Aurora, Nail, CWS, and more!

Demented Mouse · 10-11-2005, 07:46 AM

Hello hello. My friend's computer is not doing so well, I've done what I could and I also posted this problem on a completely different forum but they're taking too long to get back to me and also a second opinion is good anyway. Here's my HijackThis log and also they told me to download a program called Ewido and post a log so that's included, skip over it if you don't care, you're the experts. A few trojans that I think I've taken care of but I was also a victim of Aurora and Nail.exe and also there's a lot of coolwebsearch. Also included at the end of this thread is the HijackThis Analyzer results. If this is too much I apologize.

Thank you very much for your help.

Here goes:

Quote:

Originally Posted by Demented Mouse

I followed all of the instructions in the "Victims of aurora and nail" thread and I'm here to make sure nothing else is terribly wrong with this computer. Here's my current HijackThis log and Ewido log, as instructed. There seems to be a problem with Ewido, however, when I try to get rid of the files after about 4 or 5 Ewido crashes. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 9:53:57 PM, on 10/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Spooler Subsystem] spoolsub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:51:49 PM, 10/10/2005
+ Report-Checksum: 9F8AA3A9

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{12FA3D1E-6BB1-A968-D251-242CE33A798A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\CLSID\{65D75D06-7395-6352-09CD-E13B9059EFE9} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F2255AF4-092C-0BF6-52CF-8484B194FCC4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FC5F30D8-4A16-B1C4-CFF8-EE955DFA16A2} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Ignored
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Ignored
C:\Program Files\Thief - Deadly Shadows\System\t3.exe -> TrojanSpy.Comcast.a : Ignored
C:\RECYCLER\NPROTECT\00102007.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00102008.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00102087.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00102089.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00102819.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00104072.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\desktop.ini:xwvpp -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Ignored
C:\WINDOWS\dvfxgy.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\Greenstone.bmp:cxzxmn -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\ODBC.INI:nrboxx -> Trojan.Agent.bi : Ignored
C:\WINDOWS\Rhododendron.bmp:cflzez -> Trojan.Agent.bi : Ignored
C:\WINDOWS\setupapi.old:yysyp -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\system32:gyaa.dll -> TrojanDownloader.Small.azk : Ignored
C:\WINDOWS\system32\ajzsiic.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\system32\bddyrm.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\system32\elfvkvb.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\system32\ezPopStub.exe -> Adware.EZula : Ignored
C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Ignored
C:\WINDOWS\system32\in10tvmk37s.dll -> TrojanDropper.Small.abd : Ignored
C:\WINDOWS\system32\megaV2wbr.dll -> TrojanDropper.Small.xm : Ignored
C:\WINDOWS\system32\oleext.dll -> Trojan.Small.ev : Ignored
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Ignored
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Ignored
C:\WINDOWS\UPGRADE.TXT:apgco -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\vb.ini:cwehl -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\x74ca5e40.tmp:rcckgg -> Trojan.Agent.bi : Ignored
C:\WINDOWS\_default(2).pif:itkmn -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\_default(2).pif:jzelpl -> Spyware.SearchPage : Ignored
C:\WINDOWS\_default(2).pif:kcnpiq -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\_default(2).pif:oqchur -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\_default.pif:dwxyis -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\_default.pif:fqplk -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\_default.pif:gxhtni -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\_default.pif:ijdevu -> Trojan.Agent.bi : Ignored
C:\WINDOWS\_default.pif:itkmn -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\_default.pif:iwwdke -> Trojan.Agent.bi : Ignored
C:\WINDOWS\_default.pif:jzelpl -> Spyware.SearchPage : Ignored
C:\WINDOWS\_default.pif:kcnpiq -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\_default.pif:nxpntg -> Trojan.Agent.bi : Ignored
C:\WINDOWS\_default.pif:oqchur -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\_default.pif:qzudnx -> TrojanDownloader.Agent.bc : Ignored
C:\WINDOWS\_default.pif:uuhar -> TrojanDownloader.Agent.bq : Ignored
C:\WINDOWS\_default.pif:wagkt -> TrojanDownloader.Agent.bc : Ignored

::Report End

KRC HijackThis log Analyzer

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:53:57 PM, on 10/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\HJT\HijackThis1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Spooler Subsystem] spoolsub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

End of KRC HijackThis Analyzer Log.
====================================================================

**POADB** · 10-11-2005, 12:08 PM

Hi and Welcome to TSF!

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

Before you begin, take a read through the instructions and download the programs that I've advised. Save the below instructions in notepad or wordpad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers on.

Please allow yourself a few spare hours. Below are instructions for a virus scan that can take longer then 2 hours. If you want, you may leave Ewido running while you go about your business. It's not essential that you sit and monitor it's progress.

If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

It is also important you don't miss a step and perform everything in the right order!!. .

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

Download Ewido Security Suite - Install & Update it's database but do not run it yet.

Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet!

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it.
Next go to http://www.lavasoftusa.com/software/...2cleaner.shtml to download the plug-in for fixing VX2 variants.

Unplug your computer from the Internet when you have finished downloading

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Ad-Aware and update to the latest definitions.

Click on Add-ons in the lefthand column.
Select VX2 Cleaner V2.0 and click Run Tool.
Click "OK"
If something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time,

Click on the Start button in Ad-Aware
Select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again.
Select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK" . Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO SAFE MODE

Restart the computer. The computer begins processing a set of instructions known as BIOS.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
Continue to do so until the 'Windows Advanced Options' menu appears.
Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Enable the viewing of Hidden files

From Windows Explorer, go to Tools>Folder Options>View tab.
Enable the option for `Show hidden files and folder´
Disable the option for `Hide file extensions for known types´
Disable the option for `Hide protected operating system files´
Click Yes to confirm & then click OK

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

** Please disable all other antivirus programs before proceeding.**

Run Ewido:

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files
With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK
Once finished, click the Save report button
Save the report to your desktop

Close Ewido
* Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

In your next post, please include fresh logs from:

HiJackThis
Ewido Log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Demented Mouse · 10-11-2005, 06:32 PM

Alright, here goes:

Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:14:17 PM, 10/11/2005
+ Report-Checksum: 7B061DD1

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{12FA3D1E-6BB1-A968-D251-242CE33A798A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{65D75D06-7395-6352-09CD-E13B9059EFE9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2255AF4-092C-0BF6-52CF-8484B194FCC4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC5F30D8-4A16-B1C4-CFF8-EE955DFA16A2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Thief - Deadly Shadows\System\t3.exe -> TrojanSpy.Comcast.a : Cleaned with backup
C:\RECYCLER\NPROTECT\00102007.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00102008.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00102087.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00102089.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00102819.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00104072.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\desktop.ini:xwvpp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\dvfxgy.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:cxzxmn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:nrboxx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Rhododendron.bmp:cflzez -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\setupapi.old:yysyp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32:gyaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\system32\ajzsiic.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\bddyrm.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\elfvkvb.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\ezPopStub.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\system32\in10tvmk37s.dll -> TrojanDropper.Small.abd : Cleaned with backup
C:\WINDOWS\system32\megaV2wbr.dll -> TrojanDropper.Small.xm : Cleaned with backup
C:\WINDOWS\system32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
C:\WINDOWS\UPGRADE.TXT:apgco -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\vb.ini:cwehl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default(2).pif:itkmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:jzelpl -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default(2).pif:kcnpiq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default(2).pif:oqchur -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dwxyis -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:fqplk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gxhtni -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ijdevu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:itkmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:iwwdke -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:jzelpl -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default.pif:kcnpiq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:nxpntg -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:oqchur -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:qzudnx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:uuhar -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:wagkt -> TrojanDownloader.Agent.bc : Cleaned with backup

::Report End

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 8:30:36 PM, on 10/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Common Files\AOL\1124310089\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124310089\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\zliia.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

res://C:\WINDOWS\zliia.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec

AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Spooler Subsystem] spoolsub.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar

2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm103YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

KRC Hijackthis Analyzer:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:30:36 PM, on 10/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\AOL\1124310089\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124310089\ee\AOLServiceHost.exe
C:\HJT\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zliia.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zliia.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Spooler Subsystem] spoolsub.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm103YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

End of KRC HijackThis Analyzer Log.
====================================================================

**POADB** · 10-12-2005, 01:08 AM

Welcome back - Can you confirm you downloaded, updated and ran Adaware SE with VX2 plugin.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

Download About Buster - Unzip to a new folder
Update About Buster & exit the program once that is completed.

Unplug your computer from the Internet when you have finished downloading

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO SAFE MODE

Restart the computer. The computer begins processing a set of instructions known as BIOS.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
Continue to do so until the 'Windows Advanced Options' menu appears.
Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Enable the viewing of Hidden files

From Windows Explorer, go to Tools>Folder Options>View tab.
Enable the option for `Show hidden files and folder´
Disable the option for `Hide file extensions for known types´
Disable the option for `Hide protected operating system files´
Click Yes to confirm & then click OK

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run About Buster and click - Begin Removal.
Locate 'Ab LogFile.txt' (... in the same folder as AboutBuster) and post it in your next reply.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Uninstall the following programs, if present, using Control Panel > Add/Remove Programs :

MyWebSearch

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zliia.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zliia.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [Spooler Subsystem] spoolsub.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZRxdm103YYUS

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Locate and delete the following file(s), if present:

C:\WINDOWS\zliia.dll

Search for & delete ... using Start> Search... the following file(s), if present:

spoolsub.exe

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

Do an online scan at one of the following sites:

Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:

HiJackThis
Online scan
Ab LogFile.txt

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Demented Mouse · 10-12-2005, 05:12 PM

I did update and run AdAware and I used the VX2 plugin but when I did the smart scan it did not prompt me to run on startup. I dug through the configuration and could not find an option to run on startup either.

Another issue: I downloaded About Buster but when I tried to update it gave me this error message:

Run-time error '5':

Invalid procedure call or argument

and after I got this whenever I tried to start the program I received the same error. I ended up extracting the file again and running it without updating, those results are included. I think I used

Also, MyWebSearch did not exist nor did SpoolSub in case you needed to know.

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:54:51 PM, on 10/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\HJT\HijackThis1991.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

AB LogFile

AboutBuster 5.0 reference file 28
Scan started on [10/12/2005] at [4:00:44 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:01:14 PM

And here's a panda log:

Code:

Incident                      Status                        Location

Spyware:Spyware/BetterInet    No disinfected                C:\Program Files\Common Files\SearchUpgrader\client.cfg
Spyware:Spyware/BetterInet    No disinfected                C:\Program Files\Common Files\SearchUpgrader\system.cfg
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\atlly32.exe
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\ipun.exe
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\mfcnm32.exe
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\netop.exe
Adware:adware/navipromo       No disinfected                C:\WINDOWS\sdkuw32.exe
Virus:Trj/Zapchast.D          Disinfected                   C:\WINDOWS\system32\c.bat
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\system32\d3sf32.exe
Adware:Adware/InstaFinder     No disinfected                C:\WINDOWS\system32\InstaFinder_inst245.exe
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\system32\netlj32.exe
Adware:Adware/Weirdontheweb   No disinfected                C:\WINDOWS\weirdontheweb_topc.exe
Adware:adware/ezula           No disinfected                C:\WINDOWS\woinstall.exe

And here are some things I found in Symantec's quarantine and backup sections:

Bloodhound.Morphine
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017395.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018491.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023634.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018422.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008875.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006452.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018455.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012297.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025307.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018458.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012314.exe
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017427.exe
C:\gwskqfl.exe

Trojan.Desktophijack.B
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006097.EXE
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP11\A0003781.exe

Download.Fujif
C:\ms32.tmp

Thanks again for all your help

**POADB** · 10-13-2005, 02:00 AM

Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say no:

C:\ms32.tmp
C:\Program Files\Common Files\SearchUpgrader\client.cfg
C:\Program Files\Common Files\SearchUpgrader\system.cfg
C:\WINDOWS\atlly32.exe
C:\WINDOWS\ipun.exe
C:\WINDOWS\mfcnm32.exe
C:\WINDOWS\netop.exe
C:\WINDOWS\sdkuw32.exe
C:\WINDOWS\system32\d3sf32.exe
C:\WINDOWS\system32\InstaFinder_inst245.exe
C:\WINDOWS\system32\netlj32.exe
C:\WINDOWS\weirdontheweb_topc.exe
C:\WINDOWS\woinstall.exe

Reboot your computer - and then confirm the above files do not exist.

Report back with how things are in your next post with a new HJT log and a Panda log if you wish.

Demented Mouse · 10-13-2005, 01:48 PM

Everything from that list has been deleted, the computer seems to be running a lot faster now and it starts up a lot faster as well.

here's the new Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:44:25 PM, on 10/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1124310089\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124310089\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\zliia.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

res://C:\WINDOWS\zliia.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec

AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar

2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm103YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Demented Mouse · 10-13-2005, 02:25 PM

but wait! Upon running another virus scan, this time at Kaspersky, I've found 18 infected files so far. Results pending.

Demented Mouse · 10-13-2005, 03:58 PM

One step forward 1556 steps back it seems... This is what Kaspersky found. And there is no option to clean with Kaspersky.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, October 13, 2005 17:49:53
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/10/2005
Kaspersky Anti-Virus database records: 144578
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 123890
Number of viruses found: 29
Number of infected objects: 1556
Number of suspicious objects: 0
Duration of the scan process: 6606 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-5eb3f817-295d1ea1.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-5eb3f817-295d1ea1.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-76ce0264-28543d6d.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-76ce0264-28543d6d.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-77adf3ed-6741fd09.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-77adf3ed-6741fd09.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv540.jar-18b8bd35-340940d1.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv540.jar-18b8bd35-340940d1.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv730.jar-d05b18-7fbc860e.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv730.jar-d05b18-7fbc860e.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temp\D0.tmp\thnall1a.exe Infected: Trojan.Win32.Agent.hj
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temp\Del51.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temp\Incredifind.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.n
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temp\Incredifind.exe/data0005 Infected: Trojan.Win32.Keenval.a
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temp\Incredifind.exe Infected: Trojan.Win32.Keenval.a
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temp\temp.fr0FED Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\81YBW12V\eifr[1].php Infected: Trojan-Dwonloader.JS.Small.bp
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\CLKT63WH\init[1].js Infected: Trojan-Downloader.JS.IstBar.af
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\I5R4PSJY\wbk101.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\I5R4PSJY\wbk10D.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\I5R4PSJY\wbkFB.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\I5R4PSJY\wbkFD.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\KXGH6V8L\ibar[1].js Infected: Trojan-Downloader.JS.IstBar.ad
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\KXGH6V8L\ysb_prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\NZXNR1OW\index[11].htm Infected: Trojan-Clicker.HTML.IFrame.a
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\NZXNR1OW\toons-world[1] Infected: Trojan-Clicker.HTML.IFrame.a
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\NZXNR1OW\wbk103.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\NZXNR1OW\wbk107.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\NZXNR1OW\wbk109.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\NZXNR1OW\wbk10B.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\NZXNR1OW\wbkF9.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\NZXNR1OW\wbkFF.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\SBFZIC9L\super-cartoon[1].htm Infected: Trojan-Clicker.HTML.IFrame.a
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\SBFZIC9L\toons-site[1].htm Infected: Trojan-Clicker.HTML.IFrame.a
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\SBFZIC9L\wbk105.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\SBFZIC9L\wbkF5.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Greg.HAILFIRE\Local Settings\Temporary Internet Files\Content.IE5\SBFZIC9L\wbkF7.tmp Infected: Exploit.VBS.Phel.i
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP1\A0000013.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP1\A0000034.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP1\A0000035.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP10\A0003765.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP11\A0003778.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP11\A0003780.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP12\A0003783.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP13\A0003789.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP13\A0003799.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP13\A0003800.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003804.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003804.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003804.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003808.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003812.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003820.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003820.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003820.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003822.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP14\A0003823.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP15\A0003825.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP15\A0003825.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP15\A0003825.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP15\A0003830.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003839.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003839.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003839.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003852.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003857.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003858.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003859.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003860.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003865.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003866.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003866.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003866.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003874.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003875.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP16\A0003876.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003889.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003889.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003889.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003890.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003912.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003913.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003913.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003913.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003914.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003924.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003924.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003924.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP17\A0003927.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP18\A0003936.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP18\A0003936.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP18\A0003936.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP18\A0003937.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP18\A0003943.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP19\A0003977.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP19\A0003977.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP19\A0003977.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP19\A0003978.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP19\A0003986.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP19\A0003991.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP19\A0003992.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0003998.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0003999.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004002.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004002.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004002.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004002.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004002.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004002.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004002.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004002.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004006.prx:gkfkbz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004010.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004011.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004041.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004041.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004041.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004041.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004041.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004041.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004041.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004041.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004044.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP20\A0004045.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004083.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004086.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004086.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004086.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004086.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004086.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004086.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004086.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004086.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0004090.prx:gkfkbz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP21\A0005043.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005053.prx:gkfkbz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005057.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005057.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005057.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005057.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005057.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005057.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005057.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005057.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005074.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0005075.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006042.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006042.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006042.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006042.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006042.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006042.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006042.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006042.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP22\A0006045.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006134.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006134.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006134.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006134.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006134.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006134.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006134.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006134.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006136.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006137.prx:gkfkbz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006138.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006255.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006309.prx:gkfkbz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006314.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006314.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006314.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006314.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006314.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006314.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006314.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006314.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006349.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006350.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006428.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006428.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006428.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006428.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006428.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006428.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006428.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP24\A0006428.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006436.prx:gkfkbz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006449.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006449.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006449.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006449.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006449.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006449.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006449.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006449.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006470.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006471.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006472.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006474.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0006477.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007468.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007474.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007475.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007481.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007482.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007483.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007487.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007503.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0007504.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008479.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008480.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008485.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008491.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008492.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008514.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008527.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008528.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008531.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008532.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008535.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008588.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008589.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008647.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008648.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008652.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008653.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008654.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008693.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008695.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008697.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008700.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP26\A0008705.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008713.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008714.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008715.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008735.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008736.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008737.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008739.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008879.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008880.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP28\A0008881.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP30\A0009908.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP31\A0010929.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP31\A0010930.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP31\A0011019.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP31\A0011022.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP31\A0011023.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP31\A0011030.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011047.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011048.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011057.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP32\A0011070.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011071.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011085.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP33\A0011102.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011118.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011176.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011177.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP34\A0011178.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011179.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011185.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP35\A0011186.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011209.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011216.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0011218.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012216.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012217.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012218.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012228.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012232.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012234.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012269.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012270.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP36\A0012273.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012277.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012285.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012287.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012288.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012289.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012306.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012310.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012311.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0013281.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0013282.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0014281.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015281.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015298.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0015299.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016298.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016299.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016303.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016310.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP39\A0016311.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP4\A0000247.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP4\A0000282.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP4\A0000296.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0016320.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017308.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017311.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017312.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017313.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017316.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017340.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP40\A0017364.prx:gkfkbz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017381.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP41\A0017385.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017394.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017411.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017419.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017420.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc

end of page 1...

Demented Mouse · 10-13-2005, 04:00 PM

C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018403.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018408.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018409.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0018410.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018415.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018447.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018450.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018456.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018466.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018467.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018478.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018480.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018490.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018498.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018499.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018506.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018511.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018588.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018589.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0018832.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0019511.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020513.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP47\A0020514.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020520.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020526.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020528.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020539.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020546.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020547.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP48\A0020548.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020552.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020553.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020554.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020564.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020580.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP49\A0020582.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0001296.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002296.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002460.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002461.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002462.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002463.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002464.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002470.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002471.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002477.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP5\A0002547.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0020590.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0021580.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022582.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP50\A0022583.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022589.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP51\A0022597.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0022598.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023599.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023600.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023601.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023612.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023613.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023626.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023937.exe Infected: Trojan-Dropper.Win32.Small.tc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023938.pif Infected: Trojan-Downloader.BAT.Ftp.z
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023939.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023940.dll Infected: Trojan.Win32.Delf.gh
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023941.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023942.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023943.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023944.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023956.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023964.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023967.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP53\A0023968.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024038.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024043.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP54\A0024046.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024054.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024060.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP55\A0024063.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024071.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024081.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0024087.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025088.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP56\A0025090.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP57\A0025098.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc

end of page 2

Demented Mouse · 10-13-2005, 04:00 PM

C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025100.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025106.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025113.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP58\A0025116.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025122.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025130.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025131.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP59\A0025132.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP6\A0002560.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP6\A0002561.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP60\A0025142.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025149.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025151.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025159.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025162.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP61\A0025174.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025175.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025178.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP62\A0025179.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025184.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025190.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025191.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025194.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025202.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025204.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025213.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025214.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025217.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025226.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025227.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025228.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025238.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025239.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025249.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025250.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025260.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025261.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025262.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025272.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:bkcpon:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025273.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025282.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP63\A0025283.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025287.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025296.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025297.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025299.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025303.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP64\A0025304.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:gxhtni:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:ijdevu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:nxpntg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025306.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025311.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025312.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025313.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025314.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025315.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025316.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025317.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025318.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025319.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025320.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025321.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025322.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025323.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025324.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025325.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025326.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025327.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025328.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025329.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025330.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025331.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025332.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025333.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025334.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025335.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025336.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025337.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025338.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025339.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025340.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025341.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025342.exe Infected: Trojan-Downloader.Win32.Small.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025343.exe Infected: Trojan-Downloader.Win32.Small.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025344.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025345.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025346.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025347.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025348.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025349.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025350.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025351.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025352.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025353.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025354.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025355.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025356.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025357.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025358.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025359.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025360.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025361.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025362.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025363.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025364.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025365.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025366.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025367.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025368.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025369.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:gxhtni:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:ijdevu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:nxpntg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP66\A0025370.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:gxhtni:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:ijdevu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:nxpntg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP67\A0025374.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025381.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025382.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025384.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025385.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025391.exe Infected: Trojan.Win32.Stervis.j
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025397.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025398.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025409.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025415.ini:elzvod:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025420.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025421.exe Infected: Trojan-Downloader.Win32.Intexp.d
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025422.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025428.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:gxhtni:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:ijdevu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:nxpntg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025432.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025435.ini:elzvod:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025441.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025449.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025450.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025455.ini:elzvod:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025462.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025463.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025465.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025478.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025599.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025617.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025618.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025619.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025629.exe Infected: Trojan.Win32.Stervis.j
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP68\A0025640.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025904.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025905.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025906.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025907.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025908.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025909.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025910.ini:xwvpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025913.INI:nrboxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025914.old:yysyp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025915.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025916.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025917.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025920.dll Infected: Trojan-Dropper.Win32.Small.abd
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025921.dll Infected: Trojan-Dropper.Win32.Small.xm
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025922.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025924.ini:cwehl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025925.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025925.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025925.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:dwxyis:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:fqplk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:gxhtni:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:ijdevu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:itkmn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:iwwdke:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:kcnpiq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:nxpntg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:ocpzcy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:oqchur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:qzudnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:uuhar:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP69\A0025926.pif:wagkt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP7\A0003580.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP7\A0003601.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP7\A0003613.exe Infected: Trojan.Win32.Stervis.e
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP70\A0025954.pif:ocpzcy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP70\A0025954.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP70\A0026012.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP70\A0026013.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP70\A0026014.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP70\A0026015.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP70\A0026017.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP70\A0026019.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP8\A0003664.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP8\A0003665.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP9\A0003756.exe Infected: Trojan.Win32.Agent.ay
C:\WINDOWS\explorer.scf:uelyds:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfcoh32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winrm.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\vbaddin.ini:elzvod:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Zapotec.bmp:eamgfl:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Zapotec.bmp:qikzbj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\_default.pif:ocpzcy:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:vapef:$DATA Infected: Trojan-Downloader.Win32.Agent.bc

Scan process completed.

Demented Mouse · 10-13-2005, 10:24 PM

Augh... I wish there was a way to delete or edit posts... Well terrible things started happening and I was forced to re-install (not reformat) Windows XP. My firewall's up and running and once I got everything settled I ran another Kaspersky scan. The results are pending. I'll reply tomorrow with another Kaspersky log (hopefully shorter and better organized...) and another Hijackthis log.

**POADB** · 10-14-2005, 01:09 AM

Download Ewido Security Suite - Install & Update it's database but do not run it yet.

Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet!

========================================================================

Clear Java Cache

Click Start >Settings>Control Panel
Click the Java Plugin Icon
Click the Cache tab
Click the Clear button and click OK to confirm

Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel

Follow the instructions outlined here to clear Sun Java's cache.

========================================================================

You re-installed XP?? What kinda things started happening?

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

This will flush out the viruses living in your System Restore Points.

========================================================================

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

========================================================================

REBOOT TO SAFE MODE

Restart the computer. The computer begins processing a set of instructions known as BIOS.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
Continue to do so until the 'Windows Advanced Options' menu appears.
Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

========================================================================

** Please disable all other antivirus programs before proceeding.**

Run Ewido:

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files
With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK
Once finished, click the Save report button
Save the report to your desktop

Close Ewido
* Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

========================================================================

Reboot to Normal Mode and supply me with the results from Ewido.

Demented Mouse · 10-14-2005, 01:31 PM

I had to reinstall windows because I couldn't get on the internet no matter what I did. AIM wouldn't work, neither would IE. ZoneAlarm was still blinking though so I think I still had a connection but I couldn't get to it. ALso I had difficulty clearing the Java cache because the icon wasn't in Control Panel. I reinstalled Java and it was there, I cleared the cache then. I don't know if that would work. ANyway, here's the Ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:16:25 PM, 10/14/2005
+ Report-Checksum: A1240CB5

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-789336058-602609370-682003330-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning

::Report End

and for good measure, here's Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 3:27:33 PM, on 10/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\HJT\HijackThis1991.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I'm going to run Kaspersky again as well. Thanks again.

MicroBell · 10-15-2005, 07:57 PM

If you reinstalled windows...you should be free of any malware. Let us know if this issue is resolved. I would also like you to following the suggestions below to keep your PC free of this stuff.

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
Tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.

Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Please respond to this thread one more time so we can mark this thread as resolved.

Demented Mouse · 10-16-2005, 11:57 AM

yeah actually everything's going a lot better now. Windows starts up a lot faster now and I'm not seeing anything suspicious in the startup list or my running processes. If I see anything else pop up I'll be sure to come back. Thanks alot for all your help.

10-11-2005, 12:08 PM	#2 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	Hi and Welcome to TSF! Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread". Before you begin, take a read through the instructions and download the programs that I've advised. Save the below instructions in notepad or wordpad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers on. Please allow yourself a few spare hours. Below are instructions for a virus scan that can take longer then 2 hours. If you want, you may leave Ewido running while you go about your business. It's not essential that you sit and monitor it's progress. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below. It is also important you don't miss a step and perform everything in the right order!!. . = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Please download these additional files/programs. Do not run them unless instructed to do so. Unless otherwise stated, they should be stored in same directory as the HiJackThis program. Download Ewido Security Suite - Install & Update it's database but do not run it yet. Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet! Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Next go to http://www.lavasoftusa.com/software/...2cleaner.shtml to download the plug-in for fixing VX2 variants. Unplug your computer from the Internet when you have finished downloading = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run Ad-Aware and update to the latest definitions. Click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" If something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware. Reboot your PC and run Ad-Aware again. This time, Click on the Start button in Ad-Aware Select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal. You will be prompted to set Ad-Aware to run on reboot, click "OK" . Exit Ad-Aware and restart your PC once again. When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck* this option) Cleanup! All Users Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!! = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = REBOOT TO SAFE MODE Restart the computer. The computer begins processing a set of instructions known as BIOS. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the 'Windows Advanced Options' menu appears. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options>View tab. Enable the option for `Show hidden files and folder´ Disable the option for `Hide file extensions for known types´ Disable the option for `Hide protected operating system files´ Click Yes to confirm & then click OK = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Please disable all other antivirus programs before proceeding. Run Ewido: Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK Once finished, click the Save report button Save the report to your desktop Close Ewido * Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = REBOOT TO NORMAL MODE In your next post, please include fresh logs from: HiJackThis Ewido Log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________

10-12-2005, 01:08 AM	#4 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	Welcome back - Can you confirm you downloaded, updated and ran Adaware SE with VX2 plugin. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Please download these additional files/programs. Do not run them unless instructed to do so. Unless otherwise stated, they should be stored in same directory as the HiJackThis program. Download About Buster - Unzip to a new folder Update About Buster & exit the program once that is completed. Unplug your computer from the Internet when you have finished downloading = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = REBOOT TO SAFE MODE Restart the computer. The computer begins processing a set of instructions known as BIOS. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the 'Windows Advanced Options' menu appears. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options>View tab. Enable the option for `Show hidden files and folder´ Disable the option for `Hide file extensions for known types´ Disable the option for `Hide protected operating system files´ Click Yes to confirm & then click OK = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run About Buster and click - Begin Removal. Locate 'Ab LogFile.txt' (... in the same folder as AboutBuster) and post it in your next reply. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Uninstall the following programs, if present, using Control Panel > Add/Remove Programs : MyWebSearch = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run a scan with HiJackThis & select(tick) the following & click [Fix checked] : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zliia.dll/sp.html#14044 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zliia.dll/sp.html#14044 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R3 - Default URLSearchHook is missing O4 - HKLM\..\RunServices: [Spooler Subsystem] spoolsub.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZRxdm103YYUS = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Locate and delete the following file(s), if present: C:\WINDOWS\zliia.dll Search for & delete ... using Start> Search... the following file(s), if present: spoolsub.exe = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = REBOOT TO NORMAL MODE Do an online scan at one of the following sites: Panda ActiveScan Kaspersky Anti-Virus Web Scanner BitDefender Online Scanner Trend Micro™ HouseCall Take note the names and locations of any file it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = In your next post, please include fresh logs from: HiJackThis Online scan Ab LogFile.txt Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________

10-12-2005, 05:12 PM	#5 (permalink)
Demented Mouse Registered User Join Date: Oct 2005 Posts: 11 OS: XP home	I did update and run AdAware and I used the VX2 plugin but when I did the smart scan it did not prompt me to run on startup. I dug through the configuration and could not find an option to run on startup either. Another issue: I downloaded About Buster but when I tried to update it gave me this error message: Run-time error '5': Invalid procedure call or argument and after I got this whenever I tried to start the program I received the same error. I ended up extracting the file again and running it without updating, those results are included. I think I used Also, MyWebSearch did not exist nor did SpoolSub in case you needed to know. Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 6:54:51 PM, on 10/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\HJT\HijackThis1991.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe AB LogFile AboutBuster 5.0 reference file 28 Scan started on [10/12/2005] at [4:00:44 PM] ------------------------------------------------ No Ads Found! ------------------------------------------------ No Files Found! ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 4:01:14 PM And here's a panda log: Code: Incident Status Location Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\SearchUpgrader\client.cfg Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\SearchUpgrader\system.cfg Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlly32.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipun.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcnm32.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\netop.exe Adware:adware/navipromo No disinfected C:\WINDOWS\sdkuw32.exe Virus:Trj/Zapchast.D Disinfected C:\WINDOWS\system32\c.bat Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3sf32.exe Adware:Adware/InstaFinder No disinfected C:\WINDOWS\system32\InstaFinder_inst245.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netlj32.exe Adware:Adware/Weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe Adware:adware/ezula No disinfected C:\WINDOWS\woinstall.exe And here are some things I found in Symantec's quarantine and backup sections: Bloodhound.Morphine C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP42\A0017395.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP46\A0018491.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP52\A0023634.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018422.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP27\A0008875.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP25\A0006452.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP44\A0018455.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP37\A0012297.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP65\A0025307.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP45\A0018458.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP38\A0012314.exe C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP43\A0017427.exe C:\gwskqfl.exe Trojan.Desktophijack.B C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP23\A0006097.EXE C:\System Volume Information\_restore{36768FE9-9F94-4508-83AA-0F2852FA52B0}\RP11\A0003781.exe Download.Fujif C:\ms32.tmp Thanks again for all your help

10-13-2005, 02:00 AM	#6 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say no: C:\ms32.tmp C:\Program Files\Common Files\SearchUpgrader\client.cfg C:\Program Files\Common Files\SearchUpgrader\system.cfg C:\WINDOWS\atlly32.exe C:\WINDOWS\ipun.exe C:\WINDOWS\mfcnm32.exe C:\WINDOWS\netop.exe C:\WINDOWS\sdkuw32.exe C:\WINDOWS\system32\d3sf32.exe C:\WINDOWS\system32\InstaFinder_inst245.exe C:\WINDOWS\system32\netlj32.exe C:\WINDOWS\weirdontheweb_topc.exe C:\WINDOWS\woinstall.exe Reboot your computer - and then confirm the above files do not exist. Report back with how things are in your next post with a new HJT log and a Panda log if you wish. __________________

10-14-2005, 01:09 AM	#13 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	Download Ewido Security Suite - Install & Update it's database but do not run it yet. Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet! ======================================================================== Clear Java Cache Click Start >Settings>Control Panel Click the Java Plugin Icon Click the Cache tab Click the Clear button and click OK to confirm Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel Follow the instructions outlined here to clear Sun Java's cache. ======================================================================== You re-installed XP?? What kinda things started happening? Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK This will flush out the viruses living in your System Restore Points. ======================================================================== Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck* this option) Cleanup! All Users Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!! ======================================================================== REBOOT TO SAFE MODE Restart the computer. The computer begins processing a set of instructions known as BIOS. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the 'Windows Advanced Options' menu appears. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode. ======================================================================== Please disable all other antivirus programs before proceeding. Run Ewido: Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK Once finished, click the Save report button Save the report to your desktop Close Ewido * Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. ======================================================================== Reboot to Normal Mode and supply me with the results from Ewido. __________________

10-11-2005, 06:32 PM	#3 (permalink)
Demented Mouse Registered User Join Date: Oct 2005 Posts: 11 OS: XP home	Alright, here goes: Ewido: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 8:14:17 PM, 10/11/2005 + Report-Checksum: 7B061DD1 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{12FA3D1E-6BB1-A968-D251-242CE33A798A} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{65D75D06-7395-6352-09CD-E13B9059EFE9} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{F2255AF4-092C-0BF6-52CF-8484B194FCC4} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{FC5F30D8-4A16-B1C4-CFF8-EE955DFA16A2} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup C:\Program Files\Thief - Deadly Shadows\System\t3.exe -> TrojanSpy.Comcast.a : Cleaned with backup C:\RECYCLER\NPROTECT\00102007.exe -> Adware.BetterInternet : Cleaned with backup C:\RECYCLER\NPROTECT\00102008.exe -> Adware.BetterInternet : Cleaned with backup C:\RECYCLER\NPROTECT\00102087.exe -> Adware.BetterInternet : Cleaned with backup C:\RECYCLER\NPROTECT\00102089.exe -> Adware.BetterInternet : Cleaned with backup C:\RECYCLER\NPROTECT\00102819.exe -> Adware.BetterInternet : Cleaned with backup C:\RECYCLER\NPROTECT\00104072.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\desktop.ini:xwvpp -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup C:\WINDOWS\dvfxgy.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\Greenstone.bmp:cxzxmn -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\ODBC.INI:nrboxx -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\Rhododendron.bmp:cflzez -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\setupapi.old:yysyp -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\system32:gyaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup C:\WINDOWS\system32\ajzsiic.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\system32\bddyrm.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\system32\elfvkvb.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\system32\ezPopStub.exe -> Adware.EZula : Cleaned with backup C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup C:\WINDOWS\system32\in10tvmk37s.dll -> TrojanDropper.Small.abd : Cleaned with backup C:\WINDOWS\system32\megaV2wbr.dll -> TrojanDropper.Small.xm : Cleaned with backup C:\WINDOWS\system32\oleext.dll -> Trojan.Small.ev : Cleaned with backup C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup C:\WINDOWS\UPGRADE.TXT:apgco -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\vb.ini:cwehl -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\_default(2).pif:itkmn -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\_default(2).pif:jzelpl -> Spyware.SearchPage : Cleaned with backup C:\WINDOWS\_default(2).pif:kcnpiq -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\_default(2).pif:oqchur -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\_default.pif:dwxyis -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\_default.pif:fqplk -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\_default.pif:gxhtni -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\_default.pif:ijdevu -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\_default.pif:itkmn -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\_default.pif:iwwdke -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\_default.pif:jzelpl -> Spyware.SearchPage : Cleaned with backup C:\WINDOWS\_default.pif:kcnpiq -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\_default.pif:nxpntg -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\_default.pif:oqchur -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\_default.pif:qzudnx -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\_default.pif:uuhar -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\_default.pif:wagkt -> TrojanDownloader.Agent.bc : Cleaned with backup ::Report End Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 8:30:36 PM, on 10/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\Program Files\Common Files\AOL\1124310089\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1124310089\ee\AOLServiceHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis1991.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zliia.dll/sp.html#14044 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zliia.dll/sp.html#14044 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [Spooler Subsystem] spoolsub.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm103YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe KRC Hijackthis Analyzer: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 8:30:36 PM, on 10/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Common Files\AOL\1124310089\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1124310089\ee\AOLServiceHost.exe C:\HJT\HijackThis1991.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zliia.dll/sp.html#14044 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zliia.dll/sp.html#14044 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [Spooler Subsystem] spoolsub.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm103YYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe End of KRC HijackThis Analyzer Log. ====================================================================

10-13-2005, 01:48 PM	#7 (permalink)
Demented Mouse Registered User Join Date: Oct 2005 Posts: 11 OS: XP home	Everything from that list has been deleted, the computer seems to be running a lot faster now and it starts up a lot faster as well. here's the new Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 3:44:25 PM, on 10/13/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1124310089\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1124310089\ee\AOLServiceHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis1991.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zliia.dll/sp.html#14044 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zliia.dll/sp.html#14044 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm103YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

10-13-2005, 02:25 PM	#8 (permalink)
Demented Mouse Registered User Join Date: Oct 2005 Posts: 11 OS: XP home	but wait! Upon running another virus scan, this time at Kaspersky, I've found 18 infected files so far. Results pending.

10-13-2005, 10:24 PM	#12 (permalink)
Demented Mouse Registered User Join Date: Oct 2005 Posts: 11 OS: XP home	Augh... I wish there was a way to delete or edit posts... Well terrible things started happening and I was forced to re-install (not reformat) Windows XP. My firewall's up and running and once I got everything settled I ran another Kaspersky scan. The results are pending. I'll reply tomorrow with another Kaspersky log (hopefully shorter and better organized...) and another Hijackthis log.

10-14-2005, 01:31 PM	#14 (permalink)
Demented Mouse Registered User Join Date: Oct 2005 Posts: 11 OS: XP home	I had to reinstall windows because I couldn't get on the internet no matter what I did. AIM wouldn't work, neither would IE. ZoneAlarm was still blinking though so I think I still had a connection but I couldn't get to it. ALso I had difficulty clearing the Java cache because the icon wasn't in Control Panel. I reinstalled Java and it was there, I cleared the cache then. I don't know if that would work. ANyway, here's the Ewido log: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 3:16:25 PM, 10/14/2005 + Report-Checksum: A1240CB5 + Scan result: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-21-789336058-602609370-682003330-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning ::Report End and for good measure, here's Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 3:27:33 PM, on 10/14/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AIM\aim.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\HJT\HijackThis1991.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe I'm going to run Kaspersky again as well. Thanks again.

10-15-2005, 07:57 PM	#15 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	If you reinstalled windows...you should be free of any malware. Let us know if this issue is resolved. I would also like you to following the suggestions below to keep your PC free of this stuff. Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl Tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system. Recommended Protection Programs Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. WinPatrol to monitor any changes that programs make to the registry. If you do not have a firewall, here are 4 free ones available for personal use: ZoneAlarm Sygate Personal Firewall Kerio Personal Firewall OutPost Firewall In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use: Grisoft AVG Anti-Virus System Alwil Avast 4 Home Edition Softwin BitDefender Free Edition Version 7 In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place. Please respond to this thread one more time so we can mark this thread as resolved. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

10-16-2005, 11:57 AM	#16 (permalink)
Demented Mouse Registered User Join Date: Oct 2005 Posts: 11 OS: XP home	yeah actually everything's going a lot better now. Windows starts up a lot faster now and I'm not seeing anything suspicious in the startup list or my running processes. If I see anything else pop up I'll be sure to come back. Thanks alot for all your help.