Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan and Rogue software on my PC


  • This topic is locked This topic is locked
13 replies to this topic

#1 gotuf33nin

gotuf33nin

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 12 February 2009 - 09:40 PM

I have run SUPERAnti-Spyware multiple times attempting to update the definitions but for some reason it won't let me. On top of that, I've tried to scan and remove the threats in safe mode but every time I get to the quarantine process SAS freezes on me. Ad-aware and AVG won't update either. I downloaded Malwarebytes Anti-Malware and it gave me run-time errors, so it won't even open the program. I think the only program i've been able is ATF-Cleaner. Please help me with this, here goes a log from DDS and the attachment. Thank you in advance



DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 21:29:12.42 on Thu 02/12/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.122 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mWinlogon: System=kdtvy.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\user\iwckkuk.exe \s
EB: SpeedRunner Bar: {cafb2180-ba09-11dc-95ff-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [services] c:\windows\services.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [c:\windows\system32\kdtvy.exe] c:\windows\system32\kdtvy.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [services] c:\windows\services.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [tjbqoizj.exe] c:\windows\tjbqoizj.exe
dRun: [lfwartah.exe] c:\windows\lfwartah.exe
dRun: [services] c:\windows\services.exe
dRun: [phnwfqzq.exe] c:\windows\phnwfqzq.exe
uExplorerRun: [services] c:\windows\services.exe
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?AuthParam=1224873474_e2b63219bf774a0c6616b986c9

7bf457&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab&File=jinstall-6u10-

windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
TCP: {93102C86-0C78-44A1-B9F2-B55843AC81A3} = 85.255.112.113;85.255.112.73
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: hgGvtsts - hgGvtsts.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
STS: {C5BF49A2-94F3-42BD-F434-3604812C8955} - No File
SEH: {a63e645f-13bd-45ed-b15f-6e8c1bd57279} - c:\windows\system32\HGGVTSTS.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJdeBqo

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-5 64160]
R0 nbqruocx;nbqruocx;c:\windows\system32\drivers\nbqruocx.sys [2009-2-6 33920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-10 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-10 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-10 107272]
R1 nfr.sys;nfr.sys;c:\windows\system32\drivers\nfr.sys [2009-2-3 11392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-10 231704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S1 ethoigwl;ethoigwl;c:\windows\system32\drivers\ethoigwl.sys [2009-2-11 136992]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-10 875288]
S2 Logical Disk Manager (NDIS);Logical Disk Manager (NDIS);c:\program files\system\smss.exe --> c:\program

files\system\smss.exe [?]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 80896]

=============== Created Last 30 ================

2009-02-12 15:02 74 a------- c:\windows\file.bat
2009-02-11 23:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-11 23:50 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-11 23:50 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-02-11 23:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-11 22:39 24,577 a------- c:\windows\system32\1A.tmp
2009-02-11 22:38 0 a------- c:\windows\system32\19.tmp
2009-02-11 22:38 128 a------- c:\windows\system32\18.tmp
2009-02-11 22:36 3,584 a------- c:\windows\phnwfqzq.exe
2009-02-11 22:36 24,577 a------- c:\windows\system32\16.tmp
2009-02-11 22:36 110,080 -------- c:\windows\system32\17.tmp
2009-02-11 22:33 163,364 a------- c:\windows\system32\15.tmp
2009-02-11 22:33 128 a------- c:\windows\system32\14.tmp
2009-02-11 19:30 31,744 a---h--- c:\documents and settings\user\iwckkuk.exe
2009-02-11 19:30 41,473 a------- c:\windows\services.exe
2009-02-11 19:30 164,708 a------- c:\windows\system32\13.tmp
2009-02-11 19:30 128 a------- c:\windows\system32\12.tmp
2009-02-11 19:10 110,080 -------- c:\windows\system32\11.tmp
2009-02-11 19:10 24,577 a------- c:\windows\system32\10.tmp
2009-02-11 19:07 164,708 a------- c:\windows\system32\F.tmp
2009-02-11 19:07 128 a------- c:\windows\system32\E.tmp
2009-02-11 18:35 136,992 a------- c:\windows\system32\drivers\ethoigwl.sys
2009-02-11 18:32 163,652 a------- c:\windows\system32\D.tmp
2009-02-11 18:32 128 a------- c:\windows\system32\C.tmp
2009-02-11 18:08 <DIR> --d----- c:\program files\AVGUPD
2009-02-10 19:11 162,816 a------- c:\windows\system32\B.tmp
2009-02-10 19:10 88 a------- c:\windows\system32\A.tmp
2009-02-10 15:49 162,816 a------- c:\windows\system32\8.tmp
2009-02-10 15:49 88 a------- c:\windows\system32\7.tmp
2009-02-10 15:22 614,400 -------- c:\windows\system32\ati2sgag.exe
2009-02-10 15:21 <DIR> --d----- c:\program files\ATI Technologies
2009-02-10 15:20 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-10 14:55 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-10 14:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-10 14:55 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-10 14:55 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-10 14:55 <DIR> --d----- c:\program files\AVG
2009-02-10 14:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-10 14:02 <DIR> --d----- c:\program files\Trend Micro
2009-02-10 14:00 163,652 a------- c:\windows\system32\9.tmp
2009-02-10 14:00 128 a------- c:\windows\system32\3.tmp
2009-02-09 17:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-02-08 22:29 10 a------- c:\windows\WININIT.INI
2009-02-08 13:53 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-08 04:04 0 a------- c:\windows\system32\6.tmp
2009-02-08 04:03 0 a------- c:\windows\system32\5.tmp
2009-02-08 04:03 0 a------- c:\windows\system32\4.tmp
2009-02-08 04:03 172 a------- c:\windows\system32\2.tmp
2009-02-08 03:29 2,126 a------- c:\windows\system32\wpa.dbl
2009-02-06 17:42 33,920 a------- c:\windows\system32\drivers\nbqruocx.sys
2009-02-06 00:22 32,256 a---h--- c:\documents and settings\user\dpnebq.exe
2009-02-06 00:22 67,072 ----h--- c:\windows\system32\secupdat.dat
2009-02-05 22:32 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2009-02-05 22:29 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{83718885-58AE-4D28-9F68-77AF048ADA06}
2009-02-05 21:59 1,558,506 a--sh--- c:\windows\system32\atbdooct.ini
2009-02-05 20:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-05 20:16 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-05 19:26 6 a------- c:\windows\_id.dat
2009-02-05 19:26 130 a------- c:\windows\adobe.bat
2009-02-05 19:26 53,248 a------- c:\windows\system32\drivers\ndisio.sys
2009-02-03 20:15 2 a------- C:\-257235269
2009-02-03 20:15 <DIR> --d----- c:\program files\Microsoft Common
2009-02-03 19:28 11,392 a------- c:\windows\system32\drivers\nfr.sys
2009-02-03 19:11 41,472 a------- c:\windows\system32\stu2.exe
2009-02-03 12:12 1,518,121 a--sh--- c:\windows\system32\joxiwjdp.ini
2009-02-02 19:56 <DIR> --dsh--- c:\windows\TWlsbGllIFJvYg
2009-02-02 07:54 1,464,754 ---sh--- c:\windows\system32\ykknwwmr.ini
2009-02-01 07:57 1,464,294 ---sh--- c:\windows\system32\odnruqrx.ini
2009-01-31 07:57 1,464,294 ---sh--- c:\windows\system32\ppxmanfs.ini
2009-01-30 07:57 1,515,355 a--sh--- c:\windows\system32\dwxapixl.ini
2009-01-29 07:57 1,515,358 ---sh--- c:\windows\system32\rapcpkiw.ini
2009-01-28 23:17 <DIR> --d----- c:\docume~1\user\applic~1\alot
2009-01-28 07:53 1,517,436 a--sh--- c:\windows\system32\jffgebkm.ini
2009-01-27 07:53 1,514,984 ---sh--- c:\windows\system32\qkgqovlo.ini
2009-01-25 22:08 1,434,061 ---sh--- c:\windows\system32\uuniwyjx.ini
2009-01-25 21:05 1,434,061 ---sh--- c:\windows\system32\thcwirpq.ini
2009-01-24 21:04 1,434,070 a--sh--- c:\windows\system32\ciefsyws.ini
2009-01-24 16:25 <DIR> --d----- c:\program files\WebShow
2009-01-24 16:20 <DIR> --d----- c:\program files\Mjcore
2009-01-24 14:00 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-01-24 14:00 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-01-24 14:00 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-01-24 14:00 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-01-24 13:41 <DIR> --d----- c:\program files\Yahoo!
2009-01-23 21:08 1,434,061 a--sh--- c:\windows\system32\gmvgdqch.ini
2009-01-23 15:42 5,632 a------- c:\windows\system32\ptpusb.dll
2009-01-23 15:42 159,232 a------- c:\windows\system32\ptpusd.dll
2009-01-23 15:42 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-22 21:26 1,434,061 a--sh--- c:\windows\system32\bgkdpbgy.ini
2009-01-21 21:02 1,434,061 ---sh--- c:\windows\system32\ntjhfrsd.ini
2009-01-21 12:41 1,434,061 ---sh--- c:\windows\system32\uffxtmiq.ini
2009-01-20 12:38 1,432,799 a--sh--- c:\windows\system32\ivfqclmh.ini
2009-01-19 12:39 1,403,021 ---sh--- c:\windows\system32\ssxrmdae.ini
2009-01-19 01:39 1,403,021 ---sh--- c:\windows\system32\npbioxqv.ini
2009-01-18 01:36 1,403,021 a--sh--- c:\windows\system32\gjakdmha.ini
2009-01-17 14:02 1,403,017 ---sh--- c:\windows\system32\qonqsfpe.ini
2009-01-15 16:15 1,380,362 a--sh--- c:\windows\system32\avuackwa.ini
2009-01-14 16:14 1,380,362 ---sh--- c:\windows\system32\vwmqtara.ini

==================== Find3M ====================

2009-02-09 15:23 90,112 a------- c:\windows\DUMP3db4.tmp
2009-02-06 18:57 712,488 a--sh--- c:\windows\system32\oqBedJlm.ini2
2008-12-07 23:16 864,578 a--sh--- c:\windows\system32\FLTuCfhk.ini2
2008-12-05 22:53 784 a------- c:\docume~1\user\applic~1\mpauth.dat
2008-12-02 10:29 867,891 a--sh--- c:\windows\system32\NVCLlnpo.ini2
2008-12-02 10:29 865,286 a--sh--- c:\windows\system32\nWHjPXyb.ini2
2008-12-02 10:29 864,761 a--sh--- c:\windows\system32\eOqtAcdd.ini2
2008-11-25 18:15 27,136 a------- c:\windows\system32\TDSSedwv.dll
2008-09-02 20:02 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 21:31:20.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 13 February 2009 - 07:45 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 gotuf33nin

gotuf33nin
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 13 February 2009 - 08:34 PM

Ok when I try to run MBAM i get 2 run-time errors. First 1 says (title bar) vbAccelerator SGrid II Control (error) Run-time error '0'. The second error reads (title bar) Malwarebytes' Anti-Malware (error) Run-time error '440': Automation error. When I tried to run RSIT I recieved an error as well. The error reads (title bar) Autolt Error (error) Line -1: Error: Error parsing function call. Lastly, when i tried running GMER.exe i recieved a message from my computer "gmer.exe has encountered a problem and needs to close. We are sorry for the inconvenience." I'm sorry my computer is being a tad difficult but i would really appreciate anything you could do for me.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 February 2009 - 02:42 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 gotuf33nin

gotuf33nin
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 14 February 2009 - 09:36 AM

Well I ran Combofix successfully, only one problem now, I have no internet.... I'm replying from my mobile phone because my computer reads that I'm connected at 100mbps but when I open Internet Explorer I get a 'cannot display webpage' notice. I tried restarting my computer but I get the same results. I have the log on my desktop ready to go but I'll need help getting back online. I already have SUPERAnti-spyware(not updated), ATF-Cleaner, Ad-Aware AE(not updated), and AVG(updated) if you need me to run any of those programs.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 February 2009 - 09:39 AM

From another computer, please download WinsockXPFix from HERE and transfer it to the infected computer.
  • Double-click on WinsockXPFix and click on Fix
It will ask you to restart your computer in attempt to fix the internet connection. Please do so..

Tell me whether you got the internet connection back :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 gotuf33nin

gotuf33nin
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 14 February 2009 - 02:27 PM

Ok so here's the status report:
1. I have the Combofix log ready
2. I got my internet connection back

New problem, I think we really pissed off the computer. Now it restarts on its own. I'll open internet explorer and when I'm about to type in bleepingcomputer.com the PC restarts. Sometimes it'll shut off even before I log on, it'll restart on me in the log on menu. I'll continue to try n send the log file but as of right now the computer isn't allowing me to.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 February 2009 - 02:45 PM

Ok, can you send the log thru another computer?.. I mean you have to transfer the ComboFix log via cd/thumbdrive.. Make sure you got the thumbdrive empty before you put the log inside it..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 gotuf33nin

gotuf33nin
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 14 February 2009 - 02:51 PM

Ok so I ended a process that bought me enough time to send this log *phew
Here's the Combofix log:


ComboFix 09-02-12.03 - User 2009-02-14 9:03:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.138 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\User\LOCALS~1\Temp\tmp1.tmp
c:\program files\Microsoft Common
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\windows\file.bat
c:\windows\services.exe
c:\windows\system32\9.tmp
c:\windows\system32\atbdooct.ini
c:\windows\system32\avuackwa.ini
c:\windows\system32\bfexjgoo.ini
c:\windows\system32\bgkdpbgy.ini
c:\windows\system32\btqklgsx.ini
c:\windows\system32\cdxfmvbp.ini
c:\windows\system32\cfgtehvl.ini
c:\windows\system32\ciefsyws.ini
c:\windows\system32\D.tmp
c:\windows\system32\dacsmvjo.ini
c:\windows\system32\dnkqycvx.ini
c:\windows\system32\drivers\nfr.sys
c:\windows\system32\Drivers\TDSSrfdt.sys
c:\windows\system32\duqhanng.ini
c:\windows\system32\dwxapixl.ini
c:\windows\system32\eavbhyni.ini
c:\windows\system32\eniugina.ini
c:\windows\system32\eOqtAcdd.ini2
c:\windows\system32\F.tmp
c:\windows\system32\FLTuCfhk.ini2
c:\windows\system32\gjakdmha.ini
c:\windows\system32\gmvgdqch.ini
c:\windows\system32\gnmbtomp.ini
c:\windows\system32\gxekgcxb.ini
c:\windows\system32\ijtfbynb.ini
c:\windows\system32\ivfqclmh.ini
c:\windows\system32\ivnllaku.ini
c:\windows\system32\iyubmcpw.ini
c:\windows\system32\jffgebkm.ini
c:\windows\system32\jihhrhgy.ini
c:\windows\system32\joxiwjdp.ini
c:\windows\system32\kdtvy.exe
c:\windows\system32\kmpcdwjk.ini
c:\windows\system32\lmrlhahc.ini
c:\windows\system32\logrhnrg.ini
c:\windows\system32\mbdsiqoe.ini
c:\windows\system32\mjpgfnve.ini
c:\windows\system32\npbioxqv.ini
c:\windows\system32\ntjhfrsd.ini
c:\windows\system32\NVCLlnpo.ini2
c:\windows\system32\nWHjPXyb.ini2
c:\windows\system32\odnruqrx.ini
c:\windows\system32\oiychapp.ini
c:\windows\system32\oqBedJlm.ini
c:\windows\system32\oqBedJlm.ini2
c:\windows\system32\oysqykmk.ini
c:\windows\system32\phggywps.ini
c:\windows\system32\pnkhjyvf.ini
c:\windows\system32\ppxmanfs.ini
c:\windows\system32\prqwlmnw.ini
c:\windows\system32\qcrglqxq.ini
c:\windows\system32\qkgqovlo.ini
c:\windows\system32\qonqsfpe.ini
c:\windows\system32\rapcpkiw.ini
c:\windows\system32\ssxrmdae.ini
c:\windows\system32\tddcsqyt.ini
c:\windows\system32\TDSSedwv.dll
c:\windows\system32\thcwirpq.ini
c:\windows\system32\TtvFOUtv.ini
c:\windows\system32\uffxtmiq.ini
c:\windows\system32\unanxpiy.ini
c:\windows\system32\uuniwyjx.ini
c:\windows\system32\vvqodvgn.ini
c:\windows\system32\vwmqtara.ini
c:\windows\system32\whcdnwlk.ini
c:\windows\system32\yeviqusu.ini
c:\windows\system32\ykknwwmr.ini
c:\windows\system32\yultonxw.ini
c:\windows\wiaserviv.log

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\svchost.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_LOGICAL_DISK_MANAGER_(NDIS)
-------\Legacy_NFR.SYS
-------\Service_Logical Disk Manager (NDIS)
-------\Service_nfr.sys
-------\Service_Passthru


((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-13 20:28 . 2009-02-13 20:28 <DIR> d-------- C:\rsit
2009-02-13 20:22 . 2009-02-13 20:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:22 . 2009-02-13 20:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 20:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 20:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 07:13 . 2009-02-12 07:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-11 23:50 . 2009-02-11 23:50 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-11 23:50 . 2009-02-11 23:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-11 23:50 . 2009-02-11 23:50 <DIR> d-------- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2009-02-11 23:50 . 2009-02-11 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-11 22:39 . 2009-02-11 22:39 24,577 --a------ c:\windows\system32\1A.tmp
2009-02-11 22:38 . 2009-02-11 22:38 128 --a------ c:\windows\system32\18.tmp
2009-02-11 22:38 . 2009-02-11 22:38 0 --a------ c:\windows\system32\19.tmp
2009-02-11 22:36 . 2009-02-11 22:36 110,080 --------- c:\windows\system32\17.tmp
2009-02-11 22:36 . 2009-02-11 22:36 24,577 --a------ c:\windows\system32\16.tmp
2009-02-11 22:36 . 2009-02-11 22:36 3,584 --a------ c:\windows\phnwfqzq.exe
2009-02-11 22:33 . 2009-02-11 22:36 163,364 --a------ c:\windows\system32\15.tmp
2009-02-11 22:33 . 2009-02-11 22:33 128 --a------ c:\windows\system32\14.tmp
2009-02-11 19:30 . 2009-02-11 19:30 164,708 --a------ c:\windows\system32\13.tmp
2009-02-11 19:30 . 2009-02-11 19:30 31,744 --ah----- c:\documents and settings\User\iwckkuk.exe
2009-02-11 19:30 . 2009-02-11 19:30 128 --a------ c:\windows\system32\12.tmp
2009-02-11 19:10 . 2009-02-11 19:10 110,080 --------- c:\windows\system32\11.tmp
2009-02-11 19:10 . 2009-02-11 19:10 24,577 --a------ c:\windows\system32\10.tmp
2009-02-11 19:07 . 2009-02-11 19:07 128 --a------ c:\windows\system32\E.tmp
2009-02-11 18:35 . 2009-02-11 22:36 136,992 --a------ c:\windows\system32\drivers\ethoigwl.sys
2009-02-11 18:32 . 2009-02-11 18:32 128 --a------ c:\windows\system32\C.tmp
2009-02-11 18:08 . 2009-02-11 18:27 <DIR> d-------- c:\program files\AVGUPD
2009-02-10 19:11 . 2009-02-10 19:11 162,816 --a------ c:\windows\system32\B.tmp
2009-02-10 19:10 . 2009-02-10 19:11 88 --a------ c:\windows\system32\A.tmp
2009-02-10 15:49 . 2009-02-10 15:52 162,816 --a------ c:\windows\system32\8.tmp
2009-02-10 15:49 . 2009-02-10 15:49 88 --a------ c:\windows\system32\7.tmp
2009-02-10 15:22 . 2008-07-31 21:05 614,400 --------- c:\windows\system32\ati2sgag.exe
2009-02-10 15:21 . 2009-02-10 15:23 <DIR> d-------- c:\program files\ATI Technologies
2009-02-10 15:20 . 2009-02-11 18:06 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-10 14:55 . 2009-02-10 14:55 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-10 14:55 . 2009-02-10 14:55 <DIR> d-------- c:\program files\AVG
2009-02-10 14:55 . 2009-02-11 18:29 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-10 14:55 . 2009-02-11 18:29 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-10 14:55 . 2009-02-11 18:29 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-10 14:51 . 2009-02-11 18:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-10 14:02 . 2009-02-10 14:02 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 14:00 . 2009-02-10 14:00 128 --a------ c:\windows\system32\3.tmp
2009-02-09 17:38 . 2009-02-11 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-02-08 22:29 . 2009-02-08 22:29 10 --a------ c:\windows\WININIT.INI
2009-02-08 13:53 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-08 04:04 . 2009-02-08 04:04 0 --a------ c:\windows\system32\6.tmp
2009-02-08 04:03 . 2009-02-08 04:03 172 --a------ c:\windows\system32\2.tmp
2009-02-08 04:03 . 2009-02-08 04:03 0 --a------ c:\windows\system32\5.tmp
2009-02-08 04:03 . 2009-02-08 04:03 0 --a------ c:\windows\system32\4.tmp
2009-02-08 03:29 . 2009-02-14 08:58 2,184 --a------ c:\windows\system32\wpa.dbl
2009-02-07 19:46 . 2009-02-10 18:07 <DIR> d-------- c:\documents and settings\Administrator
2009-02-06 17:42 . 2009-02-06 17:42 33,920 --a------ c:\windows\system32\drivers\nbqruocx.sys
2009-02-06 00:22 . 2009-02-11 19:30 67,072 ---h----- c:\windows\system32\secupdat.dat
2009-02-06 00:22 . 2009-02-06 00:22 32,256 --ah----- c:\documents and settings\User\dpnebq.exe
2009-02-05 22:32 . 2009-02-05 22:32 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2009-02-05 22:29 . 2009-02-05 22:30 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}
2009-02-05 20:17 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-05 20:16 . 2009-02-05 20:16 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-05 19:26 . 2009-02-11 19:30 53,248 --a------ c:\windows\system32\drivers\ndisio.sys
2009-02-05 19:26 . 2009-02-12 15:02 130 --a------ c:\windows\adobe.bat
2009-02-05 19:26 . 2009-02-05 19:27 6 --a------ c:\windows\_id.dat
2009-02-03 20:15 . 2009-02-03 20:15 2 --a------ C:\-257235269
2009-02-03 19:11 . 2004-08-03 18:56 41,472 --a------ c:\windows\system32\stu2.exe
2009-02-02 19:56 . 2009-02-06 21:04 <DIR> d--hs---- c:\windows\TWlsbGllIFJvYg
2009-01-30 22:01 . 2009-01-30 22:01 <DIR> d-------- c:\documents and settings\Millie\Application Data\alot
2009-01-28 23:17 . 2009-01-28 23:17 <DIR> d-------- c:\documents and settings\User\Application Data\alot
2009-01-28 17:35 . 2009-02-05 07:58 <DIR> d-------- c:\documents and settings\Robert\Application Data\alot
2009-01-24 16:25 . 2009-01-24 16:25 <DIR> d-------- c:\program files\WebShow
2009-01-24 14:57 . 2009-01-24 14:59 <DIR> dr-h----- c:\documents and settings\Millie\Application Data\yahoo!
2009-01-24 14:00 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-24 14:00 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-01-24 14:00 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-24 14:00 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-01-24 13:44 . 2009-01-24 13:45 <DIR> d-------- c:\documents and settings\Robert\Application Data\Yahoo!
2009-01-24 13:44 . 2009-02-05 22:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-24 13:41 . 2009-02-06 00:13 <DIR> d-------- c:\program files\Yahoo!
2009-01-23 15:42 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-23 15:42 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-23 15:42 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 20:23 90,112 ----a-w c:\windows\DUMP3db4.tmp
2009-02-09 05:21 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-06 03:32 --------- d-----w c:\program files\Creative
2009-02-06 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-25 16:04 --------- d-----w c:\documents and settings\User\Application Data\LimeWire
2008-12-31 22:01 --------- d-----w c:\documents and settings\User\Application Data\Creative
2008-12-31 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-31 21:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 00:20 --------- d-----w c:\documents and settings\Robert\Application Data\ATI
2008-12-06 03:53 784 ----a-w c:\documents and settings\User\Application Data\mpauth.dat
2008-09-03 01:02 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat
.

------- Sigcheck -------

2004-08-03 18:56 31232 6a1a8aaf27f4b2666cc40c720c220d79 c:\windows\system32\svchost.exe
2004-08-03 18:56 31232 8e51288cfe5fed550fdb288c8fe9f2ac c:\windows\system32\dllcache\svchost.exe

2007-09-19 23:48 1050112 dde9dbacba20fb47d2849571f7bb0b06 c:\windows\Explorer.EXE
2007-09-19 23:48 1050112 bb2469846d12af31824eec6d9df446a8 c:\windows\system32\dllcache\explorer.exe

2004-08-03 18:56 32256 7472a10613c2c7778e540adec0cc69ef c:\windows\system32\ctfmon.exe
2004-08-03 18:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\dllcache\ctfmon.exe

2007-09-19 23:34 74752 da360a71b0a180c9277f9b402c2502cc c:\windows\system32\spoolsv.exe
2007-09-19 23:34 74752 0c105dbbce12b7c1e8392f87716e4d00 c:\windows\system32\dllcache\spoolsv.exe

2004-08-03 18:56 41472 ab98e4ccc96ba6cc7ac29798ff498fe0 c:\windows\system32\userinit.exe
2004-08-03 18:56 41472 a11ba6b23feb7fb879e33646e75ebc7e c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 32256]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1850608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 434176]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-11 1601304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"phnwfqzq.exe"="c:\windows\phnwfqzq.exe" [2009-02-11 3584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-11 18:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nbqruocx.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\User
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\User\Local Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\User\Local Settings\Temporary Internet Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\User\Local Settings\Temporary Internet Files\Content.IE5\XZ907X5O
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 18:56 32256 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-09-20 05:50 1711104 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 434176 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
--a------ 2008-08-12 22:49 425984 c:\program files\Creative\Software Update 3\SoftAuto.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-07-16 16:57 81920 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-24 13:40 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 90112 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\User\\Desktop\\90install\\RELEASE\\Utilities\\Basic IRC.exe"=
"c:\\Documents and Settings\\User\\Desktop\\90install\\RELEASE\\Yugioh Virtual Desktop 9.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-05 64160]
R0 nbqruocx;nbqruocx;c:\windows\system32\drivers\nbqruocx.sys [2009-02-06 33920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-10 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-10 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S1 ethoigwl;ethoigwl;c:\windows\system32\drivers\ethoigwl.sys [2009-02-11 136992]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-10 875288]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-10 231704]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 80896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702836c9-a1fa-11dd-95b9-0017310f5f00}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - f:\resycled\boot.com f:
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-services - c:\windows\services.exe
HKLM-Run-c:\windows\system32\kdtvy.exe - c:\windows\system32\kdtvy.exe
HKU-Default-Run-tjbqoizj.exe - c:\windows\tjbqoizj.exe
HKU-Default-Run-lfwartah.exe - c:\windows\lfwartah.exe
HKU-Default-Run-services - c:\windows\services.exe
HKLM-Explorer_Run-services - c:\windows\services.exe
HKCU-Explorer_Run-services - c:\windows\services.exe
HKU-Default-Explorer_Run-services - c:\windows\services.exe
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
ShellExecuteHooks-{A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\SYSTEM32\HGGVTSTS.DLL
Notify-hgGvtsts - hgGvtsts.dll
MSConfigStartUp-SetupHome_5_2_0_457[1] - c:\documents and settings\User\Local Settings\Temporary Internet Files\Content.IE5\XZ907X5O\SetupHome_5_2_0_457[1].exe
MSConfigStartUp-kdtvy - c:\windows\system32\kdtvy.exe
MSConfigStartUp-efoqqeebsllndswhh - c:\windows\system32\qfvtqqyinluetgn.dll
MSConfigStartUp-jsf8uiw3jnjgffght - c:\docume~1\Robert\LOCALS~1\Temp\winlognn.exe
MSConfigStartUp-services - c:\windows\services.exe
MSConfigStartUp-Twain - c:\documents and settings\User\Application Data\Twain\Twain.exe
MSConfigStartUp-VnrPack23 - c:\program files\VnrPack\VnrPack23.exe
MSConfigStartUp-Content - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 09:09:37
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
e:\nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2009-02-14 9:12:03 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2009-02-14 14:11:58

Pre-Run: 1,179,242,496 bytes free
Post-Run: 1,130,983,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

357 --- E O F --- 2008-11-20 21:25:44

Edited by gotuf33nin, 14 February 2009 - 02:54 PM.


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 February 2009 - 03:00 PM

Hello... First of all, you got the thumbdrive empty first before you stuck it inside the infected computer right? As I told you in my previous post...


Delete your version of ComboFix from your computer..

Ok.. Looking at ComboFix log, I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files... We are looking for possible Virut infection, and if it is.. Then you might have to wipe the machine clean..

Make sure you back-up everything via either cd/dvd and if you decide to do backup via thumbdrive/external hard drive, make sure that drives are EMPTY.. (means nothing inside it when you start the backup process)..



But lets do this first.. (after you backup all important stuff)...



IMPORTANT! Disconnect your infected computer from the internet. We have to transfer ALL logs via cd/pendrive. Make sure that cd/pendrive is empty as we don't want the baddies infected another clean computer.. Just logs in form of textfile (.txt/notepad) inside that cd/pendrive..


Go to another clean computer and download these programs to the Desktop.

Dr.Web CureIt
ComboFix

After that, rename launch.exe (or cureit.exe) into rename.com and ComboFix.exe into Combo-Fix.exe

Burn both of them to a cd (don't use pendrive.. I will need you to burn it on a cd)


Go to your computer and run both tool directly from the cd..


1. Dr.Web CureIt step
  • Double-click the lunch.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv and post DrWeb.csv in your next reply (Open it as Notepad)



2. Combo-Fix step

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running Combo-Fix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Double click combofix.exe and follow the prompts. Make sure you install Recovery Console if asked.
When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply

Note: DON'T do anything with your computer while ComboFix is running.. Lets ComboFix finishes its job..



Now, find a pendrive, format it first (make sure there's no other file inside that pendrive) and copy these files into that pendrive..

1. DrWeb.csv
2. C:\combofix.txt
3. C:\Program Files\Trend Micro\HijackThis\HijackThis.txt



Go to another computer and post these logs in your next reply..

1. Dr.Web CureIt!
2. ComboFix
3. A fresh HijackThis log (after ComboFix step)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 gotuf33nin

gotuf33nin
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 14 February 2009 - 08:27 PM

ok here's all 3 logs, by the way 1 of my saved network connections was deleted after all the scanning

Dr.Web log

reader_s.exe;c:\documents and settings\user;Win32.Virut.56;Cured.;
reader_s.exe;c:\documents and settings\user;Trojan.Packed.2352;Deleted.;
clistart.exe;c:\program files\ati technologies\ati.ace\core-static;Win32.Virut.56;Cured.;
ctupnpsv.exe;c:\program files\creative\creative centrale;Win32.Virut.56;Cured.;
ctdevsrv.exe;c:\program files\creative\shared files;Win32.Virut.56;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.56;Cured.;
qttask.exe;c:\program files\quicktime;Win32.Virut.56;Cured.;
superantispyware.exe;c:\program files\superantispyware;Win32.Virut.56;Cured.;
wmpnetwk.exe;c:\program files\windows media player;Win32.Virut.56;Cured.;
explorer.exe;c:\windows;Win32.Virut.56;Cured.;
unregmp2.exe;c:\windows\inf;Win32.Virut.56;Cured.;
lfwxmaoc.exe;c:\windows;Trojan.DownLoad.12588;Deleted.;
xpnetdiag.exe;c:\windows\network diagnostic;Win32.Virut.56;Cured.;
rthdcpl.exe;c:\windows;Win32.Virut.56;Cured.;
alg.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ati2evxx.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ati2sgag.exe;c:\windows\system32;Win32.Virut.56;Cured.;
cisvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
clipsrv.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ctfmon.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dllhost.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dmadmin.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ndis.sys;c:\windows\system32\drivers;Trojan.NtRootKit.2670;Deleted.;
ie4uinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ieudinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
imapi.exe;c:\windows\system32;Win32.Virut.56;Cured.;
locator.exe;c:\windows\system32;Win32.Virut.56;Cured.;
logon.scr;c:\windows\system32;Win32.Virut.56;Cured.;
logonui.exe;c:\windows\system32;Win32.Virut.56;Cured.;
mnmsrvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
msdtc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
msiexec.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ntsd.exe;c:\windows\system32;Win32.Virut.56;Cured.;
reader_s.exe;c:\windows\system32;Win32.Virut.56;Cured.;
reader_s.exe;c:\windows\system32;Trojan.Packed.2352;Deleted.;
rsvp.exe;c:\windows\system32;Win32.Virut.56;Cured.;
rundll32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
scardsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
sessmgr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
shmgrate.exe;c:\windows\system32;Win32.Virut.56;Cured.;
smlogsvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
spoolsv.exe;c:\windows\system32;Win32.Virut.56;Cured.;
svchost.exe;c:\windows\system32;Win32.Virut.56;Cured.;
tlntsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ups.exe;c:\windows\system32;Win32.Virut.56;Cured.;
vssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
unsecapp.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
winmgmt.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
wmiapsrv.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
wmiprvse.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
wscntfy.exe;c:\windows\system32;Win32.Virut.56;Cured.;
AtiCimUn.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975;Win32.Virut.56;Cured.;
CheckVer.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975;Win32.Virut.56;Cured.;
DrvUI64A.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975;Win32.Virut.56;Cured.;
issetup.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975;Win32.Virut.56;Cured.;
Setup.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975;Win32.Virut.56;Cured.;
atiicdxx.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975\BIN;Win32.Virut.56;Cured.;
EnumDev.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975\BIN;Win32.Virut.56;Cured.;
UpdatPnP.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975\BIN;Win32.Virut.56;Cured.;
Setup.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975\Driver;Win32.Virut.56;Cured.;
Setup.exe;C:\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975\WDM_ALL;Win32.Virut.56;Cured.;
MscMan.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\1D28F041\272236BC;Win32.Virut.56;Cured.;
VFSvrU.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\3ED6BDFF\EADD6027;Win32.Virut.56;Cured.;
UGRemove.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\5F1670B0\BF91CED6;Win32.Virut.56;Cured.;
CTUPnPFn.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\68D794A0\37442671;Win32.Virut.56;Cured.;
CTUPnPSv.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\68D794A0\37442671;Win32.Virut.56;Cured.;
ChnTag.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\7991A9CF\BB60D1DE;Win32.Virut.56;Cured.;
CTRegRun.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\7EFD6395\F919F6F5;Win32.Virut.56;Cured.;
Centrale.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\AA3E74FF\B8528BA;Win32.Virut.56;Cured.;
CTOrSync.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\AA3E74FF\B8528BA;Win32.Virut.56;Cured.;
CTRegSvr.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\AC2BAE3B\78CD211E;Win32.Virut.56;Cured.;
CTRegSvu.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\AC2BAE3B\78CD211E;Win32.Virut.56;Cured.;
CTDevSrv.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\AD0FA21A\561BBFC;Win32.Virut.56;Cured.;
CTServiceCtDev.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\AD0FA21A\561BBFC;Win32.Virut.56;Cured.;
ZcAuto.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\AD0FA21A\561BBFC;Win32.Virut.56;Cured.;
CTRegSvu.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\B663CD04\171C275E;Win32.Virut.56;Cured.;
AVCManU.exe;C:\Documents and Settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}\offline\FC0A0376\62CC80FF;Win32.Virut.56;Cured.;
dpnebq.exe;C:\Documents and Settings\User;Win32.Virut.56;Cured.;
dpnebq.exe;C:\Documents and Settings\User;Trojan.Packed.154;Deleted.;
glr.exe;C:\Documents and Settings\User;Win32.Virut.56;Cured.;
glr.exe;C:\Documents and Settings\User;Trojan.Spambot.4336;Deleted.;
iwckkuk.exe;C:\Documents and Settings\User;Win32.Virut.56;Cured.;
iwckkuk.exe;C:\Documents and Settings\User;Trojan.Spambot.4336;Deleted.;
wqen.exe;C:\Documents and Settings\User;Win32.Virut.56;Cured.;
wqen.exe;C:\Documents and Settings\User;Trojan.Spambot.4336;Deleted.;
xixam.exe;C:\Documents and Settings\User;Win32.Virut.56;Cured.;
xixam.exe;C:\Documents and Settings\User;Trojan.Spambot.4336;Deleted.;
MapleStory.exe1_BFC5F4583EEC4F3D8BFB7BA48FC1BD3E.exe;C:\Documents and Settings\User\Application Data\Microsoft\Installer\{706A6867-6CCB-4280-A1E3-BAFBA688D70E};Win32.Virut.56;Cured.;
MapleStory.exe_BFC5F4583EEC4F3D8BFB7BA48FC1BD3E.exe;C:\Documents and Settings\User\Application Data\Microsoft\Installer\{706A6867-6CCB-4280-A1E3-BAFBA688D70E};Win32.Virut.56;Cured.;
AtiCimUn.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp;Win32.Virut.56;Cured.;
CheckVer.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp;Win32.Virut.56;Cured.;
DrvUI64A.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp;Win32.Virut.56;Cured.;
issetup.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp;Win32.Virut.56;Cured.;
Setup.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp;Win32.Virut.56;Cured.;
setup.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\ATIPCE;Win32.Virut.56;Cured.;
setup.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\AVIVO;Win32.Virut.56;Cured.;
Setup.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\AVS_HSUSB;Win32.Virut.56;Cured.;
atiicdxx.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\BIN;Win32.Virut.56;Cured.;
EnumDev.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\BIN;Win32.Virut.56;Cured.;
UpdatPnP.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\BIN;Win32.Virut.56;Cured.;
Setup.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\Driver;Win32.Virut.56;Cured.;
RestoreSMAudioDevice.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\HDAudioUtility;Win32.Virut.56;Cured.;
setupnet.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\NET32;Win32.Virut.56;Cured.;
setupnet.exe;C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\Download\ati catalyst 8.5rc1 xp\NET64A;Win32.Virut.56;Cured.;
ATF-Cleaner.exe;C:\Documents and Settings\User\Desktop;Win32.Virut.56;Cured.;
Combo-Fix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\User\Desktop\Combo-Fix.exe/data002;Probably BATCH.Virus;;
Combo-Fix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\User\Desktop\Combo-Fix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\User\Desktop;Archive contains infected objects;;
Combo-Fix.exe;C:\Documents and Settings\User\Desktop;Container contains infected objects;Moved.;
winsockxpfix.exe;C:\Documents and Settings\User\Desktop;Win32.Virut.56;Cured.;
Yugioh Virtual Desktop 9.exe;C:\Documents and Settings\User\Desktop\90install\RELEASE;Win32.Virut.56;Cured.;
Basic IRC.exe;C:\Documents and Settings\User\Desktop\90install\RELEASE\Utilities;Win32.Virut.56;Cured.;
Log Reader.exe;C:\Documents and Settings\User\Desktop\90install\RELEASE\Utilities;Win32.Virut.56;Incurable.Moved.;
Relay Server.exe;C:\Documents and Settings\User\Desktop\90install\RELEASE\Utilities;Win32.Virut.56;Cured.;
gmer.exe;C:\Documents and Settings\User\Desktop\gmer;Win32.Virut.56;Cured.;
SSUPDATE.EXE;C:\Documents and Settings\User\Local Settings\temp;Win32.Virut.56;Cured.;
abb[1].txt;C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AP70FRH4;Trojan.Packed.2352;Deleted.;
doc[1].txt;C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AP70FRH4;Trojan.DownLoad.12588;Deleted.;
doc[2].txt;C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AP70FRH4;Trojan.DownLoad.12588;Deleted.;
doc[3].txt;C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AP70FRH4;Trojan.DownLoad.12588;Deleted.;
doc[4].txt;C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AP70FRH4;Trojan.DownLoad.12588;Deleted.;
doc[5].txt;C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AP70FRH4;Trojan.DownLoad.12588;Deleted.;
cae[1].txt;C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Y9IOE1LX;Trojan.MulDrop.30278;Deleted.;
doc[1].txt;C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Y9IOE1LX;Trojan.DownLoad.12588;Deleted.;
kanye west - love lockdown .mp3;C:\Documents and Settings\User\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;
ti what up whats happinin.mp3;C:\Documents and Settings\User\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;
LOG.exe;C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation;Win32.Virut.56;Cured.;
CCC.exe;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;Win32.Virut.56;Cured.;
CLI.exe;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;Win32.Virut.56;Cured.;
MOM.exe;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;Win32.Virut.56;Cured.;
AtiCimUn.exe;C:\Program Files\ATI Technologies\UninstallAll;Win32.Virut.56;Cured.;
IKernel.exe;C:\Program Files\Common Files\InstallShield\engine\6\Intel 32;Win32.Virut.56;Cured.;
msinfo32.exe;C:\Program Files\Common Files\Microsoft Shared\MSInfo;Win32.Virut.56;Cured.;
Centrale.exe;C:\Program Files\Creative\Creative Centrale;Win32.Virut.56;Cured.;
ChnTag.exe;C:\Program Files\Creative\Creative Centrale;Win32.Virut.56;Cured.;
CTOrSync.exe;C:\Program Files\Creative\Creative Centrale;Win32.Virut.56;Cured.;
CTRegSvu.exe;C:\Program Files\Creative\Creative Centrale;Win32.Virut.56;Cured.;
CTUPnPFn.exe;C:\Program Files\Creative\Creative Centrale;Win32.Virut.56;Cured.;
UGRemove.exe;C:\Program Files\Creative\Creative ZEN Mozaic;Win32.Virut.56;Cured.;
ctpdemgr.exe;C:\Program Files\Creative\DiskManager;Win32.Virut.56;Cured.;
AVCManU.exe;C:\Program Files\Creative\Shared Files;Win32.Virut.56;Cured.;
CTRegSvr.exe;C:\Program Files\Creative\Shared Files;Win32.Virut.56;Cured.;
CTRegSvu.exe;C:\Program Files\Creative\Shared Files;Win32.Virut.56;Cured.;
CTServiceCtDev.exe;C:\Program Files\Creative\Shared Files;Win32.Virut.56;Cured.;
MscMan.exe;C:\Program Files\Creative\Shared Files;Win32.Virut.56;Cured.;
VFSvrU.exe;C:\Program Files\Creative\Shared Files;Win32.Virut.56;Cured.;
ZcAuto.exe;C:\Program Files\Creative\Shared Files;Win32.Virut.56;Cured.;
SoftAuto.exe;C:\Program Files\Creative\Software Update 3;Win32.Virut.56;Cured.;
SoftU.exe;C:\Program Files\Creative\Software Update 3;Win32.Virut.56;Cured.;
Setup.exe;C:\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3};Win32.Virut.56;Cured.;
iedw.exe;C:\Program Files\Internet Explorer;Win32.Virut.56;Cured.;
iexplore.exe;C:\Program Files\Internet Explorer;Win32.Virut.56;Cured.;
icwconn1.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
icwconn2.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
icwrmind.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
icwtutor.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
inetwiz.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
isignup.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
LimeWire.exe;C:\Program Files\LimeWire;Win32.Virut.56;Cured.;
mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.Virut.56;Cured.;
mirc.exe;C:\Program Files\mIRC;Win32.Virut.56;Cured.;
moviemk.exe;C:\Program Files\Movie Maker;Win32.Virut.56;Cured.;
bckgzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;
chkrzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;
hrtzzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;
rvsezm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;
shvlzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;
cb32.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;
conf.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;
wb32.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;
msimn.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;
oemig50.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;
wab.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;
wabmig.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;
PictureViewer.exe;C:\Program Files\QuickTime;Win32.Virut.56;Cured.;
BootSafe.exe;C:\Program Files\SUPERAntiSpyware;Win32.Virut.56;Cured.;
SASINST.EXE;C:\Program Files\SUPERAntiSpyware;Win32.Virut.56;Cured.;
SSUpdate.exe;C:\Program Files\SUPERAntiSpyware;Win32.Virut.56;Cured.;
HijackThis.exe;C:\Program Files\Trend Micro\HijackThis;Win32.Virut.56;Cured.;
User.exe;C:\Program Files\Trend Micro\HijackThis;Win32.Virut.56;Cured.;
wmccds.exe;C:\Program Files\Windows Media Connect 2;Win32.Virut.56;Cured.;
wmccfg.exe;C:\Program Files\Windows Media Connect 2;Win32.Virut.56;Cured.;
migrate.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
mplayer2.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
setup_wm.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmdbexport.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmlaunch.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmpenc.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmplayer.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmpnscfg.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmpshare.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmsetsdk.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
dialer.exe;C:\Program Files\Windows NT;Win32.Virut.56;Cured.;
hypertrm.exe;C:\Program Files\Windows NT;Win32.Virut.56;Cured.;
wordpad.exe;C:\Program Files\Windows NT\Accessories;Win32.Virut.56;Cured.;
pinball.exe;C:\Program Files\Windows NT\Pinball;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D);Win32.Virut.56;Cured.;
EXPAND.EXE;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
faxpatch.exe;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
i386over.exe;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
NETSETUP.EXE;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
NTSD.EXE;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
REGEDIT.EXE;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
spnpinst.exe;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
SYSPARSE.EXE;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
TELNET.EXE;C:\Program Files\WinXP Pro_Copy\V2PRMVOL_EN (D)\I386;Win32.Virut.56;Cured.;
Mjcore.dll.vir;C:\Qoobox\Quarantine\C\Program Files\Mjcore;Trojan.Click.24145;Deleted.;
services.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.Virut.56;Cured.;
9.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12588;Deleted.;
avuackwa.ini.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Modification of Win95.Azuo.1044;Moved.;
D.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12588;Deleted.;
F.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12588;Deleted.;
kdtvy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.;
kdtvy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.647;Incurable.Moved.;
TDSSedwv.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Tdss.30;Deleted.;
vwmqtara.ini.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Modification of Win95.Azuo.1044;Moved.;
TDSSrfdt.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;BackDoor.Tdss.39;Deleted.;
Dc1.exe/data002\32788R22FWJFW\c.bat;C:\RECYCLER\S-1-5-21-1214440339-1604221776-839522115-1003\Dc1.exe/data002;Probably BATCH.Virus;;
Dc1.exe/data002\32788R22FWJFW\psexec.cfexe;C:\RECYCLER\S-1-5-21-1214440339-1604221776-839522115-1003\Dc1.exe/data002;Program.PsExec.171;;
data002;C:\RECYCLER\S-1-5-21-1214440339-1604221776-839522115-1003;Archive contains infected objects;;
Dc1.exe;C:\RECYCLER\S-1-5-21-1214440339-1604221776-839522115-1003;Container contains infected objects;Moved.;
A0054730.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054730.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);BackDoor.Vomba.3;Deleted.;
A0054731.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054732.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054733.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054734.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054735.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054736.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054737.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054738.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054739.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054740.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054741.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054742.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054743.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054744.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054745.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054746.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054747.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054748.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054752.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054757.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054759.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054760.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0054798.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\Fifoed(3);Win32.Virut.56;Cured.;
A0062003.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP179;Win32.Virut.56;Cured.;
A0062004.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP179;Win32.Virut.56;Cured.;
A0063003.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP179;Win32.Virut.56;Cured.;
A0063004.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP179;Win32.Virut.56;Cured.;
A0063005.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP179;Win32.Virut.56;Cured.;
A0063042.bat;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Probably BATCH.Virus;Incurable.Moved.;
A0063061.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063090.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063093.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063094.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063103.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063103.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Probably Trojan.Packed.647;Incurable.Moved.;
A0063109.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063110.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063113.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063119.dll;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Click.24145;Deleted.;
A0063121.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063129.ini;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Modification of Win95.Azuo.1044;Moved.;
A0063180.ini;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Modification of Win95.Azuo.1044;Moved.;
A0063185.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063186.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063187.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063188.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063189.sys;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;BackDoor.Tdss.39;Deleted.;
A0063190.dll;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;BackDoor.Tdss.30;Deleted.;
A0063202.bat;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Probably BATCH.Virus;Incurable.Moved.;
A0063203.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063216.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063216.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Program.PsExec.170;Incurable.Moved.;
A0063225.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063238.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063252.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063259.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0063296.sys;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.NtRootKit.2561;Deleted.;
A0064304.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Packed.2352;Deleted.;
A0064309.sys;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.NtRootKit.2561;Deleted.;
A0066316.sys;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.NtRootKit.2561;Deleted.;
A0086347.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.DownLoad.12588;Deleted.;
A0086348.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.DownLoad.12588;Deleted.;
A0098404.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098404.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Packed.2352;Deleted.;
A0098405.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098405.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Packed.2352;Deleted.;
A0098410.sys;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.NtRootKit.2561;Deleted.;
A0098415.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Packed.2352;Deleted.;
A0098423.sys;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.NtRootKit.2561;Deleted.;
A0098432.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098432.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Packed.2352;Deleted.;
A0098433.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098434.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098435.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098436.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098437.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098438.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098439.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098440.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098441.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098442.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.DownLoad.12588;Deleted.;
A0098443.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098444.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098445.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098446.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098447.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098448.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098449.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098450.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098451.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098452.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098453.sys;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.NtRootKit.2670;Deleted.;
A0098454.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098455.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098456.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098457.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098458.scr;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098459.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098460.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098461.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098462.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098463.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098464.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098464.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Packed.2352;Deleted.;
A0098465.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098466.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098467.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098468.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098469.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098470.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098471.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098472.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098473.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098474.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098475.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098476.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098477.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098478.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098479.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098480.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098481.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098482.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098483.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098484.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098485.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098486.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098487.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098488.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098489.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098490.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098491.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098492.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098493.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098494.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098495.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098496.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098497.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098498.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098499.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098500.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098501.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098502.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098503.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098504.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098505.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098506.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098507.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098507.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Packed.154;Deleted.;
A0098508.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098508.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Spambot.4336;Deleted.;
A0098509.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098509.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Spambot.4336;Deleted.;
A0098510.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098510.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Spambot.4336;Deleted.;
A0098511.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098511.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Trojan.Spambot.4336;Deleted.;
A0098512.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098513.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098514.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098515.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098516.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098517.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098518.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098519.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098520.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098521.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098522.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098523.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098524.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098525.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098526.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098527.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098528.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098529.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098530.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182\A0098530.exe/data002;Probably BATCH.Virus;;
A0098530.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182\A0098530.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Archive contains infected objects;;
A0098530.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Container contains infected objects;Moved.;
A0098531.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098532.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098533.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098534.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098535.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098536.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098537.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098538.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098539.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098540.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098541.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098542.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098543.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098544.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098545.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098546.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098547.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098548.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098549.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098550.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098551.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098552.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098553.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098554.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098555.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098556.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098557.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098558.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098559.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098560.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098561.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098562.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098563.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098564.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098565.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098566.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098567.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098568.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098569.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098570.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098571.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098572.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098573.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098574.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098575.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098576.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098577.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098578.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098579.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098580.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098581.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098582.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098583.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098584.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098585.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098586.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098587.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098588.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098589.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098590.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098591.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098592.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098593.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098594.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098595.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098596.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098597.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098598.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098599.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098600.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098601.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098602.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098603.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098604.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098605.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098606.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098607.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098608.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098609.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098610.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098611.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098612.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098613.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098614.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098615.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098616.EXE;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098617.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182\A0098617.exe/data002;Probably BATCH.Virus;;
A0098617.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182\A0098617.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Archive contains infected objects;;
A0098617.exe;C:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Container contains infected objects;Moved.;
Alcmtr.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
alcwzrd.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
fdsv.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
grep.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
hh.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
HideWin.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
MicCal.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
NIRCMD.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
NOTEPAD.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;
regedit.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
RTLCPL.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
RtlUpd.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
sed.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
SkyTel.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
SoundMan.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
SWREG.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
SWSC.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
SWXCACLS.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
VFIND.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
winhlp32.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
zip.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
ERDNT.EXE;C:\WINDOWS\ERDNT\Hiv-backup;Win32.Virut.56;Cured.;
ERDNT.EXE;C:\WINDOWS\ERDNT\subs;Win32.Virut.56;Cured.;
places.exe;C:\WINDOWS\Installer\{7CCEBC24-62DB-4280-A8EC-BFA49F167920};Win32.Virut.56;Cured.;
IconCDDCBBF15.exe;C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA};Win32.Virut.56;Cured.;
agentsvr.exe;C:\WINDOWS\msagent;Win32.Virut.56;Cured.;
muisetup.exe;C:\WINDOWS\mui;Win32.Virut.56;Cured.;
HelpCtr.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;
helpsvc.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;
HscUpd.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;
msconfig.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;
notiflag.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;
UploadM.exe;C:\WINDOWS\pchealth\UploadLB\Binaries;Win32.Virut.56;Cured.;
11.tmp;C:\WINDOWS\system32;Trojan.MulDrop.30278;Deleted.;
17.tmp;C:\WINDOWS\system32;Trojan.MulDrop.30278;Deleted.;
1B.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12588;Deleted.;
1D.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12588;Deleted.;
1F.tmp;C:\WINDOWS\system32;Trojan.MulDrop.30278;Deleted.;
20.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12588;Deleted.;
22.tmp;C:\WINDOWS\system32;Trojan.MulDrop.30278;Deleted.;
23.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12588;Deleted.;
8.tmp;C:\WINDOWS\system32;Probably Trojan.Packed.196;Incurable.Moved.;
accwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
actmovie.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ahui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
alg.exe.tmp;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
arp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_fmt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_ldm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_pfu.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
at.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
Ati2mdxx.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
atmadm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
attrib.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
auditusr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
B.tmp;C:\WINDOWS\system32;Probably Trojan.Packed.196;Incurable.Moved.;
blastcln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootcfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootok.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootvrfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cacls.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
calc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
charmap.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ChCfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
chkdsk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
chkntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cidaemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cipher.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ckcnv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cleanmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cliconfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
clipbrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmd.exe.tmp;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmdl32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmmon32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmstp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
comp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
compact.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
conime.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
control.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
convert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
D.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12588;Deleted.;
dcomcnfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ddeshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
defrag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
defrag.exe.tmp;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dfrgfat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dfrgntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dfrgntfs.exe.tmp;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diantz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diskpart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diskperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dllhst3g.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dmremote.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
doskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dplaysvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dpnsvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dpvsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
driverquery.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
drmupgds.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
drwtsn32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dumprep.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dvdplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dvdupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dwwin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dxdiag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
esentutl.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eudcedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventcreate.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventtriggers.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventvwr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
expand.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
extrac32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
find.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
findstr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
finger.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fixmapi.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fltMc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
forcedos.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
freecell.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fsquirt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fsutil.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
getmac.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
gpresult.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
gpupdate.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
grpconv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
hdashcut.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
help.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
hostname.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
iexpress.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipconfig.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipsec6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipv6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipxroute.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
label.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lights.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lnkstub.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
logagent.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
logman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
logoff.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lpq.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lpr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
magnify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
makecab.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
migpwd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mmc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mmcperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mobsync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mountvol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mplay32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mpnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqbkup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqsvc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqtgsvc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mrinfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
MRT.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msfeedssync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mshearts.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mshta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mspaint.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msswchx.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mstinit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mstsc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
narrator.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nbtstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nddeapir.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
net.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
net1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
notepad.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nslookup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ntbackup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ntvdm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nwscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
odbcad32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
odbcconf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
openfiles.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
osk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
osuninst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
packager.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
pathping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
pentnt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
perfmon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ping6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
pintool.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
powercfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
print.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
progman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
proquota.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
proxycfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qappsrv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qfecheck.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qprocess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasautou.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasdial.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasphone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rcimlby.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rcp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdpclip.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdsaddin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdshost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
recover.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
reg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
regedt32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
regini.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
relog.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
replace.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
reset.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rexec.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
route.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
routemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsmsink.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsmui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsopprov.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rspndr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rtcshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
runas.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
runonce.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
savedump.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
schtasks.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
scrnsave.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sdbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
secedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
secupdat.dat;C:\WINDOWS\system32;Trojan.Spambot.4336;Deleted.;
sethc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
setup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sfc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shadow.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shrpubw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shutdown.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sigverif.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
skeys.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
smbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sndrec32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sndvol32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sort.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
spider.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
spiisupd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
spnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ss3dfo.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssbezier.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssflwbox.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmarque.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmypics.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmyst.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sspipes.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssstars.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sstext3d.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
stimon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
stu2.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
subst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
syncapp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
syskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sysocmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
systeminfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
systray.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskkill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tasklist.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tcmsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tcpsvcs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
telnet.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tlntadmn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tlntsess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tourstart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracerpt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracert6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tscupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tsdiscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tskill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tsshutdn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
typeperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tzchange.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
unlodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
upnpcont.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
userinit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
usrmlnka.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
usrprbda.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
usrshuta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
utilman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
uWDF.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
verclsid.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
verifier.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
vssadmin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
w32tm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wdfmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wextract.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wiaacmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winfxdocobj.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winhlp32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winmine.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winmsd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winver.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wpabaln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wpdshextautoplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wpnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
write.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wudfhost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wupdmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
xcopy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
comrepl.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;
comrereg.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;
ins[1].txt;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6HIXX4OL;Probably Trojan.Packed.196;Incurable.Moved.;
cae[1].txt;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FA3Z7D7N;Probably Trojan.Packed.154;Incurable.Moved.;
alg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cmd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ctfmon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
explorer.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ipconfig.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ndis.sys;C:\WINDOWS\system32\dllcache;Trojan.NtRootKit.2670;Deleted.;
spoolsv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
svchost.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
userinit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ndisio.sys;C:\WINDOWS\system32\drivers;Trojan.NtRootKit.2561;Deleted.;
nppagent.exe;C:\WINDOWS\system32\npp;Win32.Virut.56;Cured.;
rstrui.exe;C:\WINDOWS\system32\Restore;Win32.Virut.56;Cured.;
migload.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
migwiz.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
migwiza.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
migwiz_a.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
mofcomp.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
scrcons.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
wbemtest.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
wmiadap.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
wmic.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
BN1.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN10.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN11.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN1E.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN2.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN20.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN23.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN26.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN27.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN28.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN2B.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN2D.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN2F.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN3.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN31.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN33.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN4.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN5.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN6.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN7.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN8.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BN9.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BNA.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BNB.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BNC.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BND.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BNE.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
BNF.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;
VRTD.tmp;C:\WINDOWS\Temp;Trojan.DownLoad.29919;Deleted.;
Patcher.exe;E:\Nexon\MapleStory;Win32.Virut.56;Cured.;
Setup.exe;E:\Nexon\MapleStory;Win32.Virut.56;Cured.;
chopped and screwed lost MTV.mp3;E:\Saved;Trojan.WMALoader;Cured.;
driverscanner.exe;E:\Saved\UniBlue Driver Scanner 2009 V2.0 + Full Key Gen;Win32.Virut.56;Cured.;
driverscanner.exe;E:\Saved\UniBlue Driver Scanner 2009 V2.0 + Full Key Gen\Setup;Win32.Virut.56;Cured.;
A0098946.exe;E:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098947.exe;E:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098948.exe;E:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;
A0098949.exe;E:\System Volume Information\_restore{702C5960-BEEC-46DC-94EF-7FF98731FA6F}\RP182;Win32.Virut.56;Cured.;


Combo-fix log

ComboFix 09-02-12.03 - User 2009-02-14 19:21:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.105 [GMT -5:00]
Running from: c:\documents and settings\User\DoctorWeb\Quarantine\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\9.tmp

c:\windows\system32\svchost.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru
-------\Service_restore


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-14 17:29 . 2009-02-14 17:56 d-------- c:\documents and settings\User\DoctorWeb
2009-02-14 17:18 . 2009-02-14 17:18 162,788 --a------ c:\windows\system32\36.tmp
2009-02-14 17:18 . 2009-02-14 17:18 132 --a------ c:\windows\system32\35.tmp
2009-02-14 17:04 . 2009-02-14 17:06 162,788 --a------ c:\windows\system32\34.tmp
2009-02-14 17:04 . 2009-02-14 17:04 132 --a------ c:\windows\system32\33.tmp
2009-02-14 16:05 . 2009-02-14 16:05 52,669 --a------ c:\windows\system32\32.tmp
2009-02-14 16:05 . 2009-02-14 16:05 132 --a------ c:\windows\system32\31.tmp
2009-02-14 15:25 . 2009-02-14 15:25 40,141 --a------ c:\windows\system32\30.tmp
2009-02-14 15:25 . 2009-02-14 15:25 132 --a------ c:\windows\system32\2F.tmp
2009-02-14 15:21 . 2009-02-14 15:21 65,197 --a------ c:\windows\system32\2E.tmp
2009-02-14 15:21 . 2009-02-14 15:21 132 --a------ c:\windows\system32\2D.tmp
2009-02-14 15:12 . 2009-02-14 15:12 61,021 --a------ c:\windows\system32\2C.tmp
2009-02-14 15:12 . 2009-02-14 15:12 132 --a------ c:\windows\system32\2B.tmp
2009-02-14 14:51 . 2009-02-14 14:51 44,317 --a------ c:\windows\system32\2A.tmp
2009-02-14 14:51 . 2009-02-14 14:51 132 --a------ c:\windows\system32\28.tmp
2009-02-14 14:27 . 2009-02-14 14:27 52,669 --a------ c:\windows\system32\27.tmp
2009-02-14 14:27 . 2009-02-14 14:27 132 --a------ c:\windows\system32\26.tmp
2009-02-14 14:23 . 2009-02-14 14:23 31,789 --a------ c:\windows\system32\25.tmp
2009-02-14 14:23 . 2009-02-14 14:23 132 --a------ c:\windows\system32\24.tmp
2009-02-14 14:00 . 2009-02-14 14:00 132 --a------ c:\windows\system32\21.tmp
2009-02-14 13:41 . 2009-02-14 13:41 132 --a------ c:\windows\system32\1E.tmp
2009-02-14 13:38 . 2009-02-14 13:39 132 --a------ c:\windows\system32\1C.tmp
2009-02-14 13:25 . 2009-02-14 13:25 132 --a------ c:\windows\system32\F.tmp
2009-02-14 13:23 . 2009-02-14 15:54 6,656 --a------ c:\windows\system32\drivers\restore.sys
2009-02-14 13:21 . 2009-02-14 13:22 616 --a------ c:\windows\system32\29.tmp
2009-02-14 09:45 . 2009-02-14 09:45 3,218 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-02-13 20:28 . 2009-02-13 20:28 d-------- C:\rsit
2009-02-13 20:22 . 2009-02-13 20:22 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:22 . 2009-02-13 20:22 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 20:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 20:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 07:13 . 2009-02-12 07:13 d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-11 23:50 . 2009-02-11 23:50 d-------- c:\program files\SUPERAntiSpyware
2009-02-11 23:50 . 2009-02-11 23:50 d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-11 23:50 . 2009-02-11 23:50 d-------- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2009-02-11 23:50 . 2009-02-11 23:50 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-11 22:39 . 2009-02-11 22:39 24,577 --a------ c:\windows\system32\1A.tmp
2009-02-11 22:38 . 2009-02-11 22:38 128 --a------ c:\windows\system32\18.tmp
2009-02-11 22:38 . 2009-02-11 22:38 0 --a------ c:\windows\system32\19.tmp
2009-02-11 22:36 . 2009-02-11 22:36 24,577 --a------ c:\windows\system32\16.tmp
2009-02-11 22:33 . 2009-02-11 22:36 163,364 --a------ c:\windows\system32\15.tmp
2009-02-11 22:33 . 2009-02-11 22:33 128 --a------ c:\windows\system32\14.tmp
2009-02-11 19:30 . 2009-02-11 19:30 164,708 --a------ c:\windows\system32\13.tmp
2009-02-11 19:30 . 2009-02-11 19:30 128 --a------ c:\windows\system32\12.tmp
2009-02-11 19:10 . 2009-02-11 19:10 24,577 --a------ c:\windows\system32\10.tmp
2009-02-11 19:07 . 2009-02-11 19:07 128 --a------ c:\windows\system32\E.tmp
2009-02-11 18:35 . 2009-02-14 17:06 137,440 --a------ c:\windows\system32\drivers\ethoigwl.sys
2009-02-11 18:32 . 2009-02-11 18:32 128 --a------ c:\windows\system32\C.tmp
2009-02-11 18:08 . 2009-02-11 18:27 d-------- c:\program files\AVGUPD
2009-02-10 19:10 . 2009-02-10 19:11 88 --a------ c:\windows\system32\A.tmp
2009-02-10 15:49 . 2009-02-10 15:49 88 --a------ c:\windows\system32\7.tmp
2009-02-10 15:22 . 2009-02-14 17:31 593,920 --a------ c:\windows\system32\ati2sgag.exe
2009-02-10 15:21 . 2009-02-10 15:23 d-------- c:\program files\ATI Technologies
2009-02-10 15:20 . 2009-02-11 18:06 d--h----- C:\$AVG8.VAULT$
2009-02-10 14:55 . 2009-02-10 14:55 d-------- c:\windows\system32\drivers\Avg
2009-02-10 14:55 . 2009-02-10 14:55 d-------- c:\program files\AVG
2009-02-10 14:55 . 2009-02-11 18:29 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-10 14:55 . 2009-02-11 18:29 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-10 14:55 . 2009-02-11 18:29 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-10 14:51 . 2009-02-11 18:54 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-10 14:02 . 2009-02-10 14:02 d-------- c:\program files\Trend Micro
2009-02-10 14:00 . 2009-02-10 14:00 128 --a------ c:\windows\system32\3.tmp
2009-02-09 17:38 . 2009-02-11 18:01 d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-02-08 22:29 . 2009-02-08 22:29 10 --a------ c:\windows\WININIT.INI
2009-02-08 13:53 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-08 04:04 . 2009-02-08 04:04 0 --a------ c:\windows\system32\6.tmp
2009-02-08 04:03 . 2009-02-08 04:03 172 --a------ c:\windows\system32\2.tmp
2009-02-08 04:03 . 2009-02-08 04:03 0 --a------ c:\windows\system32\5.tmp
2009-02-08 04:03 . 2009-02-08 04:03 0 --a------ c:\windows\system32\4.tmp
2009-02-08 03:29 . 2009-02-14 08:58 2,184 --a------ c:\windows\system32\wpa.dbl
2009-02-07 19:46 . 2009-02-10 18:07 d-------- c:\documents and settings\Administrator
2009-02-06 17:42 . 2009-02-06 17:42 33,920 --a------ c:\windows\system32\drivers\nbqruocx.sys
2009-02-05 22:32 . 2009-02-05 22:32 d--h----- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2009-02-05 22:29 . 2009-02-05 22:30 d--h----- c:\documents and settings\All Users\Application Data\{83718885-58AE-4D28-9F68-77AF048ADA06}
2009-02-05 20:17 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-05 20:16 . 2009-02-05 20:16 d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-05 19:26 . 2009-02-12 15:02 130 --a------ c:\windows\adobe.bat
2009-02-05 19:26 . 2009-02-05 19:27 6 --a------ c:\windows\_id.dat
2009-02-03 20:15 . 2009-02-03 20:15 2 --a------ C:\-257235269
2009-02-03 19:11 . 2009-02-14 18:30 24,576 --a------ c:\windows\system32\stu2.exe
2009-02-02 19:56 . 2009-02-06 21:04 d--hs---- c:\windows\TWlsbGllIFJvYg
2009-01-30 22:01 . 2009-01-30 22:01 d-------- c:\documents and settings\Millie\Application Data\alot
2009-01-28 23:17 . 2009-01-28 23:17 d-------- c:\documents and settings\User\Application Data\alot
2009-01-28 17:35 . 2009-02-05 07:58 d-------- c:\documents and settings\Robert\Application Data\alot
2009-01-24 16:25 . 2009-01-24 16:25 d-------- c:\program files\WebShow
2009-01-24 14:57 . 2009-01-24 14:59 dr-h----- c:\documents and settings\Millie\Application Data\yahoo!
2009-01-24 14:00 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-24 14:00 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-01-24 14:00 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-24 14:00 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-01-24 13:44 . 2009-01-24 13:45 d-------- c:\documents and settings\Robert\Application Data\Yahoo!
2009-01-24 13:44 . 2009-02-05 22:28 d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-24 13:41 . 2009-02-06 00:13 d-------- c:\program files\Yahoo!
2009-01-23 15:42 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-23 15:42 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-23 15:42 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 05:21 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-06 03:32 --------- d-----w c:\program files\Creative
2009-02-06 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-25 16:04 --------- d-----w c:\documents and settings\User\Application Data\LimeWire
2008-12-31 22:01 --------- d-----w c:\documents and settings\User\Application Data\Creative
2008-12-31 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-31 21:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 00:20 --------- d-----w c:\documents and settings\Robert\Application Data\ATI
2008-12-06 03:53 784 ----a-w c:\documents and settings\User\Application Data\mpauth.dat
2008-09-03 01:02 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-02-14 32256]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-14 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-14 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-11 1601304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-14 61440]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-14 c:\windows\RTHDCPL.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-11 18:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nbqruocx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2009-02-14 18:44 32256 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2009-02-14 17:31 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-02-14 17:31 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
--a------ 2009-02-14 18:07 401408 c:\program files\Creative\Software Update 3\SoftAuto.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2009-02-14 17:30 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-24 13:40 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2009-02-14 18:21 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\User\\Desktop\\90install\\RELEASE\\Utilities\\Basic IRC.exe"=
"c:\\Documents and Settings\\User\\Desktop\\90install\\RELEASE\\Yugioh Virtual Desktop 9.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-05 64160]
R0 nbqruocx;nbqruocx;c:\windows\system32\drivers\nbqruocx.sys [2009-02-06 33920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-10 325128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-10 107272]
S1 ethoigwl;ethoigwl;c:\windows\system32\drivers\ethoigwl.sys [2009-02-11 137440]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-10 875288]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-10 231704]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702836c9-a1fa-11dd-95b9-0017310f5f00}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - f:\resycled\boot.com f:
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-phnwfqzq.exe - c:\windows\phnwfqzq.exe
HKU-Default-Run-jrfryhtz.exe - c:\windows\jrfryhtz.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/forums/topic203015.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 19:27:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(332)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-14 19:30:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 00:30:24
ComboFix2.txt 2009-02-14 14:12:05

Pre-Run: 939,868,160 bytes free
Post-Run: 926,437,376 bytes free

243 --- E O F --- 2008-11-20 21:25:44


Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:20 PM, on 2/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/203015/trojan-and-rogue-software-on-my-pc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jdk/6u1...ows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - E:\Nexon\MapleStory\npkcmsvc.exe

--
End of file - 4453 bytes

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 February 2009 - 11:37 PM

Hello.. Bad news for you... Dr.Web has detected Win32.Virut.56 and has failed to cure it successfully.. From your ComboFix log, it appears the computer is need to wipe clean..

A quote from a malware expert (sUBs)

Virut is not disinfectable. Your only option is to perform a full reformat. Do NOT attempt a repair install. It shall be a waste of time. If you do so, the infected executables remain on the machine & you shall likely trigger another bout of Virut.

If you do not know how to perform a fresh install, use this website > http://www.windowsreinstall.com/

Note: If you have to backup files, do so only for MS Office documents & any non executable file. Burn them to CD/DVD. Do NOT copy files from the infected machine to your pendrive OR another machine. You risk infecting the other machine.


full reformat means, format on ALL partitions..


I'm sorry, we couldn't save your computer.. It needs to be wiped clean..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 gotuf33nin

gotuf33nin
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 15 February 2009 - 09:10 AM

It's ok, thank you for your patience and all of your help

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 15 February 2009 - 11:21 AM

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users