Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Need help - Followed all directions - Please see thread Need help - Followed all directions - Please see thread
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 2 < 1 2
 
Thread Tools
Old 01-09-2008, 02:30 AM   #21 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 3,045
OS: XP


Re: Need help - Followed all directions - Please see thread
Hi,

You got reinfected..You should know that a lot of your programs would not work anymore because of the infection you had. In case, you encounter something that won't work, you will need to reinstall that program.

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
______

Combofix Deletions
  • Open notepad.
  • Copy and paste the text inside the code box below to notepad
Code:
Killall::

File::
C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfaxx.sys
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk

Folder::
C:\Temp\tn3
C:\Program Files\kernel
C:\WINDOWS\SYSTEM32\usmvt3
C:\WINDOWS\SYSTEM32\drivez4
C:\WINDOWS\SYSTEM32\comp2
C:\WINDOWS\SYSTEM32\cache3
C:\WINDOWS\SYSTEM32\ardCo01
C:\Temp\cEeer12
C:\Temp

Driver::
ntmtlfaxx

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ncao"=-
"Fjodky"=-
"kernel"=-
"Router"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"=-
  • Save and Name it as "CFScript"
  • Drag and drop CFScript.txt to your copy of combofix.
  • You can take a look at the image below if you're unsure on how to do it.
  • Combofix wil restart your machine then it will produce a log afterwards.
  • Please post the contents of that log along with a fresh HijackThis log.
_______

I noticed that you are not running any AntiVirus application. You could get infected immediately after we clean you up. Please download and install ONE of these:

» Avast!
» AVG AntiVirus
» AntiVir
______

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems
_______

On your next reply, please include a
  • Fresh HijackThis log.
  • Eset scan log
  • combofix log
__________________
Proud member of UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-10-2008, 08:06 AM   #22 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 18
OS: win xp


Re: Need help - Followed all directions - Please see thread
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10, on 2008-01-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kzjz] "C:\Program Files\Common Files\?ymantec\w?aclt.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - http://walbridgehome.biz/pw/mpsPwLc7.CAB
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\Software\..\Telephony: DomainName = weyoderinc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = weyoderinc.com
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 6440 bytes






# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2780 (20080110)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=00024d60e07bbe4aab0d5c83d27e2229
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-01-10 03:08:05
# local_time=2008-01-10 10:08:05 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=229988
# found=466
# scan_time=1893
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX33.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX36.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX3B.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX3E.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX40.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX41.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX43.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX46.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX47.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX4A.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX4C.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX4D.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX4F.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX50.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX52.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX53.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX55.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX58.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX5D.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX60.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX62.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX65.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX72.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX75.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX7B.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX87.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX8A.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX8D.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX90.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX96.tmp Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\TMP54.tmp a variant of Win32/Agent.NBE trojan 8924004C665711A8A9DE3E6650E33DF9
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\TMP59.tmp a variant of Win32/Agent.NBE trojan 8924004C665711A8A9DE3E6650E33DF9
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\TMP5A.tmp a variant of Win32/Agent.NBE trojan 8924004C665711A8A9DE3E6650E33DF9
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\17569\explorer.exe a variant of Win32/Agent.NBE trojan 056895AF7C68D20012D71A658EBE862E
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\20691\acexe.exe Win32/Adware.BHO.NAQ application 95324415F7BD661A842646B747DB947F
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\29894\explorer.exe a variant of Win32/Agent.NBE trojan 5978CEFBD201DA383247149273502203
C:\Deckard\System Scanner\20071231091319\backup\WINDOWS\temp\ASHeuristic\explorer_exe.vir a variant of Win32/Agent.NBE trojan 056895AF7C68D20012D71A658EBE862E
C:\Deckard\System Scanner\20071231091319\backup\WINDOWS\temp\ASHeuristic\explorer_exe.vir0 a variant of Win32/Agent.NBE trojan 5978CEFBD201DA383247149273502203
C:\Deckard\System Scanner\20071231091319\backup\WINDOWS\temp\ASHeuristic\TMP54_tmp.vir a variant of Win32/Agent.NBE trojan 8924004C665711A8A9DE3E6650E33DF9
C:\Deckard\System Scanner\20071231091319\backup\WINDOWS\temp\ASHeuristic\TMP59_tmp.vir a variant of Win32/Agent.NBE trojan 8924004C665711A8A9DE3E6650E33DF9
C:\Deckard\System Scanner\20071231091319\backup\WINDOWS\temp\ASHeuristic\TMP5A_tmp.vir a variant of Win32/Agent.NBE trojan 8924004C665711A8A9DE3E6650E33DF9
C:\QooBox\Quarantine\catchme2007-12-31_ 90513.73.zip Win32/Adware.Virtumonde.FP application 52C5C4E2654B57569BA3EFFFCA0F6637
C:\QooBox\Quarantine\catchme2007-12-31_ 90513.73.zip »ZIP »pmkjk.dll Win32/Adware.Virtumonde.FP application 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Documents and Settings\jamie\wn0032.exe.vir a variant of Win32/Adware.SpySheriff application 12135978AA747B4523068006F17B47E9
C:\QooBox\Quarantine\C\Documents and Settings\jamie\Application Data\MANTEC~1\ntvdm .exe.vir a variant of Win32/TrojanDownloader.PurityScan trojan 1290ACC55FC46B2359FEBB67C2253535
C:\QooBox\Quarantine\C\Documents and Settings\jamie\Application Data\MANTEC~1\ntvdm.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Documents and Settings\jamie\Application Data\MCROSO~1.NET\wowexec .exe.vir a variant of Win32/TrojanDownloader.PurityScan trojan 1290ACC55FC46B2359FEBB67C2253535
C:\QooBox\Quarantine\C\Documents and Settings\jamie\Application Data\MCROSO~1.NET\wowexec.exe.vir a variant of Win32/TrojanDownloader.PurityScan trojan 1290ACC55FC46B2359FEBB67C2253535
C:\QooBox\Quarantine\C\Program Files\lsass.exe.vir a variant of Win32/TrojanDownloader.Alphabet.P trojan 77163A382443A7FCD684131AB7992183
C:\QooBox\Quarantine\C\Program Files\secure32.html.tcf.vir Win32/Hoax.Renos application DDFA0E32323CEBCD0999B08004462D9E
C:\QooBox\Quarantine\C\Program Files\smss.exe.vir Win32/TrojanDownloader.FakeAlert.G trojan 25CB6B9AF7EC07A112A4968E062266CE
C:\QooBox\Quarantine\C\Program Files\spoolsv.exe.vir Win32/TrojanDownloader.Alphabet.NAF trojan C1EF7043F5C4BF1C2B13E056D7B2360F
C:\QooBox\Quarantine\C\Program Files\ASEMBL~1\w?aclt.exe.vir probably a variant of Win32/Adware.PurityScan application 1A351793FCDC288B0A144590D32EA3E0
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir a variant of Win32/TrojanDownloader.PurityScan trojan FF8FB4B45F333F2C982CF0704904857D
C:\QooBox\Quarantine\C\Program Files\Common Files\Dell\EUSW\Support.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\okiw\okiwa.exe.vir a variant of Win32/TrojanDownloader.TSUpdate.L trojan 4EE62A126582A183BE42269722920C81
C:\QooBox\Quarantine\C\Program Files\Common Files\okiw\okiwl.exe.vir a variant of Win32/TrojanDownloader.TSUpdate.L trojan 9B6AF14D4773A8526228980F838B4193
C:\QooBox\Quarantine\C\Program Files\Common Files\okiw\okiwm .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\okiw\okiwm.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\okiw\okiwp.exe.vir probably a variant of Win32/TrojanDownloader.Agent trojan 12401C4989663BBA0FD9FE463A21793E
C:\QooBox\Quarantine\C\Program Files\Common Files\okiw\okiwd\vocabulary.vir Win32/TrojanDownloader.TSUpdate.J trojan 7901AE90CA5D7979D4FCA52D83D420FB
C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\Sonic\Update Manager\sgtray.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\YMANTE~1\w?aclt.exe.vir probably a variant of Win32/Adware.PurityScan application 1A351793FCDC288B0A144590D32EA3E0
C:\QooBox\Quarantine\C\Program Files\Dell\Media Experience\PCMService.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\hp LaserJet 1000\fwdl.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Intel\Modem Event Monitor\IntelMEM.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Messenger\quzakewon.dll.vir Win32/Adware.ZQuest application 39D8FEB675241490403CBD33A7C14159
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Router\Router.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Web Buying\v1.8.6\webbuying.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\avp .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir Win32/TrojanDownloader.Small.BUY trojan 803A24C624D1E905BE656E23215C7111
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir »NSIS »MTE3MTk6ODoxNg.exe Win32/TrojanDownloader.Small.BUY trojan 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\b128.exe.vir probably a variant of Win32/TrojanDownloader.Agent trojan 6DC2EAC978EF756690822FB1D2F86E9C
C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir probably a variant of Win32/TrojanDownloader.Agent trojan 31F339BA0EFC42C31C6F297682295A43
C:\QooBox\Quarantine\C\WINDOWS\fkwggshm.exe.vir Win32/VB.AZO trojan 0CF3EB2CB9A645EA01C31B505C8689DF
C:\QooBox\Quarantine\C\WINDOWS\lsass .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\lsass.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir probably a variant of Win32/TrojanClicker.Agent.NBS trojan 671544643A2636DEC766E5FF71E2F15A
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Win32/TrojanDownloader.Agent.BLS trojan 19A7FE4DD69B783B2A191B206783D330
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\mrofinu77.exe.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\mrofinu77.exe.vir Win32/TrojanDownloader.Agent.BLS trojan 19A7FE4DD69B783B2A191B206783D330
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Win32/Adware.ZQuest application 233D7CF279872D8BBAEB1D31C3D365B4
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\winshow.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SmFtaWVT\asappsrv.dll.vir Win32/Adware.CommAd application 0F8DEB5A57D8310B2D7EF90B84480F13
C:\QooBox\Quarantine\C\WINDOWS\SmFtaWVT\command.exe.vir Win32/Adware.CommAd application 3E2C234DDE711C6754F2DF994FB3CC94
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dei.dll.vir probably a variant of Win32/Adware.PurityScan application 396955766B2E512BC3545A24BC485DBE
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fhpy.dll.vir probably a variant of Win32/Adware.PurityScan application 396955766B2E512BC3545A24BC485DBE
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hkcmd.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\igfxpers.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\igfxtray.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\llhymcrp.exe.vir Win32/Adware.Ezula application 82163A9C30EBC56D8DD2B7DE9DCA959E
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mlljk.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\OLD76.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pmkjk.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX2B.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX31.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX34.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX35.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX37.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uhgvhpdc.dll.vir Win32/Adware.Virtumonde application A3E6BC2D879B183B7892E02D1526932F
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtsqq.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ardCo01\ardCo011065.exe.vir a variant of Win32/TrojanDownloader.VB.AW trojan FC039BBA134C9362CFC0E8F45D623F51
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\comp2\aroblcidr31z.exe.vir Win32/TrojanDownloader.Small.BUY trojan E391EC0DFDD558A2E85F7141B41E5176
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102119.exe Win32/Adware.ZenoSearch application 2A4A193E9CCB4EE443B7066A67FC20A9
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102121.exe probably a variant of Win32/Adware.PurityScan application 1A351793FCDC288B0A144590D32EA3E0
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102138.exe Win32/TrojanDownloader.Agent.BLS trojan 19A7FE4DD69B783B2A191B206783D330
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102140.exe Win32/Adware.ZenoSearch application 3608317C0B04EB932D88D84613D0E521
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102143.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102145.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102152.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102154.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102156.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102157.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102158.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102159.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102160.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102161.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102162.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102164.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102166.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102167.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102169.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102170.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102171.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102183.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102185.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102186.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102188.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102189.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102190.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102191.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102192.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102194.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102195.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102196.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102197.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102198.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102199.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102200.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102201.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102202.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102203.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102204.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102328.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102331.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102332.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102333.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102335.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102336.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102337.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102339.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102340.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102341.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102342.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102343.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102344.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102348.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102349.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102363.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102364.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102365.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102370.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102399.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102401.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102403.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102404.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102405.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102406.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102407.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102408.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102409.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102410.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102411.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102412.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102413.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102414.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102431.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102440.exe a variant of Win32/TrojanDownloader.PurityScan trojan 23477706E5941EDB998C3036F6A7EB51
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102442.exe Win32/VB.AZO trojan 0CF3EB2CB9A645EA01C31B505C8689DF
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102459.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102462.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102463.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102464.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102465.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102466.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102467.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102468.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102469.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102470.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102471.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102472.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102473.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102491.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102515.exe Win32/TrojanProxy.Small.NAH trojan CA73C4D65EB0BCF8F9AE37F517EF8D59
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102521.exe a variant of Win32/PSW.Sinowal trojan 14C8607180711D8902D7EF38266C7A34
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102528.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102532.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102533.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102534.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102535.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102536.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102537.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102538.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102539.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102541.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102542.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102543.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102544.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102548.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102550.exe Win32/VB.AZO trojan 0CF3EB2CB9A645EA01C31B505C8689DF
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102586.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102596.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102598.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102600.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102601.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102602.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102603.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102604.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102605.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102606.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102607.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102608.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102610.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102611.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102612.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102614.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102640.rbf Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102663.exe Win32/VB.AZO trojan 0CF3EB2CB9A645EA01C31B505C8689DF
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102667.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102669.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102671.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102672.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102673.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102674.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102675.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102676.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102677.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102678.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102679.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102680.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102681.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102682.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102692.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102695.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102696.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102697.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102698.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102699.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102700.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102701.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102702.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102703.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102704.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102706.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102707.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102723.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102755.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102758.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102759.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102761.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102762.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102763.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102765.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102767.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102768.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102769.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102770.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102771.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102772.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102775.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102778.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102798.exe Win32/VB.AZO trojan 0CF3EB2CB9A645EA01C31B505C8689DF
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102836.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102841.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102844.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102845.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102846.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102847.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102848.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102849.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102850.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102851.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102852.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102853.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102854.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102856.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102876.exe Win32/VB.AZO trojan 0CF3EB2CB9A645EA01C31B505C8689DF
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102879.exe a variant of Win32/TrojanDownloader.VB.AW trojan 4597AD47A6CA994C2BCCC00AEC9F712C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102900.exe Win32/VB.AZO trojan 0CF3EB2CB9A645EA01C31B505C8689DF
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102909.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102912.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102913.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102914.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102915.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102916.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102917.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102918.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102919.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102921.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102923.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102925.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102942.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102944.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102945.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102946.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102947.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102948.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102949.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102950.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102951.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102952.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102954.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102955.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102958.exe a variant of Win32/Adware.SpySheriff application 12135978AA747B4523068006F17B47E9
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102959.exe Win32/TrojanDownloader.Agent.BLS trojan 19A7FE4DD69B783B2A191B206783D330
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102960.exe Win32/TrojanDownloader.Agent.BLS trojan 19A7FE4DD69B783B2A191B206783D330
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102964.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102965.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102966.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102967.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102968.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102969.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102970.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102971.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102972.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102973.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102974.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102975.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102976.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102977.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102978.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102979.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102980.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102981.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102982.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102983.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102984.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102985.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102986.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102987.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102988.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102989.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102990.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102991.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102992.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102993.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102994.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102995.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102996.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102997.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102998.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102999.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0103077.dll Win32/Adware.Virtumonde.FP application 1D435C193A94E23A810FEFCCE88D7EB0
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP923\A0103186.exe Win32/VB.AZO trojan 0CF3EB2CB9A645EA01C31B505C8689DF
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP925\A0103249.exe a variant of Win32/TrojanDownloader.PurityScan trojan 1290ACC55FC46B2359FEBB67C2253535
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP925\A0103251.exe Win32/TrojanDownloader.Agent.BLS trojan 7CBBF576F8F2B231ECDD958A73B70191
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103255.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103258.exe Win32/Adware.CommAd application 3E2C234DDE711C6754F2DF994FB3CC94
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103265.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103266.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103267.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103269.exe probably a variant of Win32/TrojanClicker.Agent.NBS trojan 8C32112ADCE311E1398BCB4D52D5A81E
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103270.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103275.exe probably a variant of Win32/TrojanClicker.Agent.NBS trojan 671544643A2636DEC766E5FF71E2F15A
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103277.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103282.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103283.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103284.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103286.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103287.exe probably a variant of Win32/TrojanClicker.Agent.NBS trojan 8C32112ADCE311E1398BCB4D52D5A81E
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103288.exe a variant of Win32/TrojanDownloader.Alphabet.P trojan 77163A382443A7FCD684131AB7992183
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103291.exe a variant of Win32/TrojanDownloader.PurityScan trojan 1290ACC55FC46B2359FEBB67C2253535
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103298.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103303.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103304.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103305.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103307.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103308.exe probably a variant of Win32/TrojanClicker.Agent.NBS trojan 8C32112ADCE311E1398BCB4D52D5A81E
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103309.exe a variant of Win32/TrojanDownloader.Alphabet.P trojan 77163A382443A7FCD684131AB7992183
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP926\A0103314.exe a variant of Win32/TrojanDownloader.PurityScan trojan 1290ACC55FC46B2359FEBB67C2253535
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103327.exe a variant of Win32/TrojanDownloader.PurityScan trojan FF8FB4B45F333F2C982CF0704904857D
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103331.exe Win32/TrojanDownloader.Agent.BLS trojan 7CBBF576F8F2B231ECDD958A73B70191
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103334.dll probably a variant of Win32/Adware.PurityScan application 396955766B2E512BC3545A24BC485DBE
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103335.dll Win32/Adware.ZQuest application 39D8FEB675241490403CBD33A7C14159
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103339.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103340.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103341.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103342.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103343.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103344.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103345.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103346.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103350.exe probably a variant of Win32/Adware.PurityScan application 1A351793FCDC288B0A144590D32EA3E0
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103357.exe a variant of Win32/TrojanDownloader.PurityScan trojan 1290ACC55FC46B2359FEBB67C2253535
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103360.dll Win32/Adware.CommAd application 0F8DEB5A57D8310B2D7EF90B84480F13
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103362.exe Win32/TrojanDownloader.FakeAlert.G trojan 25CB6B9AF7EC07A112A4968E062266CE
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103363.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103366.exe probably a variant of Win32/TrojanClicker.Agent.NBS trojan 671544643A2636DEC766E5FF71E2F15A
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103368.exe Win32/Adware.ZQuest application 233D7CF279872D8BBAEB1D31C3D365B4
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103370.exe Win32/TrojanDownloader.Alphabet.NAF trojan C1EF7043F5C4BF1C2B13E056D7B2360F
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP927\A0103371.exe a variant of Win32/TrojanDownloader.Alphabet.P trojan 77163A382443A7FCD684131AB7992183
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP928\A0103475.exe a variant of Win32/TrojanDownloader.VB.AW trojan FC039BBA134C9362CFC0E8F45D623F51
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP928\A0103476.exe Win32/TrojanDownloader.Agent.BLS trojan 7CBBF576F8F2B231ECDD958A73B70191
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP928\A0103479.exe Win32/TrojanDownloader.Agent.BLS trojan 7CBBF576F8F2B231ECDD958A73B70191
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP929\A0103483.exe probably a variant of Win32/TrojanDownloader.Agent trojan A2D0C49BDEC689D6C7323C4BE177EFD6
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0103502.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0103503.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0103504.exe Win32/TrojanDownloader.TSUpdate.N trojan 17BC9AA337C706EBE515DF7ECFCAE6E2
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0103506.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0103507.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0103508.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0103515.exe Win32/TrojanDownloader.Agent.BLS trojan 7CBBF576F8F2B231ECDD958A73B70191
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0103517.exe a variant of Win32/TrojanDownloader.Agent.BLS trojan E89DAF49830E854F412AC2EE652E4782
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103526.exe a variant of Win32/TrojanDownloader.PurityScan trojan 1290ACC55FC46B2359FEBB67C2253535
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103528.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103529.exe a variant of Win32/TrojanDownloader.PurityScan trojan FF8FB4B45F333F2C982CF0704904857D
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103533.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103536.exe Win32/TrojanDownloader.Small.BUY trojan 803A24C624D1E905BE656E23215C7111
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103536.exe »NSIS »MTE3MTk6ODoxNg.exe Win32/TrojanDownloader.Small.BUY trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103537.exe probably a variant of Win32/TrojanDownloader.Agent trojan 6DC2EAC978EF756690822FB1D2F86E9C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103538.exe probably a variant of Win32/TrojanDownloader.Agent trojan 31F339BA0EFC42C31C6F297682295A43
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103539.exe Win32/Adware.Ezula application 82163A9C30EBC56D8DD2B7DE9DCA959E
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103540.dll probably a variant of Win32/Adware.PurityScan application 396955766B2E512BC3545A24BC485DBE
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103541.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103543.dll Win32/Adware.Virtumonde application A3E6BC2D879B183B7892E02D1526932F
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103546.exe Win32/Adware.CommAd application 3E2C234DDE711C6754F2DF994FB3CC94
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103548.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103549.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103550.exe probably a variant of Win32/Adware.PurityScan application 1A351793FCDC288B0A144590D32EA3E0
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103558.exe a variant of Win32/TrojanDownloader.TSUpdate.L trojan 4EE62A126582A183BE42269722920C81
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103559.exe a variant of Win32/TrojanDownloader.TSUpdate.L trojan 9B6AF14D4773A8526228980F838B4193
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103561.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103563.exe probably a variant of Win32/TrojanDownloader.Agent trojan 12401C4989663BBA0FD9FE463A21793E
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP931\A0103565.dll Win32/Adware.CommAd application 0F8DEB5A57D8310B2D7EF90B84480F13
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP932\A0103632.exe a variant of Win32/TrojanDownloader.VB.AW trojan FC039BBA134C9362CFC0E8F45D623F51
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP932\A0103634.exe Win32/TrojanDownloader.Small.BUY trojan E391EC0DFDD558A2E85F7141B41E5176
C:\WINDOWS\mrofinu572.exe.tmp Win32/TrojanDownloader.Agent.BLS trojan 7CBBF576F8F2B231ECDD958A73B70191







ComboFix 08-01-08.4 - jamie 2008-01-10 9:19:23.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.301 [GMT -5:00]
Running from: C:\Documents and Settings\jamie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jamie\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfaxx.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\kernel
C:\Program Files\kernel\kernel.exe
C:\Temp
C:\Temp\cEeer12\skAt.log
C:\temp\tn3
C:\WINDOWS\SYSTEM32\ardCo01
C:\WINDOWS\SYSTEM32\ardCo01\ardCo011065.exe
C:\WINDOWS\SYSTEM32\cache3
C:\WINDOWS\SYSTEM32\cache3\vumpedll23.exe
C:\WINDOWS\SYSTEM32\comp2
C:\WINDOWS\SYSTEM32\comp2\aroblcidr31z.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfaxx.sys
C:\WINDOWS\SYSTEM32\drivez4
C:\WINDOWS\SYSTEM32\usmvt3
C:\WINDOWS\SYSTEM32\usmvt3\gyreo83122.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NTMTLFAXX
-------\ntmtlfaxx


((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-08 13:59 . 2008-01-09 16:14 39,936 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-08 10:02 . 2008-01-08 10:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 11:41 . 2008-01-04 11:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-04 11:41 . 2008-01-04 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-31 08:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-28 11:45 . 2007-12-28 11:45 <DIR> d-------- C:\Deckard
2007-12-28 10:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-28 10:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bwivqljpuvbd.sys
2007-12-28 10:06 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-27 16:35 . 2007-12-27 16:50 3,280 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-27 16:27 . 2007-12-27 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01 . 2007-12-28 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 11:26 . 2007-12-27 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-10 12:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 18:04 --------- d-----w C:\Program Files\Google
2008-01-04 16:30 --------- d-----w C:\Program Files\Windows Defender
2008-01-04 16:30 --------- d-----w C:\Program Files\iTunes
2008-01-04 16:30 --------- d-----w C:\Program Files\hp LaserJet 1000
2007-12-31 13:59 --------- d-----w C:\Program Files\QuickTime
2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 20:32 --------- d-----w C:\Program Files\RegistryFix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-03-25 00:38 147,456 ----a-w C:\Documents and Settings\jamie\mbpopup.dll
2006-03-24 21:12 49 ----a-w C:\Documents and Settings\jamie\MktPatchT.bat
2006-03-24 21:12 36,864 ----a-w C:\Documents and Settings\jamie\VersAct.dll
2006-03-24 20:30 2,391 ----a-w C:\Documents and Settings\jamie\qbbackup.sys
2006-03-24 20:25 823,296 ----a-w C:\Documents and Settings\jamie\EfpOfxGen.DLL
2006-03-24 20:25 299,008 ----a-w C:\Documents and Settings\jamie\EfpOfxDao.DLL
2006-03-24 19:59 10,108 ----a-w C:\Documents and Settings\jamie\reboot.bat
2003-10-25 21:20 795,568 ----a-w C:\Documents and Settings\jamie\ecredit.dll
2003-10-25 21:20 316,336 ----a-w C:\Documents and Settings\jamie\qbprefs.dll
2003-10-25 21:20 2,700,208 ----a-w C:\Documents and Settings\jamie\qbw32.exe
2003-10-25 21:20 160,696 ----a-w C:\Documents and Settings\jamie\NAAuthTool.dll
2003-10-25 09:04 974,848 ----a-w C:\Documents and Settings\jamie\QBSetupUtil.dll
2003-10-25 09:04 917,504 ----a-w C:\Documents and Settings\jamie\Prefs.dll
2003-10-25 09:04 905,216 ----a-w C:\Documents and Settings\jamie\qbform32.DLL
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\StatusRequestHandler.dll
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\ShoeBox.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxmlrp.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxladin.dll
2003-10-25 09:04 774,144 ----a-w C:\Documents and Settings\jamie\Qbconv32.dll
2003-10-25 09:04 729,088 ----a-w C:\Documents and Settings\jamie\AppCore.dll
2003-10-25 09:04 720,896 ----a-w C:\Documents and Settings\jamie\txncore.dll
2003-10-25 09:04 7,680 ----a-w C:\Documents and Settings\jamie\qbmfct32.dll
2003-10-25 09:04 69,685 ----a-w C:\Documents and Settings\jamie\QBConnectorBridge.dll
2003-10-25 09:04 684,032 ----a-w C:\Documents and Settings\jamie\Qbstyl32.dll
2003-10-25 09:04 581,632 ----a-w C:\Documents and Settings\jamie\skucore.dll
2003-10-25 09:04 540,672 ----a-w C:\Documents and Settings\jamie\qbbrow32.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\TaxAlertsECL.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\featuremgr.dll
2003-10-25 09:04 520,192 ----a-w C:\Documents and Settings\jamie\QBSDKNotify.dll
2003-10-25 09:04 495,616 ----a-w C:\Documents and Settings\jamie\tracking.dll
2003-10-25 09:04 49,152 ----a-w C:\Documents and Settings\jamie\PM.DLL
2003-10-25 09:04 413,696 ----a-w C:\Documents and Settings\jamie\qbmsintg.dll
2003-10-25 09:04 4,886,528 ----a-w C:\Documents and Settings\jamie\payres.dll
2003-10-25 09:04 4,386,816 ----a-w C:\Documents and Settings\jamie\qbwfls32.dll
2003-10-25 09:04 385,024 ----a-w C:\Documents and Settings\jamie\Qbwpr32.dll
2003-10-25 09:04 36,864 ----a-w C:\Documents and Settings\jamie\excelpayrolldatasource.dll
2003-10-25 09:04 356,352 ----a-w C:\Documents and Settings\jamie\payutil.dll
2003-10-25 09:04 352,256 ----a-w C:\Documents and Settings\jamie\sdkutil.dll
2003-10-25 09:04 331,776 ----a-w C:\Documents and Settings\jamie\ADR.DLL
2003-10-25 09:04 327,680 ----a-w C:\Documents and Settings\jamie\qbinstal.dll
2003-10-25 09:04 323,584 ----a-w C:\Documents and Settings\jamie\Qbqwut32.dll
2003-10-25 09:04 315,392 ----a-w C:\Documents and Settings\jamie\SendError.dll
2003-10-25 09:04 307,200 ----a-w C:\Documents and Settings\jamie\tiupload.dll
2003-10-25 09:04 3,584,000 ----a-w C:\Documents and Settings\jamie\Qbwin32.dll
2003-10-25 09:04 3,473,408 ----a-w C:\Documents and Settings\jamie\sdkdatabind.dll
2003-10-25 09:04 3,420,160 ----a-w C:\Documents and Settings\jamie\Qbwrpt32.dll
2003-10-25 09:04 3,211,264 ----a-w C:\Documents and Settings\jamie\sdkqbimpl.dll
2003-10-25 09:04 294,912 ----a-w C:\Documents and Settings\jamie\qbot.dll
2003-10-25 09:04 28,718 ----a-w C:\Documents and Settings\jamie\QBCMIAddin.dll
2003-10-25 09:04 278,528 ----a-w C:\Documents and Settings\jamie\ElCore.dll
2003-10-25 09:04 270,336 ----a-w C:\Documents and Settings\jamie\SendForms.dll
2003-10-25 09:04 25,088 ----a-w C:\Documents and Settings\jamie\sdkevent.dll
2003-10-25 09:04 225,280 ----a-w C:\Documents and Settings\jamie\payxsgen.dll
2003-10-25 09:04 204,849 ----a-w C:\Documents and Settings\jamie\QBSetupWizard.dll
2003-10-25 09:04 204,800 ----a-w C:\Documents and Settings\jamie\MsgDBAddin.dll
2003-10-25 09:04 2,306,048 ----a-w C:\Documents and Settings\jamie\Features.dll
2003-10-25 09:04 2,215,936 ----a-w C:\Documents and Settings\jamie\Qbonli32.dll
2003-10-25 09:04 2,031,616 ----a-w C:\Documents and Settings\jamie\qboesd32.dll
2003-10-25 09:04 172,032 ----a-w C:\Documents and Settings\jamie\Utilities.dll
2003-10-25 09:04 172,032 ----a-w C:\Documents and Settings\jamie\Qba32.dll
2003-10-25 09:04 155,648 ----a-w C:\Documents and Settings\jamie\NetworkAdapterManager.dll
2003-10-25 09:04 143,360 ----a-w C:\Documents and Settings\jamie\RcvPmtRequestHandler.dll
2003-10-25 09:04 14,848 ----a-w C:\Documents and Settings\jamie\ESHELL.DLL
2003-10-25 09:04 139,264 ----a-w C:\Documents and Settings\jamie\QBSyncUI.dll
2003-10-25 09:04 135,168 ----a-w C:\Documents and Settings\jamie\qbci32.dll
2003-10-25 09:04 135,168 ----a-w C:\Documents and Settings\jamie\QBAttr32.dll
2003-10-25 09:04 122,880 ----a-w C:\Documents and Settings\jamie\sdkcore.dll
2003-10-25 09:04 114,688 ----a-w C:\Documents and Settings\jamie\Qbinbox.dll
2003-10-25 09:04 11,776 ----a-w C:\Documents and Settings\jamie\UM.DLL
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\QBSyncBridge.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\qbitools.DLL
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\PRLoader.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\merchantcard.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\icwrapper.dll
2003-10-25 09:04 1,724,416 ----a-w C:\Documents and Settings\jamie\TxnForm.dll
2003-10-25 09:04 1,687,552 ----a-w C:\Documents and Settings\jamie\Qbintr32.dll
2003-10-25 09:04 1,605,632 ----a-w C:\Documents and Settings\jamie\payserv.dll
2003-10-25 09:04 1,445,888 ----a-w C:\Documents and Settings\jamie\tej32.dll
2003-10-25 09:04 1,417,216 ----a-w C:\Documents and Settings\jamie\qbchao32.dll
2003-10-25 09:04 1,335,296 ----a-w C:\Documents and Settings\jamie\qblist32.DLL
2003-10-25 09:04 1,277,952 ----a-w C:\Documents and Settings\jamie\paycore.dll
2003-10-25 09:04 1,273,856 ----a-w C:\Documents and Settings\jamie\qbtool32.DLL
2003-10-25 09:04 1,224,704 ----a-w C:\Documents and Settings\jamie\qbtxn32.dll
2003-10-25 09:04 1,093,632 ----a-w C:\Documents and Settings\jamie\ui.dll
2003-10-25 09:03 544,768 ----a-w C:\Documents and Settings\jamie\ACE.DLL
2003-10-25 09:03 27,136 ----a-w C:\Documents and Settings\jamie\ACM.DLL
2003-10-25 09:03 1,114,112 ----a-w C:\Documents and Settings\jamie\ABMAPI.DLL
2003-10-25 08:35 483,328 ----a-w C:\Documents and Settings\jamie\Techhelp.exe
2003-10-25 07:49 73,728 ----a-w C:\Documents and Settings\jamie\regqb.exe
2003-10-25 07:33 86,016 ----a-w C:\Documents and Settings\jamie\autobackupexe.exe
2003-10-09 17:38 12,221 ------w C:\Documents and Settings\jamie\regqb.dat
2003-08-06 17:04 139,264 ----a-w C:\Documents and Settings\jamie\qbwpsrun.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Kzjz"="C:\Program Files\Common Files\?ymantec\w?aclt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ]
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]


.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 11:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 09:25:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 9:30:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 14:30:04
ComboFix2.txt 2008-01-09 2237
ComboFix3.txt 2008-01-08 15:01:16
ComboFix4.txt 2008-01-04 16:34:29
ComboFix5.txt 2007-12-31 14:11:09
.
2008-01-09 08:03:38 --- E O F ---
weyoder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in Technorati