More Junk.....HJT Log posted

Scan with Panda ActiveScan and Housecall (check the autoclean box), then do another RAV scan. Post the entire log.

 

Post the entire log of RAV, Panda, and Housecall?

 

The log from RAV. The results window has a scrollbar, and you need to copy everything in that window. It will show us what files are infected.

 

OK I ran the panda scan, but when I tried to run housecall, it just kept causing an error and shutting down IE. But heres my RAV results-

Scan started at 2/10/2005 7:56:44 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\misb.exe - ToolornDialer.BP -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38214.6217022801.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\bi6.cab->biprep.exe - TrojanSpy:Win32/BiSpy.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\biH.cab->biprep.exe - TrojanSpy:Win32/BiSpy.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\K1Q3GPQV\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Main\Rebecca.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\TF7BX5CE\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38214.6217022801.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.RB0->Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.RB0->Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.RB0->Documents and Settings/Owner/Local Settings/Temp/bdl14025.exe - Trojan:Win32/Revop.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.RB0->Documents and Settings/Owner/Local Settings/Temp/THI3869.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Desktop\Anti-Spyware\backups\backup-20050108-105508-415 - Exploit:HTML/MhtRedir.gen* -> Infected
C:\Nancy Drew\Secret of the Scarlet Hand\HDVideo\TEM2_ToDoorTEM3.avf - Type_Trojan -> Suspicious
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\Quarantine\F_herpc[1]__log.spy->ADS:fjxosv - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\Quarantine\F_minmj[1]__log.spy->ADS:kcdklt - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\0DCE0B71-31B6-4925-AB31-217A99\C38F9737-11E5-40B9-9979-780858 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\498CD021-249D-48BB-AF3F-8C07AB\7CEC35BB-1297-44C1-8DA2-B57686 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\697F9BF5-0E9A-43F3-A01F-C116B8\D2C92DE0-0311-46E9-ADF0-60A4FA - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\C35A5BC6-42CF-479D-B85D-D65C5C\54D1C117-DA1E-4DB5-AE8E-678E91 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\CE373D92-071B-4612-83B1-448DB5\BDB89D4C-D1A0-4637-A353-E9B471 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\F0CF3B16-D291-45A8-851A-4AD93F\36E838B1-6BDA-408D-B4E3-E3F774 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Office97\Microsoft Office\Office\STARTUP\Startup.RB0->[Ole Embedded 0]->osm32.vir - Win95/Marburg.8582 -> Infected
C:\RECYCLER\S-1-5-21-4152392858-3244783744-1582333133-1003\Dc172.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP103\A0017408.ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0020999.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021000.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021001.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021002.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021003.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021004.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021005.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021007.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP106\A0021016.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP108\A0022126.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP111\A0022240.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP111\A0022389.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP111\A0022407.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP111\A0022419.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP113\A0022530.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP113\A0022551.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP113\A0022889.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023303.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023313.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023322.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023323.dll -

 

TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023324.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023325.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023326.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023327.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023328.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023329.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023330.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023331.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023332.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023333.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023334.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023335.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023336.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023337.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023338.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023339.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023340.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023341.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023342.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023343.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023344.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023345.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023346.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023347.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023348.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023349.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023350.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023351.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023352.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023353.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023354.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023355.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023356.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023357.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023358.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023359.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023360.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023361.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023362.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023363.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023364.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023365.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023366.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023367.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023368.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023369.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023370.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023371.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023372.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023373.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023374.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023375.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023376.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023377.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023378.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023379.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023380.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023381.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023382.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023383.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023384.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023385.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023386.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023387.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023388.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023389.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023390.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023391.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023392.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023393.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023394.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023395.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023396.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023397.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023398.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023399.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023400.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023401.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023402.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023403.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023404.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023405.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023406.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

 

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023407.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023408.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023409.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023410.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023411.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023412.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023413.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023414.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023415.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023416.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023417.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023418.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023419.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023420.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023421.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023422.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023423.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023424.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023425.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023426.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023427.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023428.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023429.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023430.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023431.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023432.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023433.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023437.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023438.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023439.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023440.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023441.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023442.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023443.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023444.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023446.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023447.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023448.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023457.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023458.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023459.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023460.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023461.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023462.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023463.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023464.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023465.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023466.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023467.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023468.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023469.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023470.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023471.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023472.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023473.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023474.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023475.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023476.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023477.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023478.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023479.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023480.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023481.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023482.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023483.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023484.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023485.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023486.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023487.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023488.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023489.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023490.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023491.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023492.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023530.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023624.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023645.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0025648.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025712.dll -TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025713.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025715.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025716.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025717.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025718.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025719.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025720.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025721.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025722.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025723.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025724.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025725.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025726.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025727.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025728.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025729.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025730.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025731.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025732.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025733.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025734.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025735.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025736.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025737.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025738.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025739.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025740.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025741.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025742.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025743.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025744.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025745.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025746.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025747.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025748.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025749.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025750.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025751.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025752.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025753.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025754.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025755.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025756.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025757.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025758.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025759.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025760.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025761.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025762.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025763.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025764.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025765.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025766.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025767.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025768.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

 

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025769.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025770.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025772.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025773.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025774.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025775.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025776.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025777.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025778.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025779.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025780.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025781.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025782.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025783.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025784.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025785.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025786.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025787.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025788.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025789.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025790.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025791.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025792.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025793.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025794.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025795.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025796.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025797.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025798.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025799.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025800.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025801.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025802.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025803.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025804.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025805.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025807.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025808.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025809.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025810.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025811.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025812.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025813.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025815.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025816.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025817.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025818.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025819.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025820.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025826.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025827.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025828.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025829.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025830.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025831.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025832.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025833.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025834.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025838.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025839.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025840.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025841.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025842.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025843.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025844.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025845.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025846.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025847.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025848.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025849.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025850.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025851.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025852.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025853.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025854.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025855.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025856.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025857.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025858.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025859.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025860.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025861.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025862.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025863.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025865.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025866.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025867.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025868.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025869.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025870.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025871.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025872.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025873.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025874.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025875.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025878.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025879.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025880.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025881.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025882.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025883.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025884.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025885.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0025886.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0027642.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0027715.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0027731.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP118\A0027827.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP118\A0027850.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027873.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

 

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027889.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027907.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027975.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027986.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027987.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027988.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027989.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027990.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028000.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028002.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028003.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028005.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028017.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028018.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028019.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028020.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028023.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028024.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028026.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028029.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028460.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028461.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028467.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0028474.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029039.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029054.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029072.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029140.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029151.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029152.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029153.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029154.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029155.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029162.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029164.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029165.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029167.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029179.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029180.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029181.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029182.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029185.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029186.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029188.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029191.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029622.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029623.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029629.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP120\A0029636.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030221.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030236.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030254.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030322.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030333.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030334.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030335.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030336.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030337.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030344.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030346.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030347.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030349.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030361.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030362.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030363.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030364.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030367.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030368.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030370.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030373.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030804.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030805.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030811.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP121\A0030818.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031703.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031704.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031705.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031707.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031708.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031709.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031710.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031711.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031712.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031718.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031719.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031720.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031722.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031723.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031724.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031725.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031726.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031727.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP123\A0031728.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP126\A0031830.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP126\A0032766.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP126\A0032772.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP126\A0032774.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP128\A0033773.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP128\A0033777.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP128\A0033846.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP128\A0034195.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0034225.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0035253.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0035256.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0035265.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP130\A0035291.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035316.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035343.exe - TrojanDownloader:Win32/Small.RR -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035345.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035348.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035350.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035351.exe - TrojanDownloader:Win32/Small.RR -> Infected

 

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035352.dll - Trojan:Win32/Startpage.SC -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035353.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035355.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035358.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035361.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP131\A0035362.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP31\A0006740.exe->(UPXW) - ToolornDialer.gen! -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP47\A0009119.ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP47\A0009121.scr->ADS:wgzrh - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP48\A0009143.ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP49\A0009148.ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP49\A0009153.INI->ADS:ypynj - TrojanDownloader:Win32/Agent.X -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP49\A0009162.bat->ADS:dtzin - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP5\A0001827.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP56\A0009730.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP67\A0011009.dll - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP67\A0011014.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP67\A0011030.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP68\A0011080.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP73\A0011329.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP73\A0011330.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP73\A0011333.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011807.dll - TrojanDownloader:Win32/Small.RM -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011810.exe - TrojanDownloader:Win32/Small -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011812.exe - TrojanDownloader:Win32/Small.RR -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011814.exe - TrojanClicker:Win32/Small.W -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011818.dll - TrojanDownloader:Win32/Small.RM -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011819.dll - TrojanDownloader:Win32/Small.RM -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011824.exe - TrojanDropper:Win32/Siboco -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011829.exe - TrojanDownloader:Win32/Small.NU -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011831.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011832.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP77\A0011833.exe->(EXEEmb) - Trojan:Win32/Small.RO -> Suspicious
C:\WINDOWS\Active Setup Log.txt->ADS:sxaey - TrojanDownloader:Win32/Agent.X -> Infected
C:\WINDOWS\Active Setup Log.txt->ADSwjuhe - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Alex.acl->ADS:kxkjs - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\Alex001.acl->ADS:vwukjs - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\aucfg.ini->ADS:xvzkbq - TrojanDownloader:Win32/Agent.BA -> Infected
C:\WINDOWS\DLLMAP.INI->ADS:xzmyxa - TrojanDownloader:Win32/Agent.BA -> Infected
C:\WINDOWS\fsyem.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Gone Fishing.bmp->ADS:dnzceu - TrojanDownloader:Win32/Agent.BA -> Infected
C:\WINDOWS\imsins.log->ADS:qqqtl - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\intuprof(2).ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\intuprof(3).ini->ADS:bllfp - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\intuprof.ini->ADS:hipmxg - TrojanDownloader:Win32/Agent.BA -> Infected
C:\WINDOWS\jlnoc.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\jsqfy.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\LedZeppelin(2).scr->ADS:wgzrh - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\nsreg.dat->ADS:qxktgd - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Owner005.acl->ADS:zsvvef - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\shsjz.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\tsoc.log->ADSylwcp - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\win.ini->ADS:hlupne - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\WIN.V00->ADS:bthvh - TrojanDownloader:Win32/Agent.X -> Infected
C:\WINDOWS\SYSTEM32\ApxAs.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\avifil32.exe - Trojan:Win32/Dialer.CE -> Suspicious
C:\WINDOWS\SYSTEM32\axtfw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\dgang.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\eogow.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\Fclgv.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\fglcn.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\FM20.exe - Trojan:Win32/Dialer.CE -> Suspicious
C:\WINDOWS\SYSTEM32\gemnq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\ImmH2c.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\LgnJ8V3.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\nrpby.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\rnr.dll - TrojanDownloader:Win32/Agent.AV -> Infected
C:\WINDOWS\SYSTEM32\rpksw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\slodp.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\Tzatd.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\yzukf.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\ZibK.exe - TrojanDownloader:Win32/VB.EM -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.RB0->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - TrojanSpy:Win32/BiSpy.C -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38214.6217022801.RB0->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious

Scanned
============================
Objects: 179845
Directories: 13979
Archives: 10748
Size(Kb): 710841
Infected files: 159

Found
============================
Viruses found: 28
Suspicious files: 458
Disinfected files: 0
Mail files: 5035



And thats my RAV scan Results. This site needs something where you can post over 20000 characters at once at certain places. It is REALLY annonying having to copy, cut, paste, make sure its not over 20000 characters...

 

First, you must turn off system restore to clean out the many infected files stored there. Leave it off until we are done with the cleanup. Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. DO NOT allow restart.

Paste the following filepaths into the Killbox and allow reboot when done.

C:\misb.exe
C:\WINDOWS\Active Setup Log.txt
C:\WINDOWS\Active Setup Log.txt
C:\WINDOWS\Alex.acl
C:\WINDOWS\Alex001.acl
C:\WINDOWS\aucfg.ini
C:\WINDOWS\DLLMAP.INI
C:\WINDOWS\fsyem.dll
C:\WINDOWS\Gone Fishing.bmp
C:\WINDOWS\imsins.log
C:\WINDOWS\intuprof(2).ini
C:\WINDOWS\intuprof(3).ini
C:\WINDOWS\intuprof.ini
C:\WINDOWS\jlnoc.dll
C:\WINDOWS\jsqfy.dll
C:\WINDOWS\LedZeppelin(2).scr
C:\WINDOWS\nsreg.dat
C:\WINDOWS\Owner005.acl
C:\WINDOWS\shsjz.dll
C:\WINDOWS\tsoc.log
C:\WINDOWS\WIN.V00
C:\WINDOWS\SYSTEM32\ApxAs.exe
C:\WINDOWS\SYSTEM32\avifil32.exe
C:\WINDOWS\SYSTEM32\axtfw.dll
C:\WINDOWS\SYSTEM32\dgang.dll
C:\WINDOWS\SYSTEM32\eogow.dll
C:\WINDOWS\SYSTEM32\Fclgv.exe
C:\WINDOWS\SYSTEM32\fglcn.dll
C:\WINDOWS\SYSTEM32\FM20.exe
C:\WINDOWS\SYSTEM32\gemnq.dll
C:\WINDOWS\SYSTEM32\ImmH2c.exe
C:\WINDOWS\SYSTEM32\LgnJ8V3.exe
C:\WINDOWS\SYSTEM32\nrpby.dll
C:\WINDOWS\SYSTEM32\rnr.dll
C:\WINDOWS\SYSTEM32\rpksw.dll
C:\WINDOWS\SYSTEM32\slodp.dll
C:\WINDOWS\SYSTEM32\Tzatd.exe
C:\WINDOWS\SYSTEM32\yzukf.dll
C:\WINDOWS\SYSTEM32\ZibK.exe

Now in safe mode, open MS Antispyware and the Earthlink spyware blocker, delete everything in quarantine.

It appears that many, many of your Business Logic backups are infected, and I recommend deleting everything in each of the following backup folders. You can create new backups once the system is clean.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup

Open C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5, select all and delete.
Open C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp, select all and delete.
Open C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
Empty the recycle bin.
Uncheck the /safeboot box in msconfig and ok to reboot.

Try running Housecall again. Make sure to check the box to Autoclean.

Run another RAV scan and post the results.

Post a new HJT log.

Please zip and email me a copy of C:\WINDOWS\win.ini here.

 

OK I did all that.

But this I havent done. I've cleared out the quarantines from MS AntiSpyware, But cant figure out how to do the same thing on earthlink. Also these files were not on my computer-

C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup

C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5



Also, My compuuter kept freezing because I kept getting error messages saying "Dr.Watson Postmordem Debugger" could not function properly. I could't open folders, and the program kept restarting. I don't know what this program is, but it is a nuisance. So I booted up in safe mode, did a search for 'drwtsn' and deleted the 7 files that it found. It got rid of the program and eror messages, but I still can't get into any of my folders (including My computer!) without being in safemode. So if you have any information regarding that issue, please help.

 

You must set Windows to show hidden files and folders, as well as system files and extensions for known file types, then look for those folders again.

You probably shouldn't have deleted the Dr Watson files/folders. If they are still in the recycle bin, restore them. See start>help and support for more information on Dr. Watson.

C:\Program Files\EarthLink TotalAccess\Spyware Blocker\Quarantine

 

Will deleting any of these files erase my favorite pages on the internet?

C:\WINDOWS\SYSTEM32\config\systemprofile\Applicati on Data\Business Logic\UWC\Backup
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup

C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5


And I went to C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5
and it had alot of folders. I selected all the folders, but it said I could not delete them. Do I go into each folder and delete the things in every folder, or is something just wrong?

Also, that Dr. Watson thing is gone. Am I pretty much outta luck since I deleted that?

 

Your favorites will not be affected. Deleting those files is going to remove the infections on your machine.
Are you trying to delete those TIF files/folders in safe mode (you should be)? If necessary, yes, delete the files inside the folders, reboot and try to delete the folders again.
The Dr. Watson stuff was most likely just old logs, and no harm done. He should be well protected by the operating system.

 

I still cant delete the folders OR the individual files in them from

C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5

but I deleted everything else. Should I just get out of safe mode and run RAV or try to think of a way to delete those files?

 

Logon to the Administrator account in safe mode and try deleting those folders. If that still doesn't work, download and install Move-on-Boot (it will fit on a floppy). This will give you a new right click option, when used on files (not folders), to delete on the next boot. Use it to tag the files within each folder for deletion and reboot.

 

OK Ill do that now But I ran RAV Last nite, so heres the results.

Scan started at 2/13/2005 1:40:15 AM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\bi6.cab->biprep.exe - TrojanSpy:Win32/BiSpy.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\biH.cab->biprep.exe - TrojanSpy:Win32/BiSpy.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\K1Q3GPQV\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Main\Rebecca.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\TF7BX5CE\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Owner\Desktop\Anti-Spyware\backups\backup-20050108-105508-415 - Exploit:HTML/MhtRedir.gen* -> Infected
C:\Nancy Drew\Secret of the Scarlet Hand\HDVideo\TEM2_ToDoorTEM3.avf - Type_Trojan -> Suspicious
C:\Program Files\Microsoft AntiSpyware\Quarantine\0DCE0B71-31B6-4925-AB31-217A99\C38F9737-11E5-40B9-9979-780858 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\498CD021-249D-48BB-AF3F-8C07AB\7CEC35BB-1297-44C1-8DA2-B57686 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\697F9BF5-0E9A-43F3-A01F-C116B8\D2C92DE0-0311-46E9-ADF0-60A4FA - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\C35A5BC6-42CF-479D-B85D-D65C5C\54D1C117-DA1E-4DB5-AE8E-678E91 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\CE373D92-071B-4612-83B1-448DB5\BDB89D4C-D1A0-4637-A353-E9B471 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\F0CF3B16-D291-45A8-851A-4AD93F\36E838B1-6BDA-408D-B4E3-E3F774 - TrojanDownloader:Win32/Agent.BA -> Infected
C:\Program Files\Office97\Microsoft Office\Office\STARTUP\Startup.RB0->[Ole Embedded 0]->osm32.vir - Win95/Marburg.8582 -> Infected
C:\RECYCLER\S-1-5-21-4152392858-3244783744-1582333133-1003\Dc172.exe - ToolornDialer.BP -> Infected
C:\WINDOWS\earthlink.INI->ADS:rteqhr - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\ftzmk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\jsqfy.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\pss\win.ini.backup->ADS:hlupne - TrojanDownloader:Win32/WinShow.AK -> Suspicious

Scanned
============================
Objects: 141109
Directories: 13122
Archives: 10241
Size(Kb): 455601
Infected files: 13

Found
============================
Viruses found: 6
Suspicious files: 5
Disinfected files: 0
Mail files: 418

 

OK I DLed that, and deleted those files. I also ran HJT, so heres the log.

Logfile of HijackThis v1.99.0
Scan saved at 2:04:20 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\system32\netuq.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\miniport_mp.exe
C:\WINDOWS\crmn32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {72A95655-0AD6-3F3C-4EDB-FB9E350A96ED} - C:\WINDOWS\d3sm.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MiniPortRt] C:\WINDOWS\System32\miniport_mp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [crmn32.exe] C:\WINDOWS\crmn32.exe
O4 - HKLM\..\RunOnce: [netuq.exe] C:\WINDOWS\system32\netuq.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107893824546
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe

DO you want me to run RAV again? And housecall still wont work.

 

Gettin closer. Hang in there.

In safe mode, open C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp, select all and delete.
Open C:\Documents and Settings\Main\Rebecca.OFFICE\Local Settings\Temporary Internet Files\Content.IE5, select all and delete.
Open C:\Program Files\Microsoft AntiSpyware\Quarantine, select all and delete. If they won't delete, open the program and delete the items in quarantine.
Open HijackThis to the misc tools section, click the backups button and delete all.


Use the killbox to tag the following for deletion but do not reboot yet.

C:\WINDOWS\jsqfy.dll
C:\WINDOWS\crmn32.exe
C:\WINDOWS\system32\netuq.exe
C:\WINDOWS\ftzmk.dll
C:\WINDOWS\d3sm.dll
C:\WINDOWS\System32\miniport_mp.exe

Search the C:\Windows\system32 folder for the following files and if present, tag them for deletion also. (let me know if these are present please)

MSASMC18.DLL
CDIMGDEV.DLL
NSCOMPAT.TLB
AMCOMPAT.TLB
MPSCH~1.XML
MINIPORT.EXE
MINIPORT.$@!
MINIPORT.BAK

Scan again with HJT and remove the following.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ftzmk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {72A95655-0AD6-3F3C-4EDB-FB9E350A96ED} - C:\WINDOWS\d3sm.dll
O4 - HKLM\..\Run: [crmn32.exe] C:\WINDOWS\crmn32.exe
O4 - HKLM\..\RunOnce: [netuq.exe] C:\WINDOWS\system32\netuq.exe
O4 - HKLM\..\Run: [MiniPortRt] C:\WINDOWS\System32\miniport_mp.exe

Again, open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Empty the recycle bin.
Reboot back into Windows and post a new HJT log.

 

OK I didn't have these files-


CDIMGDEV.DLL
MPSCH~1.XML
MINIPORT.EXE (Although I did have MINIPORT_MP.exe which I deleted)
MINIPORT.$@!
MINIPORT.BAK

And heres a HJT scan before I got on the internet-

Logfile of HijackThis v1.99.0
Scan saved at 5:17:48 PM, on 2/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107893824546
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe


And One after-

Logfile of HijackThis v1.99.0
Scan saved at 5:21:25 PM, on 2/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\maseq.dll/sp.html#12345
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107893824546
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe

(The about:blank thing came back)