Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Infected By Trojan:win32/conhook.c , Matcash , Virtumonde.m And Fotomoto


  • Please log in to reply
11 replies to this topic

#1 RookieJerry

RookieJerry

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 31 August 2007 - 08:49 AM

This is my first post and im a rookie, and please provide detailed steps for the solution.

This week my PC got infected with above trojans and lotz of pop-ups and error messages arised.Access was denied for applications and none would execute.This happened as I opened an unknown winrar file a few days before.
When I scan my computer with AVG antivirus and windows defender , they show the infected files , which they heal and remove . But when I reboot the same infections and trojans reappear.
My PC's applications are all updated daily. But I used only windows firewall , was that a mistake ??

here is my hijackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:16 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\regbiabt.exe
C:\WINDOWS\system32\secrochg.exe
C:\WINDOWS\system32\sktajpbb.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.88.231.28/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\hgghefc.dll
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [rtksw32] C:\WINDOWS\system32\secrochg.exe
O4 - HKLM\..\Run: [mandstck] regbiabt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188536973268
O20 - Winlogon Notify: hgghefc - C:\WINDOWS\SYSTEM32\hgghefc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\sktajpbb.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 5006 bytes



Please reply at the earliest. Thank you.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 31 August 2007 - 01:56 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum RookieJerry :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 RookieJerry

RookieJerry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 01 September 2007 - 06:34 AM

Thank you Richie for your immediate reply.
I did as you replied.

Here is my Combofix log.


ComboFix 07-08-30.3 - "Jacob" 2007-09-01 16:53:17.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.626 [GMT 5.5:30]


((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))


2007-09-01 16:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-01 16:36 5,632 --a------ C:\jgmcknj.exe
2007-09-01 16:36 46,878 --a------ C:\msceqkix.exe
2007-09-01 16:36 41,050 --a------ C:\sthgnm.exe
2007-09-01 16:36 20,992 --a------ C:\prbdnb.exe
2007-08-31 21:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Default
2007-08-31 21:14 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-08-31 21:11 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6285.sys
2007-08-31 21:11 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-31 21:07 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2007-08-31 21:07 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2007-08-31 21:07 8,192 --a------ C:\WINDOWS\system32\dllcache\i2omgmt.sys
2007-08-31 21:07 8,192 --a------ C:\WINDOWS\system32\dllcache\changer.sys
2007-08-31 21:07 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2007-08-31 21:07 34,688 --a------ C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2007-08-31 20:51 45,102 --a------ C:\WINDOWS\debgfrfd.exe
2007-08-31 18:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-31 17:40 89,620 --a------ C:\WINDOWS\system32\sktajpbb.exe
2007-08-31 17:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-31 15:11 <DIR> d-------- C:\DOCUME~1\Jacob\.housecall6.6
2007-08-31 14:15 16,368 --a------ C:\DOCUME~1\Jacob\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-08-31 14:12 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-31 14:11 <DIR> d-------- C:\WINDOWS\ShellNew
2007-08-31 13:59 15,360 --a------ C:\lxfvnm.exe
2007-08-31 13:46 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-08-31 13:46 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-08-31 13:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-31 11:47 <DIR> d-------- C:\Temp
2007-08-31 11:31 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-31 11:18 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-31 11:13 <DIR> d-------- C:\Program Files\Nero
2007-08-31 11:13 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-31 11:02 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-31 11:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-31 11:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-31 10:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-31 10:40 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-31 10:39 <DIR> d-------- C:\Program Files\MSBuild
2007-08-31 10:36 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-31 10:36 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-31 10:35 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-31 10:35 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-31 10:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-31 10:13 <DIR> d--hs---- C:\DOCUME~1\Jacob\UserData
2007-08-31 10:08 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-31 10:07 <DIR> d-------- C:\ATI
2007-08-31 09:58 <DIR> d--hs---- C:\Recycled
2007-08-31 09:44 <DIR> d-------- C:\WINDOWS\pss
2007-08-31 09:35 <DIR> d-------- C:\WINDOWS\A4W_DATA
2007-08-31 09:34 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-31 09:34 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-08-31 09:33 94,208 -ra------ C:\WINDOWS\system32\D064UUD.DLL
2007-08-31 09:33 323,644 -ra------ C:\WINDOWS\system32\UCS32P.DLL
2007-08-31 09:33 28,728 -ra------ C:\WINDOWS\system32\D064UCPL.DLL
2007-08-31 09:33 196,608 -ra------ C:\WINDOWS\system32\D064UFW.DLL
2007-08-31 09:33 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-31 09:33 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-31 09:33 <DIR> d-------- C:\DOCUME~1\Jacob\WINDOWS
2007-08-31 09:27 131,072 -ra------ C:\WINDOWS\system32\Epcmlib.dll
2007-08-31 09:27 <DIR> d-------- C:\WINDOWS\EPSON CardMonitor Essential
2007-08-31 09:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-08-31 09:26 98,304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2007-08-31 09:26 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2007-08-31 09:26 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-08-31 09:26 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-08-31 09:26 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-08-31 09:26 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-31 09:26 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-31 09:26 <DIR> d-------- C:\WINDOWS\EPSON PhotoStarter Essential
2007-08-31 09:25 <DIR> d-------- C:\Program Files\EPSON
2007-08-31 09:22 74,752 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-08-31 09:22 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-08-31 09:19 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-31 09:18 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-08-31 09:18 <DIR> d-------- C:\Program Files\Realtek
2007-08-31 09:17 532,480 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-08-31 09:17 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-08-31 09:17 136,650 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-08-31 09:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-08-31 09:13 <DIR> d-------- C:\TempEI4
2007-08-31 09:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-31 09:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-08-31 09:05 43,520 --a------ C:\WINDOWS\system32\dllcache\admwprox.dll
2007-08-31 09:05 290,816 --a------ C:\WINDOWS\system32\dllcache\adsiis51.dll
2007-08-31 09:05 20,540 --a------ C:\WINDOWS\system32\dllcache\author.dll
2007-08-31 09:05 20,540 --a------ C:\WINDOWS\system32\dllcache\admin.dll
2007-08-31 09:05 188,480 --a------ C:\WINDOWS\system32\dllcache\cfgwiz.exe
2007-08-31 09:05 16,439 --a------ C:\WINDOWS\system32\dllcache\author.exe
2007-08-31 09:05 16,439 --a------ C:\WINDOWS\system32\dllcache\admin.exe
2007-08-31 09:05 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-08-31 09:05 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-08-31 09:04 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-08-31 08:55 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-31 08:55 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-08-31 08:55 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-08-31 08:52 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-31 08:52 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-08-31 08:52 <DIR> d-------- C:\WINDOWS\system32\CatRoot


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 12:30 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-14 00:54 984576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-07-13 05:01 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 20:05 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 20:05 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 20:04 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 20:04 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 20:04 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 20:04 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 20:04 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 20:04 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 20:04 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 20:04 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 20:04 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 20:04 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 20:04 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 20:04 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 20:04 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 20:04 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 20:04 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 20:04 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 20:04 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 20:04 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 13:57 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 13:57 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 13:57 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 12:30 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 11:38 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 11:38 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 19:01 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 19:01 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:53 89600 -r-hs---- C:\WINDOWS\system32\secrochg.exe
2007-06-13 15:53 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:53 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C9FE1F8-746F-4FF9-9D0B-60E6054D1003}]
C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [2004-01-13 23:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-31 21:05]
"DAEMON Tools"="f:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 20:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"mandstck"=regbiabt.exe
"rtksw32"=C:\WINDOWS\system32\secrochg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaya]
C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghefc]
hgghefc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^1.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\1.exe
backup=C:\WINDOWS\pss\1.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^2.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2.exe
backup=C:\WINDOWS\pss\2.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^4.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\4.exe
backup=C:\WINDOWS\pss\4.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^4.exe~]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\4.exe~
backup=C:\WINDOWS\pss\4.exe~Common Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adlhidp]
C:\WINDOWS\system32\psncc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lcuise]
C:\WINDOWS\system32\eddesp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mandstck]
regbiabt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nbkarts]
C:\WINDOWS\system32\filsemd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtksw32]
C:\WINDOWS\system32\secrochg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trivisls]
C:\WINDOWS\system32\sdvlibswr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
f:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vtdlpse]
C:\WINDOWS\system32\vmddnst.exe

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys


Contents of the 'Scheduled Tasks' folder
2007-09-01 11:22:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 16:54:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-01 16:54:38
C:\ComboFix-quarantined-files.txt ... 2007-09-01 16:54

--- E O F ---



And my Hijackthis log after Combofix process.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:31 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\internet explorer\iexplore.exe
c:\prbdnb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
F:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.88.231.28/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9C9FE1F8-746F-4FF9-9D0B-60E6054D1003} - C:\WINDOWS\system32\ddaya.dll (file missing)
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [mandstck] regbiabt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [mandstck] regbiabt.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188536973268
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll (file missing)
O20 - Winlogon Notify: hgghefc - hgghefc.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 5282 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 01 September 2007 - 07:14 AM

Disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

Copy and paste ALL the following blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\jgmcknj.exe
C:\lxfvnm.exe
C:\msceqkix.exe
C:\sthgnm.exe
C:\prbdnb.exe
C:\WINDOWS\debgfrfd.exe
C:\WINDOWS\system32\sktajpbb.exe
C:\WINDOWS\system32\secrochg.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C9FE1F8-746F-4FF9-9D0B-60E6054D1003}]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"mandstck"=-
"rtksw32"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaya]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghefc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adlhidp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lcuise]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mandstck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nbkarts]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtksw32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trivisls]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vtdlpse]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

You’re running msconfig in Auto mode which means that you may have selectively unchecked some items in the past from starting up with Windows.
This can be bad if they’re malware, so please re-enable those startup entries by doing the following:
Click on Start>Run,type msconfig and then press Enter.
When the ‘System Configuration Utility’ opens click on the ‘Startup’ tab,make sure all the boxes are checkmarked.
Then press Apply/Ok to exit the utility.
If it asks you to restart your pc,please don’t,it‘s not necessary at this point.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 RookieJerry

RookieJerry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 01 September 2007 - 08:29 AM

ok heres Combofix log


ComboFix 07-08-30.3 - "Jacob" 2007-09-01 18:54:11.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.567 [GMT 5.5:30]
* Created a new restore point

FILE::
C:\jgmcknj.exe
C:\lxfvnm.exe
C:\msceqkix.exe
C:\sthgnm.exe
C:\prbdnb.exe
C:\WINDOWS\debgfrfd.exe
C:\WINDOWS\system32\sktajpbb.exe
C:\WINDOWS\system32\secrochg.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\jgmcknj.exe
C:\msceqkix.exe
C:\prbdnb.exe
C:\sthgnm.exe
C:\Temp\fse
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\f03WtR


((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))


2007-09-01 16:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 21:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Default
2007-08-31 21:14 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-08-31 21:11 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6285.sys
2007-08-31 21:11 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-31 21:07 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2007-08-31 21:07 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2007-08-31 21:07 8,192 --a------ C:\WINDOWS\system32\dllcache\i2omgmt.sys
2007-08-31 21:07 8,192 --a------ C:\WINDOWS\system32\dllcache\changer.sys
2007-08-31 21:07 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2007-08-31 21:07 34,688 --a------ C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2007-08-31 18:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-31 17:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-31 15:11 <DIR> d-------- C:\DOCUME~1\Jacob\.housecall6.6
2007-08-31 14:15 16,368 --a------ C:\DOCUME~1\Jacob\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-08-31 14:12 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-31 14:11 <DIR> d-------- C:\WINDOWS\ShellNew
2007-08-31 13:46 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-08-31 13:46 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-08-31 13:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-31 11:47 <DIR> d-------- C:\Temp
2007-08-31 11:31 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-31 11:18 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-31 11:13 <DIR> d-------- C:\Program Files\Nero
2007-08-31 11:13 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-31 11:02 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-31 11:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-31 11:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-31 10:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-31 10:40 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-31 10:39 <DIR> d-------- C:\Program Files\MSBuild
2007-08-31 10:36 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-31 10:36 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-31 10:35 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-31 10:35 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-31 10:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-31 10:13 <DIR> d--hs---- C:\DOCUME~1\Jacob\UserData
2007-08-31 10:08 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-31 10:07 <DIR> d-------- C:\ATI
2007-08-31 09:58 <DIR> d--hs---- C:\Recycled
2007-08-31 09:44 <DIR> d-------- C:\WINDOWS\pss
2007-08-31 09:35 <DIR> d-------- C:\WINDOWS\A4W_DATA
2007-08-31 09:34 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-31 09:34 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-08-31 09:33 94,208 -ra------ C:\WINDOWS\system32\D064UUD.DLL
2007-08-31 09:33 323,644 -ra------ C:\WINDOWS\system32\UCS32P.DLL
2007-08-31 09:33 28,728 -ra------ C:\WINDOWS\system32\D064UCPL.DLL
2007-08-31 09:33 196,608 -ra------ C:\WINDOWS\system32\D064UFW.DLL
2007-08-31 09:33 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-31 09:33 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-31 09:33 <DIR> d-------- C:\DOCUME~1\Jacob\WINDOWS
2007-08-31 09:27 131,072 -ra------ C:\WINDOWS\system32\Epcmlib.dll
2007-08-31 09:27 <DIR> d-------- C:\WINDOWS\EPSON CardMonitor Essential
2007-08-31 09:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-08-31 09:26 98,304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2007-08-31 09:26 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2007-08-31 09:26 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-08-31 09:26 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-08-31 09:26 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-08-31 09:26 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-31 09:26 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-31 09:26 <DIR> d-------- C:\WINDOWS\EPSON PhotoStarter Essential
2007-08-31 09:25 <DIR> d-------- C:\Program Files\EPSON
2007-08-31 09:22 74,752 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-08-31 09:22 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-08-31 09:19 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-31 09:18 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-08-31 09:18 <DIR> d-------- C:\Program Files\Realtek
2007-08-31 09:17 532,480 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-08-31 09:17 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-08-31 09:17 136,650 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-08-31 09:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-08-31 09:13 <DIR> d-------- C:\TempEI4
2007-08-31 09:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-31 09:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-08-31 09:05 43,520 --a------ C:\WINDOWS\system32\dllcache\admwprox.dll
2007-08-31 09:05 290,816 --a------ C:\WINDOWS\system32\dllcache\adsiis51.dll
2007-08-31 09:05 20,540 --a------ C:\WINDOWS\system32\dllcache\author.dll
2007-08-31 09:05 20,540 --a------ C:\WINDOWS\system32\dllcache\admin.dll
2007-08-31 09:05 188,480 --a------ C:\WINDOWS\system32\dllcache\cfgwiz.exe
2007-08-31 09:05 16,439 --a------ C:\WINDOWS\system32\dllcache\author.exe
2007-08-31 09:05 16,439 --a------ C:\WINDOWS\system32\dllcache\admin.exe
2007-08-31 09:05 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-08-31 09:05 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-08-31 09:04 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-08-31 08:55 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-31 08:55 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-08-31 08:55 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-08-31 08:52 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-31 08:52 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-08-31 08:52 <DIR> d-------- C:\WINDOWS\system32\CatRoot


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 12:30 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-14 00:54 984576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-07-13 05:01 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 20:05 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 20:05 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 20:04 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 20:04 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 20:04 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 20:04 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 20:04 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 20:04 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 20:04 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 20:04 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 20:04 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 20:04 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 20:04 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 20:04 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 20:04 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 20:04 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 20:04 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 20:04 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 20:04 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 20:04 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 13:57 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 13:57 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 13:57 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 12:30 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 11:38 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 11:38 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 19:01 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 19:01 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:53 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:53 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll


((((((((((((((((((((((((((((( snapshot_2007-09-01_165426.00 )))))))))))))))))))))))))))))))))))))))))

----a-w 19,968 2004-08-03 19:37:00 C:\WINDOWS\system32\find.exe
----a-w 37,888 2004-08-03 19:37:00 C:\WINDOWS\system32\findstr.exe

----a-w 9,216 2004-08-03 19:37:00 C:\WINDOWS\system32\find.exe
----a-w 27,136 2004-08-03 19:37:00 C:\WINDOWS\system32\findstr.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [2004-01-13 23:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-31 21:05]
"vtdlpse"="C:\WINDOWS\system32\vmddnst.exe" []
"TrojanScanner"="f:\Program Files\Trojan Remover\Trjscan.exe" []
"trivisls"="C:\WINDOWS\system32\sdvlibswr.exe" []
"rtksw32"="C:\WINDOWS\system32\secrochg.exe" []
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"nbkarts"="C:\WINDOWS\system32\filsemd.exe" []
"mandstck"="regbiabt.exe" []
"lcuise"="C:\WINDOWS\system32\eddesp.exe" []
"DAEMON Tools"="f:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 20:27]
"adlhidp"="C:\WINDOWS\system32\psncc32.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys


Contents of the 'Scheduled Tasks' folder
2007-09-01 13:23:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 18:54:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-01 18:55:24
C:\ComboFix-quarantined-files.txt ... 2007-09-01 18:55
C:\ComboFix3.txt ... 2007-09-01 16:54
C:\ComboFix2.txt ... 2007-09-01 18:52

--- E O F ---




and Hijackthis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:31 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\4.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
F:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.88.231.28/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [vtdlpse] C:\WINDOWS\system32\vmddnst.exe
O4 - HKLM\..\Run: [TrojanScanner] f:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [trivisls] C:\WINDOWS\system32\sdvlibswr.exe
O4 - HKLM\..\Run: [rtksw32] C:\WINDOWS\system32\secrochg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nbkarts] C:\WINDOWS\system32\filsemd.exe
O4 - HKLM\..\Run: [mandstck] regbiabt.exe
O4 - HKLM\..\Run: [lcuise] C:\WINDOWS\system32\eddesp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "f:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [adlhidp] C:\WINDOWS\system32\psncc32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: 4.exe~
O4 - Global Startup: 4.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188536973268
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 6048 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 01 September 2007 - 10:14 AM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Find and delete:
C:\TempEI4
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\4.exe

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [vtdlpse] C:\WINDOWS\system32\vmddnst.exe
O4 - HKLM\..\Run: [trivisls] C:\WINDOWS\system32\sdvlibswr.exe
O4 - HKLM\..\Run: [rtksw32] C:\WINDOWS\system32\secrochg.exe
O4 - HKLM\..\Run: [nbkarts] C:\WINDOWS\system32\filsemd.exe
O4 - HKLM\..\Run: [mandstck] regbiabt.exe
O4 - HKLM\..\Run: [adlhidp] C:\WINDOWS\system32\psncc32.exe
O4 - Global Startup: 4.exe~
O4 - Global Startup: 4.exe

Exit Hijackthis.

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log.
Posted Image
Posted Image

#7 RookieJerry

RookieJerry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 01 September 2007 - 02:01 PM

ok. The DrWeb scanning took almost 4 hours to finish.

Here are the contents of DrWeb.csv


avgamsvr.exe;c:\program files\grisoft\avg7;Win32.Virut.5;Cured.;
avgamsvr.exe;c:\program files\grisoft\avg7;Win32.Virut.5;Cured.;
avgcc.exe;c:\program files\grisoft\avg7;Win32.Virut.5;Cured.;
avgemc.exe;c:\program files\grisoft\avg7;Win32.Virut.5;Cured.;
avgupsvc.exe;c:\program files\grisoft\avg7;Win32.Virut.5;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.5;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.5;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.5;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.5;Cured.;
alg.exe;c:\windows\system32;Win32.Virut.5;Cured.;
ip6fw.sys;c:\windows\system32\drivers;Trojan.NtRootKit.319;Deleted.;
imapi.exe;c:\windows\system32;Win32.Virut.5;Cured.;
logonui.exe;c:\windows\system32;Win32.Virut.5;Cured.;
rundll32.exe;c:\windows\system32;Win32.Virut.5;Cured.;
msceqkix.exe;C:\;Trojan.Packed.155;Deleted.;
sthgnm.exe;C:\;Trojan.Packed.155;Deleted.;
prbdnb.exe;C:\;BackDoor.Bulknet.61;Deleted.;
jgmcknj.exe;C:\;Trojan.DownLoader.29468;Deleted.;
regedit.exe;C:\WINDOWS;Win32.Virut.5;Cured.;
hh.exe;C:\WINDOWS;Win32.Virut.5;Cured.;
attrib.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
find.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
utilman.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
wupdmgr.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
cmd.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
findstr.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
magnify.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
magnify.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
narrator.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
osk.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
wscntfy.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
calc.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
calc.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
fltMc.exe;C:\WINDOWS\system32;Win32.Virut.5;Incurable.Moved.;
verclsid.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
verclsid.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
verclsid.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
regbiabt.exe~;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
regbiabt.exe~;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
telnet.exe;C:\WINDOWS\system32;Win32.Virut.5;Cured.;
dl[1].exe\data001;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YJF5HYT\dl[1].exe;Trojan.DownLoader.31840;;
dl[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YJF5HYT;Archive contains infected objects;Moved.;
adv735[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DBRVTL7T;Trojan.DownLoader.31868;Deleted.;
wmiprvse.exe;C:\WINDOWS\system32\wbem;Win32.Virut.5;Cured.;
migwiz.exe;C:\WINDOWS\system32\usmt;Win32.Virut.5;Cured.;
migwiz.exe;C:\WINDOWS\system32\usmt;Win32.Virut.5;Cured.;
agentsvr.exe;C:\WINDOWS\msagent;Win32.Virut.5;Cured.;
VRR1C.tmp\data001;C:\WINDOWS\temp\VRR1C.tmp;Trojan.DownLoader.31840;;
VRR1C.tmp;C:\WINDOWS\temp;Archive contains infected objects;Moved.;
VRR3.tmp\data001;C:\WINDOWS\temp\VRR3.tmp;Trojan.DownLoader.31840;;
VRR3.tmp;C:\WINDOWS\temp;Archive contains infected objects;Moved.;
VRR1.tmp;C:\WINDOWS\temp;Trojan.DownLoader.31868;Deleted.;
VRR2.tmp\data001;C:\WINDOWS\temp\VRR2.tmp;Trojan.DownLoader.31840;;
VRR2.tmp;C:\WINDOWS\temp;Archive contains infected objects;Moved.;
107671.exe;C:\WINDOWS\temp;BackDoor.Bulknet;Deleted.;
VRR5.tmp\data001;C:\WINDOWS\temp\VRR5.tmp;Trojan.DownLoader.31840;;
VRR5.tmp;C:\WINDOWS\temp;Archive contains infected objects;Moved.;
opwicon.exe;C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9};Win32.Virut.5;Cured.;
opwicon.exe;C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9};Win32.Virut.5;Cured.;
73671.exe;C:\Documents and Settings\Jacob\Local Settings\Temp;BackDoor.Bulknet;Deleted.;
310031.exe;C:\Documents and Settings\Jacob\Local Settings\Temp;BackDoor.Bulknet;Deleted.;
NeroScoutOptions.exe;C:\Program Files\Common Files\Ahead\Lib;Win32.Virut.5;Cured.;
NMIndexStoreSvr.exe;C:\Program Files\Common Files\Ahead\Lib;Win32.Virut.5;Cured.;
NMIndexStoreSvr.exe;C:\Program Files\Common Files\Ahead\Lib;Win32.Virut.5;Cured.;
NMIndexStoreSvr.exe;C:\Program Files\Common Files\Ahead\Lib;Win32.Virut.5;Cured.;
NMIndexStoreSvr.exe;C:\Program Files\Common Files\Ahead\Lib;Win32.Virut.5;Cured.;
NMIndexStoreSvr.exe;C:\Program Files\Common Files\Ahead\Lib;Win32.Virut.5;Cured.;
SetupX.exe;C:\Program Files\Common Files\Ahead\Nero Web;Win32.Virut.5;Cured.;
setup_wm.exe;C:\Program Files\Windows Media Player;Win32.Virut.5;Cured.;
iexplore.exe.tmp;C:\Program Files\Internet Explorer;Win32.Virut.5;Incurable.Moved.;
iexplore.exe;C:\Program Files\Internet Explorer;Win32.Virut.5;Cured.;
msimn.exe;C:\Program Files\Outlook Express;Win32.Virut.5;Cured.;
wab.exe;C:\Program Files\Outlook Express;Win32.Virut.5;Cured.;
avgvv.exe;C:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
setup.exe;C:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
setup.exe;C:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
nero.exe;C:\Program Files\Nero\Nero 7\Core;Win32.Virut.5;Cured.;
CoverDes.exe;C:\Program Files\Nero\Nero 7\Nero CoverDesigner;Win32.Virut.5;Cured.;
CDSpeed.exe;C:\Program Files\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
CDSpeed.exe;C:\Program Files\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
CDSpeed.exe;C:\Program Files\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
DriveSpeed.exe;C:\Program Files\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
InfoTool.exe;C:\Program Files\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
A0005665.sys;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.NtRootKit.319;Deleted.;
A0005666.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.DownLoader.29468;Deleted.;
A0005667.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.Packed.155;Deleted.;
A0005668.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.Packed.155;Deleted.;
A0005669.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;BackDoor.Bulknet.61;Deleted.;
A0005670.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.DownLoader.24715;Deleted.;
A0005694.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.StartPage.20448;Deleted.;
A0009853.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009853.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009853.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005747.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005747.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005747.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005753.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005754.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005754.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005757.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005757.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005759.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005760.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005761.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005762.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005763.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005764.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005764.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005764.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005765.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005766.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005768.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005769.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005769.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005769.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005769.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005769.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005770.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;BackDoor.Bulknet.61;Deleted.;
A0005771.sys;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.NtRootKit.319;Deleted.;
A0005772.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005773.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005773.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005773.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005773.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005786.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005787.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005788.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005789.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005790.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005794.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009854.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0005802.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;BackDoor.Bulknet.61;Deleted.;
A0005803.sys;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.NtRootKit.319;Deleted.;
A0009855.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009856.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009856.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009857.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0006815.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0006816.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009858.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009858.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0007815.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;BackDoor.Bulknet.61;Deleted.;
A0007816.sys;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.NtRootKit.319;Deleted.;
A0009859.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009860.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009860.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009860.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009860.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009860.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009825.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009825.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009826.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009827.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009828.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009829.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009829.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009829.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009829.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009830.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009831.sys;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.NtRootKit.319;Deleted.;
A0009832.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009833.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009834.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009835.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.Packed.155;Deleted.;
A0009836.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.Packed.155;Deleted.;
A0009837.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;BackDoor.Bulknet.61;Deleted.;
A0009838.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Trojan.DownLoader.29468;Deleted.;
A0009839.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009840.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009841.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009842.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009843.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009844.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009845.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009846.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009847.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009847.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009848.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009849.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009850.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009851.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009851.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009852.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Incurable.Moved.;
A0009861.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009862.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009863.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009864.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009865.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009866.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009867.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009867.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009868.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009869.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009870.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009870.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009870.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009871.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009872.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0004777.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004777.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004777.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004790.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004797.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004799.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Incurable.Moved.;
A0004800.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004801.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004803.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004803.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004803.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004803.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Win32.Virut.5;Cured.;
A0004805.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP41;Trojan.DownLoader.31847;Deleted.;
A0004817.dll;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Trojan.Virtumod;Deleted.;
A0004824.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004825.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Incurable.Moved.;
A0004867.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP45;Trojan.DownLoader.31847;Deleted.;
A0004904.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP46;Win32.Virut.5;Cured.;
A0005010.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP49;Win32.Virut.5;Incurable.Moved.;
A0005016.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP49;Trojan.DownLoader.31847;Deleted.;
A0005022.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP49;Win32.Virut.5;Incurable.Moved.;
A0005328.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005329.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005053.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005053.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005054.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005059.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005059.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005060.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005061.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005062.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005063.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005064.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005065.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005065.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005066.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005067.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005068.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005068.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005068.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005068.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005068.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005070.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005070.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005070.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005330.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005253.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005253.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005253.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005255.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005259.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005259.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005262.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005262.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005263.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005264.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005265.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005265.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005266.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005268.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005269.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005270.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005270.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005270.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005271.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005272.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005273.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005278.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005290.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005291.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005291.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005291.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005291.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005291.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005331.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005332.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005332.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005332.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005333.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005334.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005335.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005336.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005307.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Trojan.EzulaAd;Deleted.;
A0005315.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005316.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005316.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005316.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005322.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005325.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005325.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005326.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005337.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005338.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005338.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005338.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005338.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005338.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005368.sys;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.NtRootKit.319;Deleted.;
A0005369.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.EzulaAd;Deleted.;
A0005370.dll;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.Virtumod;Deleted.;
A0005371.dll;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.Virtumod;Deleted.;
A0005373.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.DownLoader.24715;Deleted.;
A0005381.DLL;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.Virtumod;Deleted.;
A0005382.DLL;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.Virtumod;Deleted.;
A0005390.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Win32.Virut.5;Cured.;
A0005410.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.StartPage.20448;Deleted.;
A0005483.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;BackDoor.Bulknet.61;Deleted.;
A0005496.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;BackDoor.Bulknet.61;Deleted.;
A0005497.sys;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP52;Trojan.NtRootKit.319;Deleted.;
A0005525.sys;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Trojan.NtRootKit.319;Deleted.;
A0005526.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Trojan.DownLoader.29468;Deleted.;
A0005527.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Trojan.DownLoader.31847;Deleted.;
A0005528.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Trojan.Packed.155;Deleted.;
A0005529.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Trojan.Sklog;Deleted.;
A0005530.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;BackDoor.Bulknet.61;Deleted.;
A0005532.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Win32.Virut.5;Cured.;
A0005532.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Trojan.EzulaAd;Deleted.;
A0005533.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Win32.Virut.5;Cured.;
A0005533.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Win32.Virut.5;Cured.;
A0005534.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Trojan.DownLoader.24715;Deleted.;
A0005545.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Win32.Virut.5;Cured.;
A0005551.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Win32.Virut.5;Cured.;
A0005552.EXE;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Win32.Virut.5;Cured.;
A0005581.exe;C:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP53;Trojan.StartPage.20448;Deleted.;
lxfvnm.exe.vir;C:\qoobox\Quarantine\C;Trojan.DownLoader.31847;Deleted.;
jgmcknj.exe.vir;C:\qoobox\Quarantine\C;Trojan.DownLoader.29468;Deleted.;
msceqkix.exe.vir;C:\qoobox\Quarantine\C;Trojan.Packed.155;Deleted.;
sthgnm.exe.vir;C:\qoobox\Quarantine\C;Trojan.Packed.155;Deleted.;
prbdnb.exe.vir;C:\qoobox\Quarantine\C;BackDoor.Bulknet.61;Deleted.;
kldnweys.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
mljgd.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
vtstq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
hgghefc.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
ddaya.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
sktajpbb.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.5;Cured.;
sktajpbb.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
secrochg.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.5;Cured.;
secrochg.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.5;Cured.;
ip6fw.sys.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.319;Deleted.;
remove.exe;D:\Program Files\Universal Document Converter;Win32.Virut.5;Cured.;
getstart.exe;D:\Program Files\Universal Document Converter;Win32.Virut.5;Cured.;
avgamsvr.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgrssvc.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgrssvc.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgcc.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgcc.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgemc.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgemc.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avginet.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgscan.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgupdln.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgvv.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgvv.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgw.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgw.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
avgupsvc.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
setup.exe;D:\Program Files\Grisoft\AVG7;Win32.Virut.5;Cured.;
FPXPRESS.EXE;D:\Frontpage\FPX\BIN;Win32.Virut.5;Cured.;
VTIHOME.EXE;D:\Frontpage\FPX\PAGES\VTIHOME.WIZ;Win32.Virut.5;Cured.;
VTIFORM.EXE;D:\Frontpage\FPX\PAGES\VTIFORM.WIZ;Win32.Virut.5;Cured.;
keygen.exe;D:\SOFTWARES;Win32.Virut.5;Cured.;
keygen.exe;D:\SOFTWARES;Win32.Virut.5;Cured.;
KillBox.exe;D:\SOFTWARES;Win32.Virut.5;Cured.;
KillBox.exe;D:\SOFTWARES;Win32.Virut.5;Cured.;
WinRar3.11_crack_by_Nidhi.exe;D:\SOFTWARES\WinRAR 3.11\WinRar3.11_crack_by_Nidhi;Win32.Virut.5;Cured.;
CheckClientInstance.exe;D:\SOFTWARES\Asianet\eLitecore\Cyberoam Client for 24Online;Win32.Virut.5;Cured.;
CyberoamClient.exe;D:\SOFTWARES\Asianet\eLitecore\Cyberoam Client for 24Online;Win32.Virut.5;Cured.;
MakeRegistryEntries.exe;D:\SOFTWARES\Asianet\eLitecore\Cyberoam Client for 24Online;Win32.Virut.5;Cured.;
restart2k.exe;D:\SOFTWARES\Asianet\eLitecore\Cyberoam Client for 24Online;Win32.Virut.5;Cured.;
restart2k.exe;D:\SOFTWARES\Asianet\eLitecore\Cyberoam Client for 24Online;Win32.Virut.5;Cured.;
restart9x.exe;D:\SOFTWARES\Asianet\eLitecore\Cyberoam Client for 24Online;Win32.Virut.5;Cured.;
RestartMessage.exe;D:\SOFTWARES\Asianet\eLitecore\Cyberoam Client for 24Online;Win32.Virut.5;Cured.;
dumphive.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
GenericRenosFix.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
GenericRenosFix.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
HostsChk.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
HostsChk.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
Process.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
Process.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
Process.exe;D:\SOFTWARES\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
Reboot.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
Reboot.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
restart.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
restart.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
SmiUpdate.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
swreg.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
swsc.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
swxcacls.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
unzip.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
unzip.exe;D:\SOFTWARES\SmitfraudFix;Win32.Virut.5;Cured.;
avg.as.7.5.0.50-crack.exe;D:\SOFTWARES\avg antispy;Win32.Virut.5;Cured.;
avg.as.7.5.0.50-crack.exe;D:\SOFTWARES\avg antispy;Win32.Virut.5;Cured.;
keygen.exe;D:\SOFTWARES\xillisoft 3gp converter\keygen;Win32.Virut.5;Cured.;
keygen.exe;D:\SOFTWARES\xillisoft 3gp converter\keygen;Win32.Virut.5;Cured.;
PDFBrand.exe;D:\K.K.Jacob\JB's Net;Win32.Virut.5;Cured.;
PDFBrand.exe;D:\K.K.Jacob\JB's Net;Win32.Virut.5;Cured.;
Updater.exe;D:\K.K.Jacob\JB's Net\AGLOCO\AGLOCO Viewbar;Win32.Virut.5;Cured.;
Updater.exe;D:\K.K.Jacob\JB's Net\AGLOCO\AGLOCO Viewbar;Win32.Virut.5;Cured.;
ViewBar.exe;D:\K.K.Jacob\JB's Net\AGLOCO\AGLOCO Viewbar;Win32.Virut.5;Cured.;
XCrashReport.exe;D:\K.K.Jacob\JB's Net\AGLOCO\AGLOCO Viewbar;Win32.Virut.5;Cured.;
PDFBrand 2.exe;D:\K.K.Jacob\JB's Net\Ad Wrds Signed;Win32.Virut.5;Cured.;
adwords_editor.exe;D:\K.K.Jacob\JB's Net\AW editor;Win32.Virut.5;Cured.;
adwords_editor.exe;D:\K.K.Jacob\JB's Net\AW editor;Win32.Virut.5;Cured.;
mangle.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
xpt_dump.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
xpcshell.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
xpcshell.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
regxpcom.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
regxpcom.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
xpt_link.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
xpidl.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
shlibsign.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
xulrunner.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
xulrunner.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
xpicleanup.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
updater.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
updater.exe;D:\K.K.Jacob\JB's Net\AW editor\xulrunner;Win32.Virut.5;Cured.;
PDFBrand.exe;D:\K.K.Jacob\JB's Net\Win Rar & pdf;Win32.Virut.5;Cured.;
PDFBrand.exe;D:\K.K.Jacob\JB's Net\Win Rar & pdf;Win32.Virut.5;Cured.;
Setup_EnSharpen_Decoder.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
Setup_EnSharpen_Decoder.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
Recovery.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamtasiaStudio.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamTheater.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamTheater.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamAudioEditor.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamDiag.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamDiag.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamMenuMaker.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamMenuMaker.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamMenuPlayer.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamMenuPlayer.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamPlay.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamPlay.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
CamRecorder.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\CAMTASIA installed;Win32.Virut.5;Cured.;
TscHelp.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamMenuPlayer.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamMenuPlayer.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamDiag.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamDiag.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
Setup_EnSharpen_Decoder.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamMenuMaker.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamtasiaStudio.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamtasiaStudio.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamTheater.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamTheater.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamRecorder.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamRecorder.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamAudioEditor.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamPlay.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamPlay.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Camtasia Installer Package;Win32.Virut.5;Cured.;
TextAloudMP3.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
pdftotext.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
TAForIEBroker.exe;D:\K.K.Jacob\JB's Net\OLD FOLDER\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
fifa2005.exe;E:\fifa crck img\Crack-05;Win32.Virut.5;Cured.;
fifa07.exe;E:\fifa crck img\Crack-07;Win32.Virut.5;Cured.;
gfxpak.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches;Win32.Virut.5;Cured.;
gfxpak.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches;Win32.Virut.5;Cured.;
gfxpak.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches;Win32.Virut.5;Cured.;
wimpditt.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches;Win32.Virut.5;Cured.;
wimpditt.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches;Win32.Virut.5;Cured.;
Ballselector.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches\Ball Selector;Win32.Virut.5;Cured.;
Ballselector.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches\Ball Selector;Win32.Virut.5;Cured.;
Ballselector.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches\Ball Selector;Win32.Virut.5;Cured.;
gfxpak.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches\Ball Selector;Win32.Virut.5;Cured.;
gfxpak.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Jerry\EA SPORTS\patches\Ball Selector;Win32.Virut.5;Cured.;
Download_trial_setup_010206.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\S.J. worksite\Lakeshore Hospital , Ernakulam,location_files;Win32.Virut.5;Cured.;
SwishMax.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Swish;Win32.Virut.5;Cured.;
SwishMax.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Swish;Win32.Virut.5;Cured.;
SwishMax.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Swish;Win32.Virut.5;Cured.;
SWiSHpla.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Swish;Win32.Virut.5;Cured.;
SWiSHpla.exe;E:\JITHIN\URGENT BAKUP 2-7-0006JKJ & KKJ\Swish;Win32.Virut.5;Cured.;
PDFBrand.exe;E:\KKjacob\JB's Net;Win32.Virut.5;Cured.;
PDFBrand.exe;E:\KKjacob\JB's Net;Win32.Virut.5;Cured.;
CamAudioEditor.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamDiag.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamMenuMaker.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamMenuMaker.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamMenuMaker.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamMenuPlayer.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamPlay.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamRecorder.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamRecorder.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamRecorder.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamtasiaStudio.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamtasiaStudio.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamtasiaStudio.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamTheater.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
Recovery.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
Recovery.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
Recovery.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
Setup_EnSharpen_Decoder.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
TscHelp.exe;E:\KKjacob\JB's Net\CAMTASIA installed;Win32.Virut.5;Cured.;
CamAudioEditor.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamAudioEditor.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamDiag.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamMenuMaker.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamMenuMaker.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamMenuPlayer.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamMenuPlayer.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamPlay.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamPlay.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamRecorder.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamRecorder.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamRecorder.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamtasiaStudio.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamTheater.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamTheater.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
CamTheater.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
Recovery.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
Setup_EnSharpen_Decoder.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
Setup_EnSharpen_Decoder.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
TscHelp.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
TscHelp.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
TscHelp.exe;E:\KKjacob\JB's Net\Camtasia Installer Package;Win32.Virut.5;Cured.;
PDFBrand.exe;E:\KKjacob\JB's Net\PDFs;Win32.Virut.5;Cured.;
PDFBrand.exe;E:\KKjacob\JB's Net\PDFs;Win32.Virut.5;Cured.;
AppCloserProject.exe;E:\KKjacob\JB's Net\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
AppCloserProject.exe;E:\KKjacob\JB's Net\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
pdftotext.exe;E:\KKjacob\JB's Net\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
pdftotext.exe;E:\KKjacob\JB's Net\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
TAForIEBroker.exe;E:\KKjacob\JB's Net\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
TAForIEBroker.exe;E:\KKjacob\JB's Net\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
TextAloudMP3.exe;E:\KKjacob\JB's Net\Text Aloud\Text aloud installed\TextAloud;Win32.Virut.5;Cured.;
Frogpult.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
Frogpult.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
Frogpult.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
Full_Felix2.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
Full_Felix2.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
GSUMMER.EXE;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
OPERABUSHAEROBICS.EXE;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
Pink Panther.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
Pink Panther.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
Pink Panther.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
rockies_sunset.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
SnowboarderXSDemo.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
SnowboarderXSDemo.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
SnowboarderXSDemo.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
STRESS1.EXE;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
STRESS1.EXE;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
STRESS1.EXE;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Joke.Puncher;Incurable.Moved.;
TOYSEL32.EXE;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
vertigolfDemo.exe;E:\KKjacob\Sathyabama\Placement\aptitude questions\Gmzz;Win32.Virut.5;Cured.;
A0009951.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009952.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009953.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009953.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009953.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009954.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009954.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009955.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009955.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009955.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009956.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009956.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009957.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009958.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009958.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009958.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009959.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009959.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009960.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009960.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009961.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009962.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009963.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009963.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009963.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009964.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009965.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009966.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009966.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009966.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009967.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009967.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009967.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009968.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009969.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009969.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009969.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009970.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009971.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009972.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009972.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009973.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009974.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009974.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009975.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009975.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009976.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009976.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009977.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009977.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009977.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009978.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009979.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009979.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009979.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009980.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009981.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009981.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009982.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009982.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009982.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009983.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009983.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009984.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009984.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009985.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009985.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009986.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009986.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009987.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009988.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009988.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009988.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009989.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009989.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009990.EXE;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009991.EXE;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009992.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009992.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009992.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009993.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009994.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009994.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009994.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009995.EXE;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009995.EXE;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009995.EXE;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Joke.Puncher;Incurable.Moved.;
A0009996.EXE;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
A0009997.exe;E:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
fifa05nocd.exe;E:\ZIP-FIFA;Win32.Virut.5;Cured.;
fifa05nocd.exe;E:\ZIP-FIFA;Win32.Virut.5;Cured.;
A0004810.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004811.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004811.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004811.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004811.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004811.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004812.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004812.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004812.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004813.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004813.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0004815.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP42;Win32.Virut.5;Cured.;
A0005046.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005074.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005074.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005075.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005075.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005089.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005090.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005091.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005091.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005123.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005123.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005317.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP50;Win32.Virut.5;Cured.;
A0005748.exe;F:\System Volume Information\_restore{DF835465-9E0E-472F-9A09-91BF6620CF95}\RP54;Win32.Virut.5;Cured.;
WinRAR.exe;F:\Program Files\WinRAR;Win32.Virut.5;Cured.;
RarExtLoader.exe;F:\Program Files\WinRAR;Win32.Virut.5;Cured.;
RarExtLoader.exe;F:\Program Files\WinRAR;Win32.Virut.5;Cured.;
RarExtLoader.exe;F:\Program Files\WinRAR;Win32.Virut.5;Cured.;
Patch.exe;F:\Program Files\WinRAR;Win32.Virut.5;Cured.;
Patch.exe;F:\Program Files\WinRAR;Win32.Virut.5;Cured.;
Patch.exe;F:\Program Files\WinRAR;Win32.Virut.5;Cured.;
WinRar3.11_crack_by_Nidhi.exe;F:\Program Files\WinRAR;Win32.Virut.5;Cured.;
UNWISE.EXE;F:\Program Files\Yahoo!\Messenger;Win32.Virut.5;Cured.;
firefox.exe;F:\Program Files\Mozilla Firefox;Win32.Virut.5;Cured.;
firefox.exe;F:\Program Files\Mozilla Firefox;Win32.Virut.5;Cured.;
updater.exe;F:\Program Files\Mozilla Firefox;Win32.Virut.5;Cured.;
xpicleanup.exe;F:\Program Files\Mozilla Firefox;Win32.Virut.5;Cured.;
talkback.exe;F:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components;Win32.Virut.5;Cured.;
daemon.exe;F:\Program Files\D-Tools;Win32.Virut.5;Cured.;
Photoshop.exe;F:\Program Files\Adobe\Photoshop 7.0;Win32.Virut.5;Cured.;
ImageReady.exe;F:\Program Files\Adobe\Photoshop 7.0;Win32.Virut.5;Cured.;
Droplet Template.exe;F:\Program Files\Adobe\Photoshop 7.0\Required;Win32.Virut.5;Cured.;
Constrain 350, Make JPG 30.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Constrain 350, Make JPG 30.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Constrain to 200x200 pixels.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Constrain to 200x200 pixels.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Constrain to 64X64 pixels.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Constrain to 64X64 pixels.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Make Button.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Make GIF (128 colors).exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Make GIF (32, no dither).exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Make GIF (64 colors).exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Make GIF (64 colors).exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Make JPEG (quality 10).exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Make JPEG (quality 60).exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Multi-Size Save.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Multi-Size Save.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Unsharp Mask.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
Unsharp Mask.exe;F:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets;Win32.Virut.5;Cured.;
mplayerc.exe;F:\Program Files\Combined Community Codec Pack\MPC;Win32.Virut.5;Cured.;
DefaultSettings.exe;F:\Program Files\Combined Community Codec Pack\Zoomplayer;Win32.Virut.5;Cured.;
zplayer.exe;F:\Program Files\Combined Community Codec Pack\Zoomplayer;Win32.Virut.5;Cured.;
QTInfo.exe;F:\Program Files\QuickTime;Win32.Virut.5;Cured.;
QTInfo.exe;F:\Program Files\QuickTime;Win32.Virut.5;Cured.;
PictureViewer.exe;F:\Program Files\QuickTime;Win32.Virut.5;Cured.;
PictureViewer.exe;F:\Program Files\QuickTime;Win32.Virut.5;Cured.;
qttask.exe;F:\Program Files\QuickTime;Win32.Virut.5;Cured.;
QuickTimeUpdateHelper.exe;F:\Program Files\QuickTime\QTSystem;Win32.Virut.5;Cured.;
QuickTimeUpdateHelper.exe;F:\Program Files\QuickTime\QTSystem;Win32.Virut.5;Cured.;
ExportController.exe;F:\Program Files\QuickTime\QTSystem;Win32.Virut.5;Cured.;
Simpsons.exe;F:\the Simpson- Hit n Run;Win32.Virut.5;Cured.;
pztrain.exe;F:\the Simpson- Hit n Run;Win32.Virut.5;Cured.;
eauninstall.exe;F:\Need for Speed Most Wanted;Win32.Virut.5;Cured.;
speed.exe;F:\Need for Speed Most Wanted;Win32.Virut.5;Cured.;
shell_inst.exe;F:\Need for Speed Most Wanted;Win32.Virut.5;Cured.;
shell_inst.exe;F:\Need for Speed Most Wanted;Win32.Virut.5;Cured.;
safemode_inst.exe;F:\Need for Speed Most Wanted;Win32.Virut.5;Cured.;
EReg.exe;F:\Need for Speed Most Wanted\Support;Win32.Virut.5;Cured.;
EReg.exe;F:\Need for Speed Most Wanted\Support;Win32.Virut.5;Cured.;
EasyInfo.exe;F:\Need for Speed Most Wanted\Support;Win32.Virut.5;Cured.;
EasyInfo.exe;F:\Need for Speed Most Wanted\Support;Win32.Virut.5;Cured.;
Need for Speed Most Wanted_code.exe;F:\Need for Speed Most Wanted\Support;Win32.Virut.5;Cured.;
Need for Speed Most Wanted_uninst.exe;F:\Need for Speed Most Wanted\Support;Win32.Virut.5;Cured.;
setup.exe;F:\Need for Speed Most Wanted\NFSMW_Mega Trainer;Win32.Virut.5;Cured.;
setup.exe;F:\Need for Speed Most Wanted\NFSMW_Shopspezial\ShopSpezial1;Win32.Virut.5;Cured.;
SaveEditor.exe;F:\Need for Speed Most Wanted\NFSMW_Shopspezial\NFS Most Wanted - Save Editor;Win32.Virut.5;Cured.;
RegClean.exe;F:\Temp;Win32.Virut.5;Cured.;
RegClean.exe;F:\Temp;Win32.Virut.5;Cured.;
RegClean.exe;F:\Temp;Win32.Virut.5;Cured.;
Youtube Grabber.exe;F:\YoutubeGrabber;Win32.Virut.5;Cured.;
NeroStartSmart.exe;F:\Nero\Nero 7\Nero StartSmart;Win32.Virut.5;Cured.;
nero.exe;F:\Nero\Nero 7\Core;Win32.Virut.5;Cured.;
nero.exe;F:\Nero\Nero 7\Core;Win32.Virut.5;Cured.;
NeroCmd.exe;F:\Nero\Nero 7\Core;Win32.Virut.5;Cured.;
CoverDes.exe;F:\Nero\Nero 7\Nero CoverDesigner;Win32.Virut.5;Cured.;
CoverDes.exe;F:\Nero\Nero 7\Nero CoverDesigner;Win32.Virut.5;Cured.;
UNNERO.exe;F:\Nero\Nero 7\Nero\Uninstall;Win32.Virut.5;Cured.;
UNNERO.exe;F:\Nero\Nero 7\Nero\Uninstall;Win32.Virut.5;Cured.;
DXEnum.exe;F:\Nero\Nero 7\Nero WaveEditor;Win32.Virut.5;Cured.;
waveedit.exe;F:\Nero\Nero 7\Nero WaveEditor;Win32.Virut.5;Cured.;
waveedit.exe;F:\Nero\Nero 7\Nero WaveEditor;Win32.Virut.5;Cured.;
SoundTrax.exe;F:\Nero\Nero 7\Nero SoundTrax;Win32.Virut.5;Cured.;
NeroBurnRights.exe;F:\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
CDSpeed.exe;F:\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
CDSpeed.exe;F:\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
InfoTool.exe;F:\Nero\Nero 7\Nero Toolkit;Win32.Virut.5;Cured.;
ImageDrive.exe;F:\Nero\Nero 7\Nero ImageDrive;Win32.Virut.5;Cured.;









And HijackThis.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:10 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\devldr32.exe
F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
F:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.88.231.28/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] f:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lcuise] C:\WINDOWS\system32\eddesp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "f:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188536973268
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS4\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 5670 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 01 September 2007 - 02:24 PM

Make sure Windows Defender's real-time protection is still disabled,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

Download and install CCleaner:
http://www.ccleaner.com/download/builds/downloading-slim

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
*Note*
Do not use the Issues block to clean anything with this program.
It is for experts only and it is risky.

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked.
In the Advanced section,have a check only on Old PreFetch Data.

Click on the Options block on the left.
Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan.
Click on the Cleaner block on the left.
Choose the Windows tab.
Click the Run Cleaner button.
This process could take a while.
When CCleaner shows how much has been removed,cleaning is finished.


Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [lcuise] C:\WINDOWS\system32\eddesp.exe


Restart your pc.
Post a new Hijackthis log.
Let me know how your pc is running now.
Posted Image
Posted Image

#9 RookieJerry

RookieJerry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 01 September 2007 - 10:49 PM

Thanks a million. Now all the popups and error messages stoped. But now when i try to open Task Manger it shows that
" Task Manager has been disabled by your administrator." But my account is an administrator acount.

And also at the startup of the desktop an "AVG Antivirus System" Dialog box appears.
It shows " Application cannot run due to an error while verifying its electronic certificate. "

Other these problems i think everything is back to normal.Could you also suggest some essential firewall , anitivirus and other programs for protectin my PC. thank you.




Heres the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:32 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.88.231.28/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] f:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "f:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188536973268
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS4\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 5431 bytes

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 02 September 2007 - 06:00 AM

" Task Manager has been disabled by your administrator." But my account is an administrator acount.

Task Manager has been disabled by your administrator:
http://windowsxp.mvps.org/Taskmanager_error.htm

Do you know/recognise the IP or Domain 218.248.255.145 / 61.1.96.70
If you're not sure check with your ISP.

This is the info i have found:
Bharat Sanchar Nigam Limited
8th Floor,148-B Statesman House
Barakhamba Road, New Delhi

And also at the startup of the desktop an "AVG Antivirus System" Dialog box appears.
It shows " Application cannot run due to an error while verifying its electronic certificate. "

Download AVG7 Free Edition Antivirus from here:
http://free.grisoft.com/doc/2/

Disconnect from the internet.
Click on Start/Control Panel/Add or Remove Programs and remove/uninstall AVG7 Antivirus,then reboot.
Now reinstall the program.

Post a new Hijackthis log.
Posted Image
Posted Image

#11 RookieJerry

RookieJerry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 02 September 2007 - 06:38 AM

OK. The steps you provided resolved all my errors and viruses. Thank you.

The IP waz given by my ISP - BSNL .

I would really appreciate it , if you could suggest the recomended firewall and antivirus applications for my PC.


HijackThis Log after all errors.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:33 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
f:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
f:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
f:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.88.231.28/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] f:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] f:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] f:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] f:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] f:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] f:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188536973268
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O17 - HKLM\System\CS4\Services\Tcpip\..\{1F585252-DB27-41B0-8478-EA18E7F383B3}: NameServer = 218.248.255.145,61.1.96.70
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - f:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - f:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - f:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 5653 bytes

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 02 September 2007 - 08:03 AM

I would really appreciate it , if you could suggest the recomended firewall and antivirus applications for my PC.

With you having Service Pack 2 installed i'm presuming you're using the Windows Firewall.
If you're not using Windows Firewall,or you require a more robust third party firewall then download\install one of the following freeware choices:

Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

You may want to read the following.
Understanding and Using Firewalls:
http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

As for antivirus applications,in my opinion you already have the best freeware program installed in AVG7.

If you want one of the best antivirus programs out there [not free],try the 30 free trial version of Kaspersky Anti-Virus 7.0
.
If you want to go the whole hog try the 30 day free trial version of Kaspersky Internet Security 7.0,they're both available from the link below:
http://www.kaspersky.com/trials


Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\Qoobox
C:\Documents and Settings\userprofile\DoctorWeb\Quarantine<=Delete everything inside this folder,then empty the Recycle Bin if necessary.

Enable Windows Defender's real-time protection.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users