More Junk.....HJT Log posted

lpdrummer · 2nd February 2005

Still isnt there... Heres a screen- http://img.photobucket.com/albums/v1...r/Picture8.bmp

**noahdfear** · 6th February 2005

Save this to text so you can copy and paste the file paths below.

Check for updates to Ad-aware.

Open the Spybot folder in Program Files and see if SDHelper.dll is there. If not, download it here.

System Restore should be off.

Download RegSeeker and unzip to it's own folder.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ielo.exe] C:\WINDOWS\system32\ielo.exe
O4 - HKLM\..\RunOnce: [addqy.exe] C:\WINDOWS\system32\addqy.exe

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. DO NOT allow restart.

Open the Killbox. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\qedit.dll

Click on the Action menu and choose "Delete on Reboot". On the next screen (log), click on the File menu and choose "Add File". The filename and path should show up in the window. If that's successful, copy the next filepath and paste it in the box, again click Action>"Delete on Reboot">File>"Add File". When all of the below filepaths are done, click Action on the log screen menu and select "Process and Reboot". Allow it to reboot.

C:\WINDOWS\System32\devenum.dll
C:\WINDOWS\System32\msdmo.dll
C:\WINDOWS\System32\qdvd.dll
C:\WINDOWS\system32\addqy.exe
C:\WINDOWS\system32\ielo.exe
C:\WINDOWS\udzvn.dll
C:\WINDOWS\addjz32.dll
C:\WINDOWS\system32\ielo.exe
C:\WINDOWS\system32\addqy.exe

Now in safe mode, logon to your user account.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Delete cookies. Click the programs tab, then the "Reset Web Settings" button. Include your homepage.
Open HijackThis and click config, then backups and delete all.
Open Ad-aware and run a full scan. Delete all it finds. When done, open the Quarantine list and delete all.
Empty the recycle bin.
Search for each of the above files and delete if found. Empty recycle bin again if necessary.
Open RegSeeker, maximize the window and click clean registry. When scan is complete,verify the backup box in lower left corner is checked and click the select all button. Then right click within the search results and select delete. Run it again and delete all. Run it a third time.
Uncheck the /safeboot box in msconfig and ok to reboot.

Back in Windows, do not open IE. Click start>All Programs>Windows Update. Accept ALL critical Updates offered. Reboot and go back to Windows Update. Repeat until no more critical updates are offered.

Open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update. Check for updates from time to time. Still in Spybot, click tools in the left pane, then Resident and check the box for SD Helper. Then click IE tweaks and at least lock the HOSTS file. Then download and install IESpyads.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.

lpdrummer · 8th February 2005

I am running RAV right now, But when I try to do Windows Update, it just says this

"Checking for the latest version of the Windows Update software...

Depending on your connection speed, this might take a minute. During this time, you may receive one or more security warnings. Review each security warning to ensure that the content is signed by Microsoft, and then click Install or Yes to install the software."

And then dosent do anything. Its like it froze.

**noahdfear** · 9th February 2005

Most common cause of freezing at that stage, with no error messages is a third-party firewall. Try shutting it down when accessing Windows Update.

lpdrummer · 9th February 2005

Quote:

Originally Posted by noahdfear

Most common cause of freezing at that stage, with no error messages is a third-party firewall. Try shutting it down when accessing Windows Update.

OK Ill try that.

But heres the results of the RAV scan

Scanned
============================
Objects: 178750
Directories: 13789
Archives: 10734
Size(Kb): -429606
Infected files: 187

Found
============================
Viruses found: 33
Suspicious files: 449
Disinfected files: 0
Mail files: 5031

and heres a new HJT log

Logfile of HijackThis v1.99.0
Scan saved at 7:10:37 AM, on 2/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\netuq.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\miniport_mp.exe
C:\WINDOWS\crmn32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D822877E-46BD-178B-A721-897CC4553D02} - C:\WINDOWS\addja32.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MiniPortRt] C:\WINDOWS\System32\miniport_mp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [crmn32.exe] C:\WINDOWS\crmn32.exe
O4 - HKLM\..\RunOnce: [netuq.exe] C:\WINDOWS\system32\netuq.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107893824546
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe

it seems like the 12345 things come back whenever I get online...

**noahdfear** · 9th February 2005

Scan with Panda ActiveScan and Housecall (check the autoclean box), then do another RAV scan. Post the entire log.

lpdrummer · 10th February 2005

Quote:

Originally Posted by noahdfear

Scan with Panda ActiveScan and Housecall (check the autoclean box), then do another RAV scan. Post the entire log.

Post the entire log of RAV, Panda, and Housecall?

**noahdfear** · 10th February 2005

The log from RAV. The results window has a scrollbar, and you need to copy everything in that window. It will show us what files are infected.

lpdrummer · 11th February 2005

OK I ran the panda scan, but when I tried to run housecall, it just kept causing an error and shutting down IE. But heres my RAV results-

Scan started at 2/10/2005 7:56:44 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\misb.exe - Tool:PornDialer.BP -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38214.6217022801.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\bi6.cab->biprep.exe - TrojanSpy:Win32/BiSpy.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\biH.cab->biprep.exe - TrojanSpy:Win32/BiSpy.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\K1Q3GPQV\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Main\Rebecca.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\TF7BX5CE\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38214.6217022801.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.RB0->Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.RB0->Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.RB0->Documents and Settings/Owner/Local Settings/Temp/bdl14025.exe - Trojan:Win32/Revop.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.RB0->Documents and Settings/Owner/Local Settings/Temp/THI3869.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Desktop\Anti-Spyware\backups\backup-20050108-105508-415 - Exploit:HTML/MhtRedir.gen* -> Infected
C:\Nancy Drew\Secret of the Scarlet Hand\HDVideo\TEM2_ToDoorTEM3.avf - Type_Trojan -> Suspicious
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\Quarantine\F_herpc[1]__log.spy->ADS:fjxosv - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\Quarantine\F_minmj[1]__log.spy->ADS:kcdklt - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\0DCE0B71-31B6-4925-AB31-217A99\C38F9737-11E5-40B9-9979-780858 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\498CD021-249D-48BB-AF3F-8C07AB\7CEC35BB-1297-44C1-8DA2-B57686 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\697F9BF5-0E9A-43F3-A01F-C116B8\D2C92DE0-0311-46E9-ADF0-60A4FA - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\C35A5BC6-42CF-479D-B85D-D65C5C\54D1C117-DA1E-4DB5-AE8E-678E91 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\CE373D92-071B-4612-83B1-448DB5\BDB89D4C-D1A0-4637-A353-E9B471 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\F0CF3B16-D291-45A8-851A-4AD93F\36E838B1-6BDA-408D-B4E3-E3F774 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Office97\Microsoft Office\Office\STARTUP\Startup.RB0->[Ole Embedded 0]->osm32.vir - Win95/Marburg.8582 -> Infected
C:\RECYCLER\S-1-5-21-4152392858-3244783744-1582333133-1003\Dc172.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP103\A0017408.ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0020999.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021000.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021001.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021002.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021003.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021004.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021005.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021007.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021016.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP108\A0022126.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP111\A0022240.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP111\A0022389.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP111\A0022407.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP111\A0022419.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP113\A0022530.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP113\A0022551.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP113\A0022889.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023303.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023313.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023322.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023323.dll -

lpdrummer · 11th February 2005

TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023324.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023325.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023326.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023327.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023328.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023329.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023330.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023331.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023332.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023333.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023334.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023335.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023336.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023337.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023338.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023339.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023340.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023341.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023342.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023343.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023344.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023345.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023346.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023347.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023348.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023349.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023350.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023351.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023352.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023353.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023354.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023355.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023356.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023357.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023358.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023359.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023360.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023361.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023362.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023363.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023364.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023365.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023366.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023367.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023368.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023369.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023370.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023371.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023372.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023373.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023374.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023375.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023376.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023377.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023378.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023379.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023380.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023381.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023382.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023383.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023384.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023385.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023386.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023387.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023388.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023389.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023390.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023391.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023392.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023393.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023394.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023395.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023396.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023397.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023398.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023399.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023400.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023401.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023402.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023403.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023404.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023405.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023406.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

lpdrummer · 11th February 2005

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023407.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023408.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023409.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023410.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023411.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023412.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023413.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023414.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023415.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023416.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023417.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023418.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023419.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023420.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023421.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023422.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023423.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023424.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023425.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023426.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023427.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023428.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023429.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023430.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023431.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023432.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023433.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023437.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023438.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023439.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023440.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023441.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023442.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023443.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023444.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023446.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023447.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023448.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023457.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023458.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023459.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023460.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023461.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023462.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023463.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023464.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023465.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023466.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023467.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023468.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023469.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023470.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023471.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023472.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023473.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023474.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023475.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023476.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023477.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023478.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023479.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023480.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023481.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023482.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023483.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023484.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023485.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023486.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023487.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023488.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023489.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023490.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023491.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023492.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023530.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023624.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023645.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0025648.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025712.dll -TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025713.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025715.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025716.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025717.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025718.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025719.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025720.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025721.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025722.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025723.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025724.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025725.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025726.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025727.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025728.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025729.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025730.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025731.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025732.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025733.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025734.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025735.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025736.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025737.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025738.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025739.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025740.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025741.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025742.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025743.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025744.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025745.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025746.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025747.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025748.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025749.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025750.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025751.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025752.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025753.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025754.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025755.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025756.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025757.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025758.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025759.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025760.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025761.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025762.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025763.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025764.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025765.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025766.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025767.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025768.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

lpdrummer · 11th February 2005

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025769.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025770.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025772.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025773.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025774.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025775.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025776.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025777.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025778.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025779.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025780.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025781.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025782.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025783.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025784.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025785.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025786.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025787.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025788.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025789.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025790.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025791.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025792.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025793.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025794.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025795.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025796.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025797.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025798.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025799.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025800.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025801.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025802.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025803.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025804.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025805.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025807.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025808.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025809.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025810.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025811.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025812.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025813.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025815.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025816.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025817.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025818.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025819.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025820.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025826.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025827.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025828.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025829.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025830.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025831.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025832.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025833.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025834.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025838.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025839.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025840.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025841.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025842.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025843.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025844.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025845.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025846.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025847.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025848.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025849.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025850.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025851.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025852.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025853.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025854.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025855.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025856.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025857.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025858.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025859.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025860.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025861.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025862.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025863.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025865.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025866.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025867.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025868.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025869.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025870.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025871.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025872.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025873.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025874.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025875.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025878.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025879.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025880.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025881.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025882.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025883.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025884.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025885.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025886.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0027642.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0027715.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0027731.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP118\A0027827.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP118\A0027850.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027873.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

lpdrummer · 11th February 2005

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027889.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027907.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027975.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027986.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027987.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027988.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027989.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027990.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028000.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028002.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028003.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028005.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028017.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028018.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028019.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028020.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028023.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028024.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028026.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028029.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028460.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028461.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028467.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028474.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029039.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029054.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029072.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029140.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029151.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029152.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029153.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029154.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029155.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029162.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029164.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029165.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029167.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029179.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029180.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029181.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029182.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029185.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029186.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029188.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029191.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029622.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029623.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029629.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029636.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030221.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030236.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030254.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030322.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030333.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030334.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030335.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030336.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030337.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030344.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030346.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030347.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030349.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030361.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030362.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030363.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030364.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030367.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030368.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030370.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030373.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030804.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030805.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030811.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030818.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031703.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031704.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031705.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031707.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031708.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031709.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031710.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031711.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031712.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031718.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031719.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031720.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031722.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031723.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031724.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031725.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031726.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031727.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031728.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP126\A0031830.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP126\A0032766.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP126\A0032772.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP126\A0032774.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP128\A0033773.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP128\A0033777.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP128\A0033846.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP128\A0034195.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0034225.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0035253.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0035256.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0035265.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0035291.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035316.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035343.exe - TrojanDownloader:Win32/Small.RR -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035345.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035348.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035350.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035351.exe - TrojanDownloader:Win32/Small.RR -> Infected

lpdrummer · 11th February 2005

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035352.dll - Trojan:Win32/Startpage.SC -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035353.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035355.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035358.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035361.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035362.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP31\A0006740.exe->(UPXW) - Tool:PornDialer.gen! -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP47\A0009119.ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP47\A0009121.scr->ADS:wgzrh - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP48\A0009143.ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP49\A0009148.ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP49\A0009153.INI->ADS:ypynj - TrojanDownloader:Win32/Agent.X -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP49\A0009162.bat->ADS:dtzin - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP5\A0001827.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP56\A0009730.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP67\A0011009.dll - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP67\A0011014.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP67\A0011030.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP68\A0011080.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP73\A0011329.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP73\A0011330.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP73\A0011333.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011807.dll - TrojanDownloader:Win32/Small.RM -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011810.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011812.exe - TrojanDownloader:Win32/Small.RR -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011814.exe - TrojanClicker:Win32/Small.W -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011818.dll - TrojanDownloader:Win32/Small.RM -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011819.dll - TrojanDownloader:Win32/Small.RM -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011824.exe - TrojanDropper:Win32/Siboco -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011829.exe - TrojanDownloader:Win32/Small.NU -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011831.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011832.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011833.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\WINDOWS\Active Setup Log.txt->ADS:sxaey - TrojanDownloader:Win32/Agent.X -> Infected
C:\WINDOWS\Active Setup Log.txt->ADS

wjuhe - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Alex.acl->ADS:kxkjs - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\Alex001.acl->ADS:vwukjs - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\aucfg.ini->ADS:xvzkbq - TrojanDownloader:Win32/Agent.BA -> Infected
C:\WINDOWS\DLLMAP.INI->ADS:xzmyxa - TrojanDownloader:Win32/Agent.BA -> Infected
C:\WINDOWS\fsyem.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Gone Fishing.bmp->ADS:dnzceu - TrojanDownloader:Win32/Agent.BA -> Infected
C:\WINDOWS\imsins.log->ADS:qqqtl - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\intuprof(2).ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\intuprof(3).ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\intuprof.ini->ADS:hipmxg - TrojanDownloader:Win32/Agent.BA -> Infected
C:\WINDOWS\jlnoc.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\jsqfy.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\LedZeppelin(2).scr->ADS:wgzrh - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\nsreg.dat->ADS:qxktgd - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Owner005.acl->ADS:zsvvef - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\shsjz.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\tsoc.log->ADS

ylwcp - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\win.ini->ADS:hlupne - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\WIN.V00->ADS:bthvh - TrojanDownloader:Win32/Agent.X -> Infected
C:\WINDOWS\SYSTEM32\ApxAs.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\avifil32.exe - Trojan:Win32/Dialer.CE -> Suspicious
C:\WINDOWS\SYSTEM32\axtfw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\dgang.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\eogow.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\Fclgv.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\fglcn.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\FM20.exe - Trojan:Win32/Dialer.CE -> Suspicious
C:\WINDOWS\SYSTEM32\gemnq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\ImmH2c.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\LgnJ8V3.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\nrpby.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\rnr.dll - TrojanDownloader:Win32/Agent.AV -> Infected
C:\WINDOWS\SYSTEM32\rpksw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\slodp.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\Tzatd.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\yzukf.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\ZibK.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38214.6217022801.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious

Scanned
============================
Objects: 179845
Directories: 13979
Archives: 10748
Size(Kb): 710841
Infected files: 159

Found
============================
Viruses found: 28
Suspicious files: 458
Disinfected files: 0
Mail files: 5035

And thats my RAV scan Results. This site needs something where you can post over 20000 characters at once at certain places. It is REALLY annonying having to copy, cut, paste, make sure its not over 20000 characters...

**noahdfear** · 12th February 2005

First, you must turn off system restore to clean out the many infected files stored there. Leave it off until we are done with the cleanup. Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. DO NOT allow restart.

Paste the following filepaths into the Killbox and allow reboot when done.

C:\misb.exe
C:\WINDOWS\Active Setup Log.txt
C:\WINDOWS\Active Setup Log.txt
C:\WINDOWS\Alex.acl
C:\WINDOWS\Alex001.acl
C:\WINDOWS\aucfg.ini
C:\WINDOWS\DLLMAP.INI
C:\WINDOWS\fsyem.dll
C:\WINDOWS\Gone Fishing.bmp
C:\WINDOWS\imsins.log
C:\WINDOWS\intuprof(2).ini
C:\WINDOWS\intuprof(3).ini
C:\WINDOWS\intuprof.ini
C:\WINDOWS\jlnoc.dll
C:\WINDOWS\jsqfy.dll
C:\WINDOWS\LedZeppelin(2).scr
C:\WINDOWS\nsreg.dat
C:\WINDOWS\Owner005.acl
C:\WINDOWS\shsjz.dll
C:\WINDOWS\tsoc.log
C:\WINDOWS\WIN.V00
C:\WINDOWS\SYSTEM32\ApxAs.exe
C:\WINDOWS\SYSTEM32\avifil32.exe
C:\WINDOWS\SYSTEM32\axtfw.dll
C:\WINDOWS\SYSTEM32\dgang.dll
C:\WINDOWS\SYSTEM32\eogow.dll
C:\WINDOWS\SYSTEM32\Fclgv.exe
C:\WINDOWS\SYSTEM32\fglcn.dll
C:\WINDOWS\SYSTEM32\FM20.exe
C:\WINDOWS\SYSTEM32\gemnq.dll
C:\WINDOWS\SYSTEM32\ImmH2c.exe
C:\WINDOWS\SYSTEM32\LgnJ8V3.exe
C:\WINDOWS\SYSTEM32\nrpby.dll
C:\WINDOWS\SYSTEM32\rnr.dll
C:\WINDOWS\SYSTEM32\rpksw.dll
C:\WINDOWS\SYSTEM32\slodp.dll
C:\WINDOWS\SYSTEM32\Tzatd.exe
C:\WINDOWS\SYSTEM32\yzukf.dll
C:\WINDOWS\SYSTEM32\ZibK.exe

Now in safe mode, open MS Antispyware and the Earthlink spyware blocker, delete everything in quarantine.

It appears that many, many of your Business Logic backups are infected, and I recommend deleting everything in each of the following backup folders. You can create new backups once the system is clean.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup

Open C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5, select all and delete.
Open C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp, select all and delete.
Open C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
Empty the recycle bin.
Uncheck the /safeboot box in msconfig and ok to reboot.

Try running Housecall again. Make sure to check the box to Autoclean.

Run another RAV scan and post the results.

Post a new HJT log.

Please zip and email me a copy of C:\WINDOWS\win.ini here.