuteFTP\CTInstall.exe -> Spyware.TimeSink : Cleaned with backup
   D:\Program Files\oeaa\mcal.exe -> TrojanDownloader.PurityScan.au : Cleaned with backup
   D:\RECYCLER\S-1-5-21-606747145-1677128483-854245398-500\Dd73\SAHPackage.exe -> Adware.SAHA : Cleaned with backup
   D:\WINXP\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
   D:\WINXP\Downloaded Program Files\win32.exe -> TrojanDownloader.Small.bpm : Cleaned with backup
   D:\WINXP\mtuninst.exe -> Spyware.MediaTickets : Cleaned with backup
   D:\WINXP\system32\kernels32.exe -> TrojanDownloader.Small.bpm : Cleaned with backup
   D:\WINXP\system32\oins.exe -> Spyware.MediaTickets : Cleaned with backup
   D:\WINXP\system32\vx.tll -> Adware.SpySheriff : Cleaned with backup
   D:\WINXP\system32\vxgamet3.exe -> TrojanDownloader.Small.bpz : Cleaned with backup
   D:\WINXP\system32\wіnspool.exe -> Spyware.PurityScan : Cleaned with backup


::Report End
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Outgoing e-mail Spam!
« Reply #3 on: November 14, 2005, 11:44:12 PM »
Hmm, some of your entries are in Russian and I'm not sure if there all needed services you need on startup
We'll leave them for now

From my signature below, try and run an online virus scan at Kaspersky's
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make sure that the following are selected:
          o Scan using the following Anti-Virus database:
            Extended (if available otherwise Standard)
          o Scan Options:
            Scan Archives
            Scan Mail Bases
    * Click OK
    * Now under select a target to scan:
            Select My Computer
    * This program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.
          o Now click on the Save as Text button:
    * Save the file to your desktop.
    * Copy and paste that information in your next post.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline AntonioGG

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Outgoing e-mail Spam!
« Reply #4 on: November 15, 2005, 11:35:51 AM »
Hi
I finished scanning with Kaspersky on-line scanner. Here'the result.


-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Tuesday, November 15, 2005 19:31:32
 Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
 Kaspersky On-line Scanner version: 5.0.67.0
 Kaspersky Anti-Virus database last update: 15/11/2005
 Kaspersky Anti-Virus database records: 159914
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\

Scan Statistics:
   Total number of scanned objects: 391477
   Number of viruses found: 32
   Number of infected objects: 406
   Number of suspicious objects: 0
   Duration of the scan process: 16106 sec

Infected Object Name - Virus Name
C:\Program Files\mirc\mirc32.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.591
C:\ht.hta   Infected: Trojan-Clicker.JS.gen
C:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011410.exe   Infected: not-a-virus:AdWare.Win32.TimeSink
C:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011411.exe   Infected: Trojan-Downloader.Win32.Small.bpm
D:\Program Files\mIRC\backup\mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.614
D:\Program Files\mIRC\mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.614
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\2FC50A29.exe   Infected: Trojan-Downloader.Win32.Small.atl
D:\RECYCLER\S-1-5-21-606747145-1677128483-854245398-500\Dd93\Invision.i2b3515+update+key\mirc612.exe/data0001.bin   Infected: not-a-virus:Client-IRC.Win32.mIRC.612
D:\RECYCLER\S-1-5-21-606747145-1677128483-854245398-500\Dd93\Invision.i2b3515+update+key\mirc612.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.612
D:\RECYCLER\S-1-5-21-606747145-1677128483-854245398-500\Dd93\Invision.i2b3515+update+key.rar/Invision.i2b3515+update+key/mirc612.exe/data0001.bin   Infected: not-a-virus:Client-IRC.Win32.mIRC.612
D:\RECYCLER\S-1-5-21-606747145-1677128483-854245398-500\Dd93\Invision.i2b3515+update+key.rar/Invision.i2b3515+update+key/mirc612.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.612
D:\RECYCLER\S-1-5-21-606747145-1677128483-854245398-500\Dd93\Invision.i2b3515+update+key.rar   Infected: not-a-virus:Client-IRC.Win32.mIRC.612
D:\SOFTINA\Mirc 6.14\mirc stuff\polaris(v2.05c).zip/mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.602
D:\SOFTINA\Mirc 6.14\mirc stuff\polaris(v2.05c).zip   Infected: not-a-virus:Client-IRC.Win32.mIRC.602
D:\SOFTINA\Mirc 6.14\mirc614.exe/data0001.bin   Infected: not-a-virus:Client-IRC.Win32.mIRC.614
D:\SOFTINA\Mirc 6.14\mirc614.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.614
D:\SOFTINA\Radmin\RADMIN21.EXE/AdmDll.dll   Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20
D:\SOFTINA\Radmin\RADMIN21.EXE/raddrv.dll   Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20
D:\SOFTINA\Radmin\RADMIN21.EXE/radmin.exe   Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
D:\SOFTINA\Radmin\RADMIN21.EXE/r_server.exe   Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
D:\SOFTINA\Radmin\RADMIN21.EXE   Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
D:\SOFTINA\Serv-U\ServUSetup.exe/SERVUDAEMON.EXE   Infected: not-a-virus:Server-FTP.Win32.Serv-U.5000
D:\SOFTINA\Serv-U\ServUSetup.exe/SERVUTRAY.EXE   Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
D:\SOFTINA\Serv-U\ServUSetup.exe   Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
D:\System Volume Information\_restore{0527E046-4483-4FD5-B885-E98C1CE226FE}\RP502\A0117934.dll   Infected: Trojan-Downloader.Win32.Domcom.a
D:\System Volume Information\_restore{0527E046-4483-4FD5-B885-E98C1CE226FE}\RP504\A0118094.exe   Infected: not-a-virus:AdWare.Win32.BlazeFind.b
D:\System Volume Information\_restore{0527E046-4483-4FD5-B885-E98C1CE226FE}\RP504\A0118096.exe   Infected: not-a-virus:AdWare.Win32.TimeSink
D:\System Volume Information\_restore{0527E046-4483-4FD5-B885-E98C1CE226FE}\RP504\A0118160.dll   Infected: not-a-virus:AdWare.Win32.BiSpy.o
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP14\A0001982.exe   Infected: Trojan-Downloader.Win32.Small.bon
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP14\A0002014.exe   Infected: Trojan-Downloader.Win32.Agent.tx
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP15\A0002040.exe   Infected: not-a-virus:AdWare.Win32.MediaTickets.s
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP15\A0002057.dll   Infected: not-a-virus:AdWare.Win32.PurityScan.ak
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP20\A0002257.exe   Infected: Trojan-Downloader.Win32.Agent.xh
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003444.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003445.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003446.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003447.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003448.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003449.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003450.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003451.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003452.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003453.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003454.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003455.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003456.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003457.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003458.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003459.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003460.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003461.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003462.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003463.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003464.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003465.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003466.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003467.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003468.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003469.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003470.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003471.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003472.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003473.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003474.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003475.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003476.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003477.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003478.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003479.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003480.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003481.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003482.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003483.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003484.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003485.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003486.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003487.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003488.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003489.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003490.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003491.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003492.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003493.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003494.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003495.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003496.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003497.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003498.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003499.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003500.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003501.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003502.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003503.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003504.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003505.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003506.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003507.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003508.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003509.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003510.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003511.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003512.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003513.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003514.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003515.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003516.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003517.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003518.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003519.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003520.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003521.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003522.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003523.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003524.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003525.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003526.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003527.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003528.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003529.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003530.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003531.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003532.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003533.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003534.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003535.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003536.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003537.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003538.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003539.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003540.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003541.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003542.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003543.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003544.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003545.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003546.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003547.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003548.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003549.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003550.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003551.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003552.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003553.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003554.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003555.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003556.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003557.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003558.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003559.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003560.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003561.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003562.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003563.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003564.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003565.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003566.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003567.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003568.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003569.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003570.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003571.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003572.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003573.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003574.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003575.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003576.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003577.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003578.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003579.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003580.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003581.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003582.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003583.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003584.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003585.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003586.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003587.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003588.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003589.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003590.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003591.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003592.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003593.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003594.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003595.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003596.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003597.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003598.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003599.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003600.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003601.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003602.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003603.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003604.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003605.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003606.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003607.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003608.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003609.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003610.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003611.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003612.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003613.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003614.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003615.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003616.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003617.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003618.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003619.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003620.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003621.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003622.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003623.exe   Infected: Backdoor.Win32.Haxdoor.cn
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003624.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003626.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003627.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003628.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003629.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003630.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003631.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003632.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003633.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003634.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003635.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003636.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003637.exe   Infected: Trojan-Downloader.Win32.Small.bon
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003638.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003639.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003640.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003641.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003642.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003643.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003644.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003645.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003646.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003647.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003648.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003649.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003650.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003651.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003652.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003653.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003654.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003655.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003656.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003657.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003658.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003659.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003660.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003661.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003662.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003663.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003664.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003665.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003666.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003667.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003668.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003669.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003670.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003671.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003672.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003673.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003674.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003675.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003676.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003677.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003678.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003679.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003680.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003681.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003682.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003683.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003684.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003685.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003686.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003687.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003688.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003689.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003690.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003691.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003692.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003693.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003694.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003695.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003696.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003697.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003698.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003699.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003700.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003701.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003702.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003703.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003704.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003705.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003706.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003707.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003708.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003709.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003710.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003711.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003712.exe   Infected: Worm.Win32.Lovesan.a
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003713.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003714.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003715.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003716.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003717.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003718.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003719.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003720.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003721.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003722.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003723.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003724.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003725.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003726.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003727.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003728.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003729.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003730.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003731.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003732.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003733.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003734.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003735.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003736.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003737.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003738.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003739.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003740.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003741.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003742.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003743.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003744.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003745.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003746.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003747.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003748.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003749.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003750.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003751.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003752.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003753.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003754.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003755.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003756.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003757.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003758.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003759.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003760.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003761.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003762.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003763.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003764.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003765.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003766.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003767.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003768.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003769.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003770.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003771.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003772.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003773.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003774.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003775.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003776.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003777.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003778.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003779.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003780.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003781.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003782.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003783.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003784.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003785.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003786.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003787.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003788.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003789.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003790.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003791.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003792.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003793.exe   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003794.qtd   Infected: Trojan-Clicker.Win32.Spywad.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003795.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003796.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003797.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003798.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003799.exe   Infected: Trojan-Dropper.Win32.Agent.ta
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003800.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003801.exe   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003802.qtd   Infected: Trojan-Downloader.Win32.Small.bho
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003803.exe   Infected: Backdoor.Win32.Agent.iw
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0003804.exe   Infected: Trojan-Downloader.Win32.Agent.tx
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0004140.exe   Infected: Trojan-Downloader.Win32.Small.bpz
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP23\A0004141.dll   Infected: not-a-virus:AdWare.Win32.PurityScan.ak
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP38\A0010215.exe   Infected: Trojan-Downloader.Win32.Small.atl
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011409.exe   Infected: Trojan-Downloader.Win32.Small.bpm
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011412.exe   Infected: not-a-virus:AdWare.Win32.TimeSink
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011413.exe   Infected: Trojan-Downloader.Win32.PurityScan.au
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011414.exe   Infected: Trojan-Dropper.Win32.Agent.lh
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011415.exe   Infected: not-a-virus:AdWare.Win32.MediaTickets.q
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011416.exe   Infected: not-a-virus:AdWare.Win32.MediaTickets.q
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011417.exe   Infected: Trojan-Downloader.Win32.Small.bpz
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011418.exe   Infected: not-a-virus:AdWare.Win32.PurityScan.dl
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011931.exe/data0002   Infected: not-a-virus:AdWare.Win32.Sahat.h
D:\System Volume Information\_restore{76BC4B05-5F98-4599-9C19-B70D524DF184}\RP39\A0011931.exe   Infected: not-a-virus:AdWare.Win32.Sahat.h

Scan process completed.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Outgoing e-mail Spam!
« Reply #5 on: November 16, 2005, 11:47:13 PM »
This is a tough one as some of the files found by Kapersky's can be used legitimately or malicously
In your case I would think you were hacked

Do you intentionally have this program installed
SOFTINA\Radmin

Can you look at the following link please
http://securityresponse.symantec.com/avcen...acc.radmin.html

Additional to Symantec's instructions, they mention cleaning the Hosts files
I suggest instead
Download Hoster.zip and save it to your Desktop.
UNZIP the contents to your desktp

Locate the Hoster folder on your Desktop, open it and double click on Hoster.exe
Click on Restore Original Hosts
In the confirmation window, click on OK.

If you didn't intentionally install the above program we have to rid you of it
Change all passwords to email and online banking

I would also opt to run the following
Download the Trial version of TrojanHunter from this link
http://www.trojanhunter.com/trojanhunter/
This is good for 30 days

After installation you will have to manually update the Latest Ruleset
Go to this link
http://www.trojanhunter.com/trojanhunter/updating/
Download the Latest Ruleset to desktop

Unzip it to your Trojan Hunter folder
Allow to overwrite if prompted
The default location should be C:\Program Files\TrojanHunter

Restart into safe mode and
Run a full system scan
Let it clean what it finds and then restart your computer back into Normal mode

It's been awhile since I have ran TrojanHunter, but it should give you the option to save a log
Can you post that log back here please
« Last Edit: November 17, 2005, 12:00:34 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »