Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan and Malware


  • This topic is locked This topic is locked
13 replies to this topic

#1 sanjuontario

sanjuontario

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 26 June 2010 - 08:08 PM

Had a trojan posing as an anti-virus...removed it with Malwarebytes. Now each time I google something it redirects me to a different web site I do not want. It also does this with Mozilla Firefox. It also tries to infect my computer when a new tab opens by itself but i just click it off. Really annoying and have run Malwarebytes many items to no results. Have Ca Internet Security Suite, does not seem to work effiecently and just says it cleans what is infected but trojan still there but hidden. Need help to eliminate this problem, can not search something without worrying if my computer will get infected. Thanks for taking the time to read this.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Administrator at 15:01:22.31 on Sat 06/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.293 [GMT -7:00]

AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\arservice.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\procexp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Compaq_Administrator.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Compaq_Administrator] c:\documents and settings\compaq_administrator\Compaq_Administrator.exe /i
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [<NO NAME>]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mExplorerRun: [mz1rs5] c:\windows\temp\dv72aw.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgetEngine.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277587170050
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\documents and settings\all users\application data\skype\plugins\plugins\d32d9abfbe354ac8a84f07c309c1e3af\Skype4COM.dll
Notify: PFW - UmxWnp.Dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-5 64160]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2010-6-4 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2010-6-4 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2010-6-4 746216]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2010-6-4 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2010-6-4 32240]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2010-6-4 144960]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 192112]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-17 202352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169584]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 105472]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-5 1119888]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2010-6-4 238928]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2010-6-4 130280]
S0 cgjswqw;cgjswqw;c:\windows\system32\drivers\efmchacn.sys --> c:\windows\system32\drivers\efmchacn.sys [?]
S0 oxumlba;oxumlba;c:\windows\system32\drivers\djxmqoen.sys --> c:\windows\system32\drivers\djxmqoen.sys [?]
S4 duef;duef;c:\windows\system32\drivers\eggqjna.sys [2010-5-31 54016]
S4 ktqjfdyx;ktqjfdyx;c:\windows\system32\drivers\fesqeme.sys [2010-6-1 54016]
S4 olidx;olidx;c:\windows\system32\drivers\jajguq.sys [2010-6-4 54016]
S4 plyxg;plyxg;c:\windows\system32\drivers\wuoqey.sys [2010-6-4 54016]
S4 tpyveomt;tpyveomt;c:\windows\system32\drivers\bcwqyt.sys [2010-6-1 54016]
S4 uyje;uyje;c:\windows\system32\drivers\pelghgr.sys [2010-5-31 54016]
S4 vbaoecc;vbaoecc;c:\windows\system32\drivers\qgckvsfj.sys [2010-5-31 54016]
S4 vsnyal;vsnyal;c:\windows\system32\drivers\knli.sys [2010-6-4 54016]

=============== Created Last 30 ================

2010-06-26 21:57:20 0 ----a-w- c:\documents and settings\compaq_administrator\defogger_reenable
2010-06-26 02:06:34 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-06-26 02:06:19 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-06-26 02:06:19 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-06-26 02:06:14 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-06-26 02:06:14 16384 ----a-w- c:\windows\system32\dllcache\ipsink.ax
2010-06-26 02:06:14 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-06-26 02:06:14 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-06-26 02:06:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-06-26 02:06:10 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-06-26 02:06:04 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-06-26 02:06:04 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-06-26 02:04:59 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2010-06-26 02:04:59 90624 ----a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-06-26 02:04:59 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-06-26 02:04:59 61952 ----a-w- c:\windows\system32\dllcache\kstvtune.ax
2010-06-26 02:04:59 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-26 02:04:59 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-26 02:04:59 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-06-26 02:04:59 43008 ----a-w- c:\windows\system32\dllcache\ksxbar.ax
2010-06-26 02:04:59 28672 ----a-w- c:\windows\system32\vidcap.ax
2010-06-26 02:04:59 28672 ----a-w- c:\windows\system32\dllcache\vidcap.ax
2010-06-23 00:13:40 54016 ----a-w- c:\windows\system32\drivers\xwfgbu.sys
2010-06-22 23:32:14 54016 ----a-w- c:\windows\system32\drivers\ekpeb.sys
2010-06-19 21:40:44 80384 ----a-w- c:\windows\system32\dllcache\charmap.exe
2010-06-19 21:40:44 80384 ----a-w- c:\windows\system32\charmap.exe
2010-06-19 21:39:27 131584 ----a-w- c:\windows\system32\sndrec32.exe
2010-06-19 21:39:27 131584 ----a-w- c:\windows\system32\dllcache\sndrec32.exe
2010-06-19 08:58:13 54016 ----a-w- c:\windows\system32\drivers\uxtdhhb.sys
2010-06-19 07:32:36 54016 ----a-w- c:\windows\system32\drivers\jamtkic.sys
2010-06-17 08:15:29 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-17 08:08:55 0 d-----w- c:\windows\LastGood(2)
2010-06-16 00:10:08 3066 ----a-w- c:\windows\system32\wstfkl
2010-06-15 22:52:05 223744 ----a-w- c:\windows\system32\OLD2.tmp
2010-06-15 18:32:13 1035264 ----a-w- c:\windows\OLDB.tmp
2010-06-07 04:02:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-07 03:55:22 0 d-----r- c:\program files\Skype
2010-06-05 00:14:22 54016 ----a-w- c:\windows\system32\drivers\jajguq.sys
2010-06-05 00:00:04 0 d-----w- c:\program files\Loaris
2010-06-04 20:43:11 54016 ----a-w- c:\windows\system32\drivers\knli.sys
2010-06-04 20:36:45 54016 ----a-w- c:\windows\system32\drivers\wuoqey.sys
2010-06-04 20:22:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 20:21:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 20:08:21 0 d-----w- c:\docume~1\compaq~1\applic~1\MSNInstaller
2010-06-04 17:09:36 88094 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-06-04 17:09:36 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-06-04 17:09:36 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-06-04 17:09:36 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-06-04 17:09:36 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-06-04 17:09:36 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-06-04 17:09:36 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-06-04 17:09:36 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-06-04 15:13:08 746216 ----a-w- c:\windows\system32\drivers\vetefile.sys
2010-06-04 15:13:08 130280 ----a-w- c:\windows\system32\drivers\veteboot.sys
2010-06-04 15:12:41 99592 ----a-w- c:\windows\system32\isafeif.dll
2010-06-04 15:12:41 79424 ----a-w- c:\windows\system32\vetredir.dll
2010-06-04 15:12:41 75016 ----a-w- c:\windows\system32\isafprod.dll
2010-06-04 15:12:41 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2010-06-04 15:12:41 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2010-06-04 15:12:41 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2010-06-04 15:12:41 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2010-06-04 15:12:25 0 d-----w- c:\docume~1\alluse~1\applic~1\CA
2010-06-04 15:12:24 0 d-----w- c:\program files\CA
2010-06-01 09:20:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-01 09:05:39 54016 ----a-w- c:\windows\system32\drivers\fesqeme.sys
2010-06-01 07:47:59 0 d-----w- c:\program files\CCleaner
2010-06-01 07:15:23 0 d-----w- c:\windows\system32\NtmsData
2010-06-01 07:00:32 54016 ----a-w- c:\windows\system32\drivers\bcwqyt.sys
2010-06-01 06:59:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-01 06:55:36 54016 ----a-w- c:\windows\system32\drivers\okgv.sys
2010-06-01 06:41:25 54016 ----a-w- c:\windows\system32\drivers\pelghgr.sys
2010-06-01 06:40:49 54016 ----a-w- c:\windows\system32\drivers\qgckvsfj.sys
2010-06-01 06:39:12 54016 ----a-w- c:\windows\system32\drivers\eggqjna.sys
2010-06-01 06:19:03 54016 ----a-w- c:\windows\system32\drivers\jvkap.sys
2010-05-31 08:31:19 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2010-05-31 08:31:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-31 08:31:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-26 15:34:44 505344 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2010-06-26 15:34:34 221184 ----a-w- c:\windows\system32\dllcache\wmiprvse.exe
2010-06-26 15:34:22 49152 ----a-w- c:\windows\system32\dllcache\wab.exe
2010-06-26 15:34:17 53248 ----a-w- c:\windows\system32\dllcache\utilman.exe
2010-06-26 15:34:15 27648 ----a-w- c:\windows\system32\dllcache\userinit.exe
2010-06-26 15:34:10 23040 ----a-w- c:\windows\system32\dllcache\unsecapp.exe
2010-06-26 15:34:07 17408 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-06-26 15:34:04 350208 ----a-w- c:\windows\system32\dllcache\tourstrt.exe
2010-06-26 15:34:01 36864 ----a-w- c:\windows\system32\dllcache\tcptest.exe
2010-06-26 15:32:56 89088 ----a-w- c:\windows\system32\dllcache\netsh.exe
2010-06-26 15:32:54 19456 ----a-w- c:\windows\system32\dllcache\quser.exe
2010-06-26 15:32:53 12800 ----a-w- c:\windows\system32\dllcache\query.exe
2010-06-26 15:32:43 218624 ----a-w- c:\windows\system32\dllcache\osk.exe
2010-06-26 15:32:30 422912 ----a-w- c:\windows\system32\dllcache\ntvdm.exe
2010-06-26 15:32:15 56832 ----a-w- c:\windows\system32\dllcache\narrator.exe
2010-06-26 15:31:58 44032 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2010-06-26 15:31:57 63488 ----a-w- c:\windows\system32\dllcache\msimn.exe
2010-06-26 15:31:37 7680 ----a-w- c:\windows\system32\dllcache\mplayer2.exe
2010-06-26 15:31:37 25088 ----a-w- c:\windows\system32\dllcache\mpnotify.exe
2010-06-26 15:31:32 146432 ----a-w- c:\windows\system32\dllcache\mobsync.exe
2010-06-26 15:31:26 246272 ----a-w- c:\windows\system32\dllcache\migwiz.exe
2010-06-26 15:31:26 10752 ----a-w- c:\windows\system32\dllcache\migregdb.exe
2010-06-26 15:31:24 37376 ----a-w- c:\windows\system32\dllcache\migisol.exe
2010-06-26 15:31:19 75776 ----a-w- c:\windows\system32\dllcache\magnify.exe
2010-06-26 15:31:17 16384 ----a-w- c:\windows\system32\dllcache\lsass.exe
2010-06-26 15:31:14 517632 ----a-w- c:\windows\system32\dllcache\logonui.exe
2010-06-26 15:29:59 49664 ----a-w- c:\windows\system32\dllcache\ehmsas.exe
2010-06-26 15:28:59 17408 ----a-w- c:\windows\system32\dllcache\chgusr.exe
2010-06-26 15:28:54 47616 ----a-w- c:\windows\system32\dllcache\alg.exe
2010-06-26 15:28:46 20480 ----a-w- c:\windows\system32\dllcache\admin.exe
2010-06-26 15:28:45 26112 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2010-06-26 14:55:54 66560 ----a-w- c:\windows\system32\dllcache\medctrro.exe
2010-06-26 14:55:10 312832 ----a-w- c:\windows\IsUninst.exe
2010-06-26 14:55:02 2165760 ----a-w- c:\windows\MicCal.exe
2010-06-26 14:55:01 29184 ----a-w- c:\windows\kb913800.exe
2010-06-26 14:54:59 2818048 ----a-w- c:\windows\ALCWZRD.EXE
2010-06-26 14:54:57 74240 ----a-w- c:\windows\agrsmdel.exe
2010-06-26 14:54:56 94208 -c--a-w- c:\windows\unvise32qt.exe
2010-06-26 14:54:53 94208 ----a-w- c:\windows\SOUNDMAN.EXE
2010-06-26 14:54:51 368640 ----a-w- c:\windows\RtlUpd.exe
2010-06-26 14:54:49 9720320 ----a-w- c:\windows\RTLCPL.EXE
2010-06-26 14:54:40 126976 ----a-w- c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
2010-06-24 02:38:40 138752 ----a-w- c:\windows\system32\taskmgr.exe
2010-06-24 01:39:20 223744 ----a-w- c:\windows\system32\logon.scr.tmp
2010-06-23 03:28:32 45568 ----a-w- c:\windows\system32\rundll32.exe
2010-06-23 03:28:23 359424 ----a-w- c:\windows\system32\tourstart.exe
2010-06-23 03:28:22 81408 ----a-w- c:\windows\system32\notepad.exe
2010-06-23 03:28:22 397824 ----a-w- c:\windows\system32\cmd.exe
2010-06-23 03:28:22 152576 ----a-w- c:\windows\system32\mobsync.exe
2010-06-23 03:28:21 45056 ----a-w- c:\windows\system32\rcimlby.exe
2010-06-23 03:28:20 62976 ----a-w- c:\windows\system32\narrator.exe
2010-06-23 03:28:20 59392 ----a-w- c:\windows\system32\utilman.exe
2010-06-23 03:28:20 224768 ----a-w- c:\windows\system32\osk.exe
2010-06-23 03:28:19 81920 ----a-w- c:\windows\system32\magnify.exe
2010-06-21 20:24:42 34304 ---ha-w- c:\documents and settings\compaq_administrator\Compaq_Administrator.exe
2010-06-20 20:01:26 4402688 ----a-w- c:\windows\system32\wpgldfsh.scr
2010-06-20 20:00:44 299520 ----a-w- c:\windows\system32\WISPTIS.EXE
2010-06-20 19:59:55 53248 ----a-w- c:\windows\system32\uwdf.exe
2010-06-20 19:59:09 81408 ----a-w- c:\windows\system32\dllcache\telnet.exe
2010-06-20 19:59:02 81408 ----a-w- c:\windows\system32\telnet.exe
2010-06-20 19:58:50 21504 ----a-w- c:\windows\system32\taskman.exe
2010-06-20 19:57:48 17920 ----a-w- c:\windows\system32\dllcache\spnpinst.exe
2010-06-20 19:57:42 17920 ----a-w- c:\windows\system32\spnpinst.exe
2010-06-20 19:54:21 184320 ----a-w- c:\windows\system32\nvunrm.exe
2010-06-20 19:54:21 184320 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-20 19:54:02 1347584 ----a-w- c:\windows\system32\nvdspsch.exe
2010-06-20 19:53:59 155648 ----a-w- c:\windows\system32\nvcolor.exe
2010-06-20 19:53:57 450560 ----a-w- c:\windows\system32\nvappbar.exe
2010-06-20 19:53:56 37888 ----a-w- c:\windows\system32\dllcache\ntsd.exe
2010-06-20 19:53:50 37888 ----a-w- c:\windows\system32\ntsd.exe
2010-06-20 19:53:30 43008 ----a-w- c:\windows\system32\dllcache\netstat.exe
2010-06-20 19:53:29 337920 ----a-w- c:\windows\system32\dllcache\netsetup.exe
2010-06-20 19:53:24 43008 ----a-w- c:\windows\system32\netstat.exe
2010-06-20 19:53:21 337920 ----a-w- c:\windows\system32\netsetup.exe
2010-06-20 19:53:02 3349504 ----a-w- c:\windows\system32\nature.scr
2010-06-20 19:53:00 1748480 ----a-w- c:\windows\system32\mypixdx.scr
2010-06-20 19:49:40 21504 ----a-w- c:\windows\system32\dllcache\logoff.exe
2010-06-20 19:49:39 65536 ----a-w- c:\windows\system32\dllcache\logman.exe
2010-06-20 19:49:38 102912 ----a-w- c:\windows\system32\dllcache\logagent.exe
2010-06-20 19:49:35 21504 ----a-w- c:\windows\system32\logoff.exe
2010-06-20 19:49:33 65536 ----a-w- c:\windows\system32\logman.exe
2010-06-20 19:49:32 102912 ----a-w- c:\windows\system32\logagent.exe
2010-06-20 19:49:02 434176 ----a-w- c:\windows\system32\keystone.exe
2010-06-20 19:47:32 68096 ----a-w- c:\windows\system32\HdAShCut.exe
2010-06-20 19:45:28 22016 ----a-w- c:\windows\system32\dllcache\expand.exe
2010-06-20 19:45:22 22016 ----a-w- c:\windows\system32\expand.exe
2010-06-20 19:43:05 5074944 ----a-w- c:\windows\system32\davinci.scr
2010-06-20 19:39:07 28672 ----a-w- c:\windows\system32\cliconfg.exe
2010-06-20 19:38:47 57856 ----a-w- c:\windows\system32\migpwd.exe
2010-06-20 19:38:02 40960 ----a-w- c:\windows\system32\9575.exe
2010-06-20 19:38:01 45056 ----a-w- c:\windows\system32\2497.exe
2010-06-20 18:52:28 77824 ----a-w- c:\windows\ALCMTR.EXE
2010-06-19 22:03:57 712704 ----a-w- C:\StubInstaller.exe
2010-06-19 21:39:49 81920 ----a-w- c:\windows\system32\dllcache\wmplayer.exe
2010-06-19 21:37:44 45056 ----a-w- c:\windows\system32\wdfmgr.exe
2010-06-19 21:33:08 152576 ----a-w- c:\windows\regedit.exe
2010-06-19 21:33:07 50688 ----a-w- c:\windows\system32\alg.exe
2010-06-19 21:33:05 139264 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-19 21:33:01 65024 ----a-w- c:\windows\arservice.exe
2010-06-19 21:33:00 64000 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 15:05:52.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 PM

Posted 01 July 2010 - 05:27 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

You are a victim of the TDL3 rootkit.

Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#3 sanjuontario

sanjuontario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 02 July 2010 - 02:40 AM

Hi m0le,
I really appreciate your help. I followed your instructions and I disable my AntiVirus and AntiSpyware applications then ran ComboFix. Here is the ComboFix log.

ComboFix 10-07-01.02 - Compaq_Administrator 07/01/2010 23:50:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.644 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\comfix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Administrator\Compaq_Administrator.exe
c:\documents and settings\Compaq_Administrator\My Documents\cc_20100621_134131.reg
C:\Thumbs.db
c:\windows\ALCMTR.EXE
c:\windows\Fonts\mlog
c:\windows\Install.txt
c:\windows\SC.INS
c:\windows\system32\2497.exe
c:\windows\system32\9575.exe
c:\windows\system32\drivers\bcwqyt.sys
c:\windows\system32\drivers\eggqjna.sys
c:\windows\system32\drivers\fesqeme.sys
c:\windows\system32\drivers\jajguq.sys
c:\windows\system32\drivers\knli.sys
c:\windows\system32\drivers\pelghgr.sys
c:\windows\system32\drivers\qgckvsfj.sys
c:\windows\system32\drivers\wuoqey.sys
c:\windows\system32\Install.txt
c:\windows\system32\sarz8z.log
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_IAS
-------\Legacy_TCPPID
-------\Legacy_duef
-------\Legacy_ktqjfdyx
-------\Legacy_olidx
-------\Legacy_plyxg
-------\Legacy_tpyveomt
-------\Legacy_uyje
-------\Legacy_vbaoecc
-------\Legacy_vsnyal
-------\Service_duef
-------\Service_ktqjfdyx
-------\Service_olidx
-------\Service_plyxg
-------\Service_tpyveomt
-------\Service_uyje
-------\Service_vbaoecc
-------\Service_vsnyal


((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-06-26 02:06 . 2004-08-04 05:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-06-26 02:06 . 2004-08-04 06:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-06-26 02:06 . 2004-08-04 06:10 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-06-26 02:06 . 2004-08-04 06:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-06-26 02:06 . 2004-08-04 06:10 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-06-26 02:06 . 2004-08-04 06:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-06-26 02:06 . 2004-08-04 06:10 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-06-26 02:06 . 2004-08-04 06:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-06-26 02:06 . 2004-08-04 06:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-06-26 02:04 . 2004-08-04 07:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-26 02:04 . 2004-08-04 07:56 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-23 00:13 . 2010-06-23 00:13 54016 ----a-w- c:\windows\system32\drivers\xwfgbu.sys
2010-06-22 23:32 . 2010-06-22 23:32 54016 ----a-w- c:\windows\system32\drivers\ekpeb.sys
2010-06-20 00:23 . 2010-06-20 00:23 -------- d-----w- c:\program files\NOS
2010-06-19 21:40 . 2004-08-09 21:00 80384 ----a-w- c:\windows\system32\dllcache\charmap.exe
2010-06-19 21:40 . 2004-08-09 21:00 80384 ----a-w- c:\windows\system32\charmap.exe
2010-06-19 21:39 . 2004-08-09 21:00 131584 ----a-w- c:\windows\system32\sndrec32.exe
2010-06-19 21:39 . 2004-08-09 21:00 131584 ----a-w- c:\windows\system32\dllcache\sndrec32.exe
2010-06-19 08:58 . 2010-06-19 08:58 54016 ----a-w- c:\windows\system32\drivers\uxtdhhb.sys
2010-06-19 07:32 . 2010-06-19 07:32 54016 ----a-w- c:\windows\system32\drivers\jamtkic.sys
2010-06-17 08:15 . 2010-06-17 08:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-17 08:08 . 2010-06-22 23:32 -------- d-----w- c:\windows\LastGood(2)
2010-06-17 07:55 . 2010-06-17 07:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AOL
2010-06-07 04:02 . 2010-06-07 04:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-07 04:02 . 2010-07-01 07:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\skypePM
2010-06-07 03:57 . 2010-07-01 07:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Skype
2010-06-07 03:55 . 2010-06-07 03:55 -------- d-----w- c:\program files\Common Files\Skype
2010-06-07 03:55 . 2010-06-07 03:56 -------- d-----r- c:\program files\Skype
2010-06-07 03:55 . 2010-06-07 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-05 00:00 . 2010-06-05 00:00 -------- d-----w- c:\program files\Loaris
2010-06-04 20:22 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 20:21 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 20:08 . 2010-06-04 20:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\MSNInstaller
2010-06-04 15:13 . 2010-06-17 20:02 746216 ----a-w- c:\windows\system32\drivers\vetefile.sys
2010-06-04 15:13 . 2010-06-17 20:02 130280 ----a-w- c:\windows\system32\drivers\veteboot.sys
2010-06-04 15:12 . 2010-06-04 15:13 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2010-06-04 15:12 . 2010-06-04 15:13 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2010-06-04 15:12 . 2010-06-04 15:13 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2010-06-04 15:12 . 2010-06-04 15:13 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2010-06-04 15:12 . 2007-08-20 20:37 75016 ----a-w- c:\windows\system32\isafprod.dll
2010-06-04 15:12 . 2007-08-20 20:37 99592 ----a-w- c:\windows\system32\isafeif.dll
2010-06-04 15:12 . 2007-08-20 20:26 79424 ----a-w- c:\windows\system32\vetredir.dll
2010-06-04 15:12 . 2010-06-17 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-06-04 15:12 . 2010-06-04 15:20 -------- d-----w- c:\program files\CA
2010-06-03 20:08 . 2010-06-04 01:30 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\pdgdsgkbf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 07:11 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-02 07:06 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-07-02 07:06 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-07-02 07:06 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-07-02 07:06 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-07-02 07:06 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-07-02 07:06 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-07-02 07:06 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-07-02 07:06 . 2010-06-04 17:09 258074 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-07-01 09:45 . 2010-06-01 09:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 10:49 . 2010-06-30 10:41 7631232 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-06-30 07:28 . 2006-05-05 10:07 -------- d-----w- c:\program files\Common Files\Real
2010-06-30 07:14 . 2009-10-05 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-26 15:49 . 2006-05-05 10:26 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-06-26 15:48 . 2006-05-05 10:26 47104 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-06-26 15:48 . 2010-05-22 04:00 747008 ----a-w- c:\windows\pchealth\helpctr\binaries\OLD4.tmp
2010-06-26 14:59 . 2006-05-05 09:57 57344 ----a-w- c:\windows\Help\SBSI\Training\usersid.exe
2010-06-26 14:59 . 2006-05-05 09:57 237568 ----a-w- c:\windows\Help\SBSI\Training\ounins32_s.exe
2010-06-26 14:55 . 2006-05-05 09:57 312832 ----a-w- c:\windows\IsUninst.exe
2010-06-26 14:55 . 2006-05-05 09:56 2165760 ----a-w- c:\windows\MicCal.exe
2010-06-26 14:55 . 2006-08-29 03:35 29184 ----a-w- c:\windows\kb913800.exe
2010-06-26 14:54 . 2006-05-05 09:56 2818048 ----a-w- c:\windows\ALCWZRD.EXE
2010-06-26 14:54 . 2006-05-05 09:59 74240 ----a-w- c:\windows\agrsmdel.exe
2010-06-26 14:54 . 2006-08-31 03:56 94208 -c--a-w- c:\windows\unvise32qt.exe
2010-06-26 14:54 . 2006-05-05 09:56 94208 ----a-w- c:\windows\SOUNDMAN.EXE
2010-06-26 14:54 . 2006-05-05 09:56 368640 ----a-w- c:\windows\RtlUpd.exe
2010-06-26 14:54 . 2006-05-05 09:56 9720320 ----a-w- c:\windows\RTLCPL.EXE
2010-06-26 14:54 . 2006-05-05 10:24 126976 ----a-w- c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
2010-06-24 04:47 . 2010-06-24 04:47 705536 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Mikogo.exe
2010-06-24 04:47 . 2010-06-24 04:47 471040 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\MikogoSkypeExtra.exe
2010-06-24 04:47 . 2010-06-24 04:47 1828440 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll
2010-06-24 02:38 . 2004-08-10 04:00 138752 ----a-w- c:\windows\system32\taskmgr.exe
2010-06-24 01:39 . 2004-08-10 04:00 223744 ----a-w- c:\windows\system32\logon.scr.tmp
2010-06-23 03:33 . 2006-05-05 09:57 1093632 ----a-w- c:\windows\Help\SBSI\Training\orun32.exe
2010-06-23 03:28 . 2004-08-10 04:00 45568 ----a-w- c:\windows\system32\rundll32.exe
2010-06-23 03:28 . 2004-08-10 11:00 359424 ----a-w- c:\windows\system32\tourstart.exe
2010-06-23 03:28 . 2004-08-10 04:00 81408 ----a-w- c:\windows\system32\notepad.exe
2010-06-23 03:28 . 2004-08-10 04:00 397824 ----a-w- c:\windows\system32\cmd.exe
2010-06-23 03:28 . 2004-08-10 04:00 152576 ----a-w- c:\windows\system32\mobsync.exe
2010-06-23 03:28 . 2007-04-13 22:01 40448 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{9CCE527D-356F-41A8-9718-77A68AC065FB}\Icon9CCE527D.exe
2010-06-23 03:28 . 2004-08-10 04:00 45056 ----a-w- c:\windows\system32\rcimlby.exe
2010-06-23 03:28 . 2004-08-10 04:00 62976 ----a-w- c:\windows\system32\narrator.exe
2010-06-23 03:28 . 2004-08-10 04:00 59392 ----a-w- c:\windows\system32\utilman.exe
2010-06-23 03:28 . 2004-08-10 04:00 224768 ----a-w- c:\windows\system32\osk.exe
2010-06-23 03:28 . 2004-08-10 04:00 81920 ----a-w- c:\windows\system32\magnify.exe
2010-06-20 20:01 . 2004-08-10 09:43 4402688 ----a-w- c:\windows\system32\wpgldfsh.scr
2010-06-20 20:00 . 2006-10-26 21:45 299520 ----a-w- c:\windows\system32\WISPTIS.EXE
2010-06-20 19:59 . 2004-08-10 04:00 53248 ----a-w- c:\windows\system32\uwdf.exe
2010-06-20 19:59 . 2004-08-10 11:00 81408 ----a-w- c:\windows\system32\telnet.exe
2010-06-20 19:58 . 2004-08-10 04:00 21504 ----a-w- c:\windows\system32\taskman.exe
2010-06-20 19:57 . 2004-08-10 11:00 17920 ----a-w- c:\windows\system32\spnpinst.exe
2010-06-20 19:55 . 2009-02-28 02:32 2256896 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\U3\temp\49a8a2400\Music\LinksysConnectPC.exe
2010-06-20 19:55 . 2007-09-22 22:25 3506176 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\U3\temp\Launchpad Removal.exe
2010-06-20 19:55 . 2007-09-22 22:28 122880 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\U3\temp\cleanup.exe
2010-06-20 19:54 . 2006-05-05 09:59 184320 ----a-w- c:\windows\system32\nvunrm.exe
2010-06-20 19:54 . 2006-05-05 09:59 184320 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-20 19:54 . 2006-05-05 09:59 1347584 ----a-w- c:\windows\system32\nvdspsch.exe
2010-06-20 19:53 . 2006-05-05 09:59 155648 ----a-w- c:\windows\system32\nvcolor.exe
2010-06-20 19:53 . 2006-05-05 09:59 450560 ----a-w- c:\windows\system32\nvappbar.exe
2010-06-20 19:53 . 2004-08-10 11:00 37888 ----a-w- c:\windows\system32\ntsd.exe
2010-06-20 19:53 . 2004-08-10 04:00 43008 ----a-w- c:\windows\system32\netstat.exe
2010-06-20 19:53 . 2004-08-10 11:00 337920 ----a-w- c:\windows\system32\netsetup.exe
2010-06-20 19:53 . 2004-08-10 09:43 3349504 ----a-w- c:\windows\system32\nature.scr
2010-06-20 19:53 . 2004-08-10 09:43 1748480 ----a-w- c:\windows\system32\mypixdx.scr
2010-06-20 19:49 . 2004-08-10 04:00 21504 ----a-w- c:\windows\system32\logoff.exe
2010-06-20 19:49 . 2004-08-10 04:00 65536 ----a-w- c:\windows\system32\logman.exe
2010-06-20 19:49 . 2004-08-10 04:00 102912 ----a-w- c:\windows\system32\logagent.exe
2010-06-20 19:49 . 2006-05-05 09:59 434176 ----a-w- c:\windows\system32\keystone.exe
2010-06-20 19:47 . 2005-01-08 07:07 68096 ----a-w- c:\windows\system32\HdAShCut.exe
2010-06-20 19:45 . 2004-08-10 11:00 22016 ----a-w- c:\windows\system32\expand.exe
2010-06-20 19:43 . 2004-08-10 09:43 5074944 ----a-w- c:\windows\system32\davinci.scr
2010-06-20 19:39 . 2004-08-10 04:00 28672 ----a-w- c:\windows\system32\cliconfg.exe
2010-06-20 19:38 . 2004-08-10 04:00 57856 ----a-w- c:\windows\system32\migpwd.exe
2010-06-20 19:36 . 2009-06-28 20:59 98304 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-20 19:32 . 2006-05-05 10:44 118784 ----a-w- c:\documents and settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe
2010-06-20 19:29 . 2007-09-08 18:17 65536 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASPA5A.tmp\aspapp\sunsetAsp.exe
2010-06-20 00:26 . 2009-06-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-19 22:03 . 2005-10-31 15:56 712704 ----a-w- C:\StubInstaller.exe
2010-06-19 21:37 . 2004-08-10 04:00 45056 ----a-w- c:\windows\system32\wdfmgr.exe
2010-06-19 21:33 . 2004-08-10 11:00 152576 ----a-w- c:\windows\regedit.exe
2010-06-19 21:33 . 2004-08-10 04:00 50688 ----a-w- c:\windows\system32\alg.exe
2010-06-19 21:33 . 2006-05-05 09:59 139264 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-19 21:33 . 2005-08-03 06:19 65024 ----a-w- c:\windows\arservice.exe
2010-06-19 21:33 . 2004-08-10 04:00 64000 ----a-w- c:\windows\system32\spoolsv.exe
2010-06-19 21:32 . 2004-08-10 04:00 520704 ----a-w- c:\windows\system32\logonui.exe
2010-06-19 21:32 . 2004-08-10 04:00 28160 ----a-w- c:\windows\system32\mpnotify.exe
2010-06-19 21:32 . 2004-08-10 04:00 156160 ----a-w- c:\windows\system32\imapi.exe
2010-06-19 21:32 . 2006-05-05 09:59 1527808 ----a-w- c:\windows\system32\nwiz.exe
2010-06-19 21:32 . 2006-05-05 09:56 16017920 ----a-w- c:\windows\RTHDCPL.EXE
2010-06-19 21:32 . 2005-08-03 06:19 83456 ----a-w- c:\windows\arpwrmsg.exe
2010-06-19 21:32 . 2004-08-10 04:00 30720 ----a-w- c:\windows\system32\userinit.exe
2010-06-19 21:32 . 2004-08-10 04:00 425984 ----a-w- c:\windows\system32\ntvdm.exe
2010-06-19 00:31 . 2007-03-22 23:59 1636 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2010-06-17 20:02 . 2010-06-17 08:50 1561896 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2010-06-17 08:17 . 2006-05-05 10:14 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-06-16 07:59 . 2004-08-10 04:00 19968 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2010-06-16 07:59 . 2004-08-10 04:00 221184 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2010-06-16 07:59 . 2004-08-10 04:00 18432 ----a-w- c:\windows\system32\ctfmon.exe
2010-06-16 07:58 . 2004-08-10 04:00 1035264 ----a-w- c:\windows\explorer.exe
2010-06-16 01:12 . 2004-08-10 04:00 184320 ----a-w- c:\windows\system32\dwwin.exe.tmp
.

------- Sigcheck -------

[-] 2010-06-26 . 2CDF9A0307F43C7F43EE9CAB08896F16 . 60928 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2010-06-26 . 84764F6CBE19C26EA295968874542734 . 60928 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2010-06-26 . 21A16ABFD3C93B6AA5AA7BFF7B3945C0 . 60928 . . [5.1.2600.2696] . . c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
[-] 2010-06-26 . B94EAC1190CE53942A01384AC689D5DD . 60928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[-] 2010-06-19 . 502E569F147F5E49E5E2B4660C8172C7 . 64000 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe

[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2010-06-26 . 68AE373BAC6BB8C22C97D361358B54BD . 27648 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
[-] 2010-06-26 . D96BC40C367DBBE1B758952CD9DFC6EF . 29184 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[-] 2010-06-19 . 39EB9CD6AD503CB6325B54F60D91C351 . 30720 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2010-06-26 . 9BDA8DD4C33C620608C4B3B9359C9C1D . 1036288 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2010-06-26 . 00BA6785CA55DBBDBD5B162FF8F62C99 . 1038336 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
[-] 2010-06-26 . C946A20B1EAD9D561DC1C4466631874C . 1036800 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2010-06-26 . 661B8CD1A72ED760285508EDB5D060CB . 1036288 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2010-06-16 . E672642A91C389A24EDF23703A205926 . 1035264 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[-] 2010-06-26 . 621383E2BD2FDA7F88B6E08E4B11EB6E . 18432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2010-06-26 . 0B238F23796727A62CD27EC418ACF1FD . 18432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2010-06-16 . 01EC54DB16AD4378ED49E927F5CC8940 . 18432 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DISCover"="c:\program files\DISC\DISCover.exe" [2010-06-19 1085440]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2010-06-19 69632]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-06-19 258048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2010-06-19 57344]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2010-06-04 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2010-06-04 226640]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2010-06-17 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2010-06-17 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2010-06-17 259312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-7-20 2913584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 20:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=c:\windows\pss\Dynex Wireless Networking Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-28 21:28 50776 ----a-w- c:\progra~1\AMERIC~1.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
2010-06-26 13:10 61440 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 10:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 10:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S0 cgjswqw;cgjswqw;c:\windows\system32\drivers\efmchacn.sys --> c:\windows\system32\drivers\efmchacn.sys [?]
S0 oxumlba;oxumlba;c:\windows\system32\drivers\djxmqoen.sys --> c:\windows\system32\drivers\djxmqoen.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\CAAntiSpywareScan_Daily as Compaq_Administrator at 8 20 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 04:10]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3233539365-3759977510-1815402281-1008Core.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 08:00]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3233539365-3759977510-1815402281-1008UA.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 08:00]

2010-06-26 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-02-05 19:13]

2010-07-02 c:\windows\Tasks\User_Feed_Synchronization-{5206AC68-9D6F-4198-A695-035A966C38BE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 05:05]

2010-07-02 c:\windows\Tasks\User_Feed_Synchronization-{DB819CD8-5E3E-41A5-B468-9F266454B1D4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 05:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 00:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3062419294-3471478182-609678563-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2860)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\arservice.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2010-07-02 00:19:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-02 07:19

Pre-Run: 203,328,151,552 bytes free
Post-Run: 208,292,937,728 bytes free

- - End Of File - - 88E2942804F5B55B187B152B4EB0F7A1


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 PM

Posted 02 July 2010 - 05:25 PM

There's still some serious infection here. Please rerun Combofix in the manner shown below

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

QUOTE
File::
c:\windows\system32\drivers\xwfgbu.sys
c:\windows\system32\drivers\ekpeb.sys
c:\windows\system32\drivers\uxtdhhb.sys
c:\windows\system32\drivers\jamtkic.sys
c:\windows\system32\drivers\efmchacn.sys
c:\windows\system32\drivers\djxmqoen.sys

Folder::
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\pdgdsgkbf

Driver::
xwfgbu
ekpeb
uxtdhhb
jamtkic
cgjswqw
oxumlba

RegLock::
[HKEY_USERS\S-1-5-21-3062419294-3471478182-609678563-1008\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 sanjuontario

sanjuontario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 05 July 2010 - 02:20 AM

dragged the script and here is the log.

ComboFix 10-07-04.02 - Compaq_Administrator 07/04/2010 23:38:54.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.482 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\system32\drivers\djxmqoen.sys"
"c:\windows\system32\drivers\efmchacn.sys"
"c:\windows\system32\drivers\ekpeb.sys"
"c:\windows\system32\drivers\jamtkic.sys"
"c:\windows\system32\drivers\uxtdhhb.sys"
"c:\windows\system32\drivers\xwfgbu.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\pdgdsgkbf
c:\windows\system32\drivers\ekpeb.sys
c:\windows\system32\drivers\jamtkic.sys
c:\windows\system32\drivers\uxtdhhb.sys
c:\windows\system32\drivers\xwfgbu.sys

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OXUMLBA
-------\Service_cgjswqw
-------\Service_oxumlba


((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-06-26 02:06 . 2004-08-04 05:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-06-26 02:06 . 2004-08-04 06:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-06-26 02:06 . 2004-08-04 06:10 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-06-26 02:06 . 2004-08-04 06:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-06-26 02:06 . 2004-08-04 06:10 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-06-26 02:06 . 2004-08-04 06:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-06-26 02:06 . 2004-08-04 06:10 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-06-26 02:06 . 2004-08-04 06:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-06-26 02:06 . 2004-08-04 06:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-06-26 02:04 . 2004-08-04 07:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-26 02:04 . 2004-08-04 07:56 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-20 00:23 . 2010-06-20 00:23 -------- d-----w- c:\program files\NOS
2010-06-19 21:40 . 2004-08-09 21:00 80384 ----a-w- c:\windows\system32\dllcache\charmap.exe
2010-06-19 21:40 . 2004-08-09 21:00 80384 ----a-w- c:\windows\system32\charmap.exe
2010-06-19 21:39 . 2004-08-09 21:00 131584 ----a-w- c:\windows\system32\sndrec32.exe
2010-06-19 21:39 . 2004-08-09 21:00 131584 ----a-w- c:\windows\system32\dllcache\sndrec32.exe
2010-06-17 08:15 . 2010-06-17 08:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-17 08:08 . 2010-06-22 23:32 -------- d-----w- c:\windows\LastGood(2)
2010-06-17 07:55 . 2010-06-17 07:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AOL
2010-06-07 04:02 . 2010-06-07 04:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-07 04:02 . 2010-07-01 07:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\skypePM
2010-06-07 03:57 . 2010-07-01 07:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Skype
2010-06-07 03:55 . 2010-06-07 03:55 -------- d-----w- c:\program files\Common Files\Skype
2010-06-07 03:55 . 2010-06-07 03:56 -------- d-----r- c:\program files\Skype
2010-06-07 03:55 . 2010-06-07 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 06:56 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-05 06:51 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-07-05 06:51 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-07-05 06:51 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-07-05 06:51 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-07-05 06:51 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-07-05 06:51 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-07-05 06:51 . 2010-06-04 17:09 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-07-05 06:51 . 2010-06-04 17:09 261138 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-07-01 09:45 . 2010-06-01 09:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 10:49 . 2010-06-30 10:41 7631232 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-06-30 07:28 . 2006-05-05 10:07 -------- d-----w- c:\program files\Common Files\Real
2010-06-30 07:14 . 2009-10-05 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-26 15:49 . 2006-05-05 10:26 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-06-26 15:48 . 2006-05-05 10:26 47104 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-06-26 15:48 . 2010-05-22 04:00 747008 ----a-w- c:\windows\pchealth\helpctr\binaries\OLD4.tmp
2010-06-26 14:59 . 2006-05-05 09:57 57344 ----a-w- c:\windows\Help\SBSI\Training\usersid.exe
2010-06-26 14:59 . 2006-05-05 09:57 237568 ----a-w- c:\windows\Help\SBSI\Training\ounins32_s.exe
2010-06-26 14:55 . 2006-05-05 09:57 312832 ----a-w- c:\windows\IsUninst.exe
2010-06-26 14:55 . 2006-05-05 09:56 2165760 ----a-w- c:\windows\MicCal.exe
2010-06-26 14:55 . 2006-08-29 03:35 29184 ----a-w- c:\windows\kb913800.exe
2010-06-26 14:54 . 2006-05-05 09:56 2818048 ----a-w- c:\windows\ALCWZRD.EXE
2010-06-26 14:54 . 2006-05-05 09:59 74240 ----a-w- c:\windows\agrsmdel.exe
2010-06-26 14:54 . 2006-08-31 03:56 94208 -c--a-w- c:\windows\unvise32qt.exe
2010-06-26 14:54 . 2006-05-05 09:56 94208 ----a-w- c:\windows\SOUNDMAN.EXE
2010-06-26 14:54 . 2006-05-05 09:56 368640 ----a-w- c:\windows\RtlUpd.exe
2010-06-26 14:54 . 2006-05-05 09:56 9720320 ----a-w- c:\windows\RTLCPL.EXE
2010-06-26 14:54 . 2006-05-05 10:24 126976 ----a-w- c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
2010-06-24 04:47 . 2010-06-24 04:47 705536 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Mikogo.exe
2010-06-24 04:47 . 2010-06-24 04:47 471040 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\MikogoSkypeExtra.exe
2010-06-24 04:47 . 2010-06-24 04:47 1828440 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll
2010-06-24 02:38 . 2004-08-10 04:00 138752 ----a-w- c:\windows\system32\taskmgr.exe
2010-06-24 01:39 . 2004-08-10 04:00 223744 ----a-w- c:\windows\system32\logon.scr.tmp
2010-06-23 03:33 . 2006-05-05 09:57 1093632 ----a-w- c:\windows\Help\SBSI\Training\orun32.exe
2010-06-23 03:28 . 2004-08-10 04:00 45568 ----a-w- c:\windows\system32\rundll32.exe
2010-06-23 03:28 . 2004-08-10 11:00 359424 ----a-w- c:\windows\system32\tourstart.exe
2010-06-23 03:28 . 2004-08-10 04:00 81408 ----a-w- c:\windows\system32\notepad.exe
2010-06-23 03:28 . 2004-08-10 04:00 397824 ----a-w- c:\windows\system32\cmd.exe
2010-06-23 03:28 . 2004-08-10 04:00 152576 ----a-w- c:\windows\system32\mobsync.exe
2010-06-23 03:28 . 2007-04-13 22:01 40448 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{9CCE527D-356F-41A8-9718-77A68AC065FB}\Icon9CCE527D.exe
2010-06-23 03:28 . 2004-08-10 04:00 45056 ----a-w- c:\windows\system32\rcimlby.exe
2010-06-23 03:28 . 2004-08-10 04:00 62976 ----a-w- c:\windows\system32\narrator.exe
2010-06-23 03:28 . 2004-08-10 04:00 59392 ----a-w- c:\windows\system32\utilman.exe
2010-06-23 03:28 . 2004-08-10 04:00 224768 ----a-w- c:\windows\system32\osk.exe
2010-06-23 03:28 . 2004-08-10 04:00 81920 ----a-w- c:\windows\system32\magnify.exe
2010-06-20 20:01 . 2004-08-10 09:43 4402688 ----a-w- c:\windows\system32\wpgldfsh.scr
2010-06-20 20:00 . 2006-10-26 21:45 299520 ----a-w- c:\windows\system32\WISPTIS.EXE
2010-06-20 19:59 . 2004-08-10 04:00 53248 ----a-w- c:\windows\system32\uwdf.exe
2010-06-20 19:59 . 2004-08-10 11:00 81408 ----a-w- c:\windows\system32\telnet.exe
2010-06-20 19:58 . 2004-08-10 04:00 21504 ----a-w- c:\windows\system32\taskman.exe
2010-06-20 19:57 . 2004-08-10 11:00 17920 ----a-w- c:\windows\system32\spnpinst.exe
2010-06-20 19:55 . 2009-02-28 02:32 2256896 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\U3\temp\49a8a2400\Music\LinksysConnectPC.exe
2010-06-20 19:55 . 2007-09-22 22:25 3506176 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\U3\temp\Launchpad Removal.exe
2010-06-20 19:55 . 2007-09-22 22:28 122880 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\U3\temp\cleanup.exe
2010-06-20 19:54 . 2006-05-05 09:59 184320 ----a-w- c:\windows\system32\nvunrm.exe
2010-06-20 19:54 . 2006-05-05 09:59 184320 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-20 19:54 . 2006-05-05 09:59 1347584 ----a-w- c:\windows\system32\nvdspsch.exe
2010-06-20 19:53 . 2006-05-05 09:59 155648 ----a-w- c:\windows\system32\nvcolor.exe
2010-06-20 19:53 . 2006-05-05 09:59 450560 ----a-w- c:\windows\system32\nvappbar.exe
2010-06-20 19:53 . 2004-08-10 11:00 37888 ----a-w- c:\windows\system32\ntsd.exe
2010-06-20 19:53 . 2004-08-10 04:00 43008 ----a-w- c:\windows\system32\netstat.exe
2010-06-20 19:53 . 2004-08-10 11:00 337920 ----a-w- c:\windows\system32\netsetup.exe
2010-06-20 19:53 . 2004-08-10 09:43 3349504 ----a-w- c:\windows\system32\nature.scr
2010-06-20 19:53 . 2004-08-10 09:43 1748480 ----a-w- c:\windows\system32\mypixdx.scr
2010-06-20 19:49 . 2004-08-10 04:00 21504 ----a-w- c:\windows\system32\logoff.exe
2010-06-20 19:49 . 2004-08-10 04:00 65536 ----a-w- c:\windows\system32\logman.exe
2010-06-20 19:49 . 2004-08-10 04:00 102912 ----a-w- c:\windows\system32\logagent.exe
2010-06-20 19:49 . 2006-05-05 09:59 434176 ----a-w- c:\windows\system32\keystone.exe
2010-06-20 19:47 . 2005-01-08 07:07 68096 ----a-w- c:\windows\system32\HdAShCut.exe
2010-06-20 19:45 . 2004-08-10 11:00 22016 ----a-w- c:\windows\system32\expand.exe
2010-06-20 19:43 . 2004-08-10 09:43 5074944 ----a-w- c:\windows\system32\davinci.scr
2010-06-20 19:39 . 2004-08-10 04:00 28672 ----a-w- c:\windows\system32\cliconfg.exe
2010-06-20 19:38 . 2004-08-10 04:00 57856 ----a-w- c:\windows\system32\migpwd.exe
2010-06-20 19:36 . 2009-06-28 20:59 98304 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-20 19:32 . 2006-05-05 10:44 118784 ----a-w- c:\documents and settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe
2010-06-20 19:29 . 2007-09-08 18:17 65536 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASPA5A.tmp\aspapp\sunsetAsp.exe
2010-06-20 00:26 . 2009-06-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-19 22:03 . 2005-10-31 15:56 712704 ----a-w- C:\StubInstaller.exe
2010-06-19 21:37 . 2004-08-10 04:00 45056 ----a-w- c:\windows\system32\wdfmgr.exe
2010-06-19 21:33 . 2004-08-10 11:00 152576 ----a-w- c:\windows\regedit.exe
2010-06-19 21:33 . 2004-08-10 04:00 50688 ----a-w- c:\windows\system32\alg.exe
2010-06-19 21:33 . 2006-05-05 09:59 139264 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-19 21:33 . 2005-08-03 06:19 65024 ----a-w- c:\windows\arservice.exe
2010-06-19 21:33 . 2004-08-10 04:00 64000 ----a-w- c:\windows\system32\spoolsv.exe
2010-06-19 21:32 . 2004-08-10 04:00 520704 ----a-w- c:\windows\system32\logonui.exe
2010-06-19 21:32 . 2004-08-10 04:00 28160 ----a-w- c:\windows\system32\mpnotify.exe
2010-06-19 21:32 . 2004-08-10 04:00 156160 ----a-w- c:\windows\system32\imapi.exe
2010-06-19 21:32 . 2006-05-05 09:59 1527808 ----a-w- c:\windows\system32\nwiz.exe
2010-06-19 21:32 . 2006-05-05 09:56 16017920 ----a-w- c:\windows\RTHDCPL.EXE
2010-06-19 21:32 . 2005-08-03 06:19 83456 ----a-w- c:\windows\arpwrmsg.exe
2010-06-19 21:32 . 2004-08-10 04:00 30720 ----a-w- c:\windows\system32\userinit.exe
2010-06-19 21:32 . 2004-08-10 04:00 425984 ----a-w- c:\windows\system32\ntvdm.exe
2010-06-19 00:31 . 2007-03-22 23:59 1636 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2010-06-17 20:03 . 2010-06-04 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-06-17 20:02 . 2010-06-17 08:50 1561896 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2010-06-17 20:02 . 2010-06-04 15:13 746216 ----a-w- c:\windows\system32\drivers\vetefile.sys
2010-06-17 20:02 . 2010-06-04 15:13 130280 ----a-w- c:\windows\system32\drivers\veteboot.sys
2010-06-17 08:17 . 2006-05-05 10:14 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-06-16 07:59 . 2004-08-10 04:00 19968 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2010-06-16 07:59 . 2004-08-10 04:00 221184 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
.

------- Sigcheck -------

[-] 2010-06-26 . 2CDF9A0307F43C7F43EE9CAB08896F16 . 60928 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2010-06-26 . 84764F6CBE19C26EA295968874542734 . 60928 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2010-06-26 . 21A16ABFD3C93B6AA5AA7BFF7B3945C0 . 60928 . . [5.1.2600.2696] . . c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
[-] 2010-06-26 . B94EAC1190CE53942A01384AC689D5DD . 60928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[-] 2010-06-19 . 502E569F147F5E49E5E2B4660C8172C7 . 64000 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe

[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2010-06-26 . 68AE373BAC6BB8C22C97D361358B54BD . 27648 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
[-] 2010-06-26 . D96BC40C367DBBE1B758952CD9DFC6EF . 29184 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[-] 2010-06-19 . 39EB9CD6AD503CB6325B54F60D91C351 . 30720 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2010-06-26 . 9BDA8DD4C33C620608C4B3B9359C9C1D . 1036288 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2010-06-26 . 00BA6785CA55DBBDBD5B162FF8F62C99 . 1038336 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
[-] 2010-06-26 . C946A20B1EAD9D561DC1C4466631874C . 1036800 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2010-06-26 . 661B8CD1A72ED760285508EDB5D060CB . 1036288 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2010-06-16 . E672642A91C389A24EDF23703A205926 . 1035264 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[-] 2010-06-26 . 621383E2BD2FDA7F88B6E08E4B11EB6E . 18432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2010-06-26 . 0B238F23796727A62CD27EC418ACF1FD . 18432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2010-06-16 . 01EC54DB16AD4378ED49E927F5CC8940 . 18432 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DISCover"="c:\program files\DISC\DISCover.exe" [2010-06-19 1085440]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2010-06-19 69632]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-06-19 258048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2010-06-19 57344]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2010-06-04 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2010-06-04 226640]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2010-06-17 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2010-06-17 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2010-06-17 259312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-7-20 2913584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 20:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=c:\windows\pss\Dynex Wireless Networking Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-28 21:28 50776 ----a-w- c:\progra~1\AMERIC~1.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
2010-06-26 13:10 61440 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 10:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 10:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\CAAntiSpywareScan_Daily as Compaq_Administrator at 8 20 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 04:10]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3233539365-3759977510-1815402281-1008Core.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 08:00]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3233539365-3759977510-1815402281-1008UA.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 08:00]

2010-07-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-02-05 19:13]

2010-07-05 c:\windows\Tasks\User_Feed_Synchronization-{5206AC68-9D6F-4198-A695-035A966C38BE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 05:05]

2010-07-05 c:\windows\Tasks\User_Feed_Synchronization-{DB819CD8-5E3E-41A5-B468-9F266454B1D4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 05:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 00:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3062419294-3471478182-609678563-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(1376)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\windows\arservice.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-05 00:09:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-05 07:09
ComboFix2.txt 2010-07-02 07:19

Pre-Run: 207,266,803,712 bytes free
Post-Run: 208,215,764,992 bytes free

- - End Of File - - 6D6A8DAC43EDC9D96A5CF7D454911748


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 PM

Posted 05 July 2010 - 02:00 PM

Can you run MBAM next

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#7 sanjuontario

sanjuontario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 05 July 2010 - 11:51 PM

I ran MBAM and I encounter problems while downloading updates. I uploaded the update error. Then I manually download mbam-rules.exe to install but the latest version is 4125 and dated from 5/21/2010 and fingerprints loaded is at 237855. I did a Full Scan, left all the drives selected and clicked on the Start Scan button. Here is the log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4125

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/5/2010 8:15:33 PM
mbam-log-2010-07-05 (20-15-33).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 306982
Time elapsed: 1 hour(s), 11 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 PM

Posted 06 July 2010 - 04:29 PM

Can you run Dr Web

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Posted Image
m0le is a proud member of UNITE

#9 sanjuontario

sanjuontario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 07 July 2010 - 05:10 AM

Here are the contents of the log from Dr.Web.

sunsetAsp.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASPA5A.tmp\aspapp;Win32.Virut.56;Cured.;
062B03BE.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\062B03BE.tmp;VBS.Psyme.434;;
062B03BE.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
06E4789B.htm\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06E4789B.htm;VBS.Psyme.434;;
06E4789B.htm;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
111155BF.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\111155BF.tmp;VBS.Psyme.434;;
111155BF.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
13800D53.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13800D53.tmp;VBS.Psyme.434;;
13800D53.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
1615329F.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1615329F.tmp;VBS.Psyme.434;;
1615329F.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
16D05B98.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16D05B98.tmp;VBS.Psyme.434;;
16D05B98.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
16D72F91.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16D72F91.tmp;VBS.Psyme.434;;
16D72F91.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
16DA598D.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16DA598D.tmp;VBS.Psyme.434;;
16DA598D.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
2E751314.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E751314.tmp;VBS.Psyme.434;;
2E751314.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
3CC54EDF.htm\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CC54EDF.htm;VBS.Psyme.434;;
3CC54EDF.htm;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
46380ED4.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46380ED4.tmp;VBS.Psyme.434;;
46380ED4.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
4ABB6EF3.dll;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.26498;Deleted.;
4C0F2658.anr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.ANIFile;Deleted.;
5BDE109F.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BDE109F.tmp;VBS.Psyme.434;;
5BDE109F.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
5CC76D11.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CC76D11.tmp;VBS.Psyme.434;;
5CC76D11.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
5D3E116F.wmf;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.MS05-053;Deleted.;
5D413B6C.anr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.ANIFile;Deleted.;
5D4E635D.anr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.ANIFile;Deleted.;
5FF57CF0.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FF57CF0.tmp;VBS.Psyme.434;;
5FF57CF0.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
623C660B.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\623C660B.tmp;VBS.Psyme.434;;
623C660B.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
62925887.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62925887.tmp;VBS.Psyme.434;;
62925887.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
62CA224A.htm\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62CA224A.htm;VBS.Psyme.434;;
62CA224A.htm;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
62CD4C46.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62CD4C46.tmp;VBS.Psyme.434;;
62CD4C46.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
62EA4626.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62EA4626.tmp;VBS.Psyme.434;;
62EA4626.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
62F76E17.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62F76E17.tmp;VBS.Psyme.434;;
62F76E17.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
62FB1814.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62FB1814.tmp;VBS.Psyme.434;;
62FB1814.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
63041609.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63041609.tmp;VBS.Psyme.434;;
63041609.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
630B6A02.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\630B6A02.tmp;VBS.Psyme.434;;
630B6A02.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
631B3BF0.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631B3BF0.tmp;VBS.Psyme.434;;
631B3BF0.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
632C0DDE.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632C0DDE.tmp;VBS.Psyme.434;;
632C0DDE.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
633F09C8.tmp\JavaScript.0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633F09C8.tmp;VBS.Psyme.434;;
633F09C8.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;Moved.;
6487376B.wmf;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.MS05-053;Deleted.;
Icon9CCE527D.exe;C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Installer\{9CCE527D-356F-41A8-9718-77A68AC065FB};Win32.Virut.56;Cured.;
cleanup.exe;C:\Documents and Settings\Compaq_Administrator\Application Data\U3\temp;Win32.Virut.56;Cured.;
Launchpad Removal.exe;C:\Documents and Settings\Gabby\Application Data\U3\temp;Win32.Virut.56;Cured.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
ProcessLogger.exe;C:\hp\bin;Win32.Virut.56;Cured.;
TransientMessage.exe;C:\hp\bin;Win32.Virut.56;Cured.;
agrsmdel.exe;C:\hp\drivers\Agere_Soft_Modem;Win32.Virut.56;Cured.;
SWR_Wizard.exe;C:\hp\recovery\wizard;Win32.Virut.56;Cured.;
AcroRd32.exe;C:\Program Files\Adobe\Acrobat 7.0\Reader;Win32.Virut.56;Cured.;
AcroRd32Info.exe;C:\Program Files\Adobe\Acrobat 7.0\Reader;Win32.Virut.56;Cured.;
Acrobat.com.exe;C:\Program Files\Adobe\Acrobat.com;Win32.Virut.56;Cured.;
Adobe Media Player.exe;C:\Program Files\Adobe Media Player;Win32.Virut.56;Cured.;
AFLookup.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
restart.exe;C:\Program Files\America Online 9.0\download\SmitfraudFix;Tool.ShutDown.14;Incurable.Moved.;
photoimpression.exe;C:\Program Files\ArcSoft\PhotoImpression 5;Win32.Virut.56;Cured.;
InsHlp2k64.exe;C:\Program Files\Common Files\AOL\ACS;Win32.Virut.56;Cured.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Incurable.Moved.;
dvpapi.exe;C:\Program Files\Common Files\Command Software;Win32.Virut.56;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32;Win32.Virut.56;Cured.;
ISUSPM.exe;C:\Program Files\Common Files\InstallShield\UpdateService;Win32.Virut.56;Cured.;
WRDART32.EXE;C:\Program Files\Common Files\Microsoft Shared\WordArt;Win32.Virut.56;Cured.;
DynexWCUI.exe;C:\Program Files\Dynex Enhanced G Desktop Card Adapter;Win32.Virut.56;Cured.;
HpqUnSet.exe;C:\Program Files\HP\Digital Imaging\Unload;Win32.Virut.56;Cured.;
DVDPlay.exe;C:\Program Files\HP\DVDPlay;Win32.Virut.56;Cured.;
hpzrcv01.exe;C:\Program Files\HP\Temp\{6A545A82-ADDA-48eb-B6D9-EB1325F1813A}\setup;Win32.Virut.56;Cured.;
Blackhawk2.exe;C:\Program Files\HP Games\Blackhawk Striker 2;Win32.Virut.56;Cured.;
rhapsody.exe;C:\Program Files\HP Rhapsody;Win32.Virut.56;Cured.;
javaws.exe;C:\Program Files\Java\jre1.6.0_01\bin;Win32.Virut.56;Cured.;
javaws.exe;C:\Program Files\Java\jre1.6.0_02\bin;Win32.Virut.56;Cured.;
java.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Virut.56;Cured.;
javacpl.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Virut.56;Cured.;
java.exe;C:\Program Files\Java\jre1.6.0_07\bin;Win32.Virut.56;Cured.;
javacpl.exe;C:\Program Files\Java\jre1.6.0_07\bin;Win32.Virut.56;Cured.;
msmoney.exe;C:\Program Files\Microsoft Money 2006\MNYCoreFiles;Win32.Virut.56;Cured.;
salv.exe;C:\Program Files\Microsoft Money 2006\MNYCoreFiles;Win32.Virut.56;Cured.;
wksdb.exe;C:\Program Files\Microsoft Works;Win32.Virut.56;Cured.;
msninst.exe;C:\Program Files\MSN\MsnInstaller;Win32.Virut.56;Cured.;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
MySpaceIM.exe;C:\Program Files\MySpace\IM;Win32.Virut.56;Cured.;
FlashAX.exe;C:\Program Files\Online Services\Aol\Canada\comps\flash;Win32.Virut.56;Cured.;
AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;
AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;
LaunchMsn.exe;C:\Program Files\Online Services\MSN90;Win32.Virut.56;Cured.;
HPPeoplePC.exe;C:\Program Files\Online Services\PeoplePC;Win32.Virut.56;Cured.;
Setup.exe;C:\Program Files\Online Services\PeoplePC;Win32.Virut.56;Cured.;
ie6setup.exe;C:\Program Files\Online Services\PeoplePC\IE\EN;Win32.Virut.56;Cured.;
IEDownload.exe;C:\Program Files\Online Services\PeoplePC\ISP5900\Dll;Win32.Virut.56;Cured.;
AtlBrowser.exe;C:\Program Files\Online Services\PeoplePC\ISP5900\Utilities;Win32.Virut.56;Cured.;
wab.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;
PcdSmartMonitor.exe;C:\Program Files\PC-Doctor 5 for Windows;Win32.Virut.56;Cured.;
StandaloneMsgWindow.exe;C:\Program Files\PlayLinc;Win32.Virut.56;Cured.;
PokerStarsUninstall.exe;C:\Program Files\PokerStars;Win32.Virut.56;Cured.;
MyDVDReg.exe;C:\Program Files\Sonic\MyDVD;Win32.Virut.56;Cured.;
McciBrowser.exe;C:\Program Files\Verizon;Win32.Virut.56;Cured.;
UNWISE.EXE;C:\Program Files\Verizon;Win32.Virut.56;Cured.;
hypertrm.exe;C:\Program Files\Windows NT;Win32.Virut.56;Cured.;
Dancer.exe;C:\Program Files\Windows Plus\Dancer;Win32.Virut.56;Cured.;
PartyMode.exe;C:\Program Files\Windows Plus\Party Mode;Win32.Virut.56;Cured.;
Compaq_Administrator.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator;Trojan.DownLoad.40611;Deleted.;
ALCMTR.EXE.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.Virut.56;Cured.;
2497.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Click.63227;Deleted.;
9575.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Click.63227;Deleted.;
A0001395.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(2);Win32.Virut.56;Cured.;
A0002432.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(2);Win32.Virut.56;Cured.;
A0002445.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(2);Win32.Virut.56;Cured.;
A0002453.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(2);Win32.Virut.56;Cured.;
A0002456.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(2);Win32.Virut.56;Cured.;
A0002459.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(2);Win32.Virut.56;Cured.;
A0002494.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(2);Win32.Virut.56;Cured.;
A0002495.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(2);Win32.Virut.56;Cured.;
A0003052.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(6);Win32.Virut.56;Cured.;
A0003219.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\Fifoed(6);Win32.Virut.56;Cured.;
A0010856.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017460.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Tool.ProcessKill;Incurable.Moved.;
A0017480.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017520.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017525.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017536.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017541.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017572.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017588.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017640.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017641.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017657.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017689.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017690.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Trojan.Click.2093;Deleted.;
A0017697.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017706.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0017706.EXE;Adware.Gdown;;
A0017706.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Archive contains infected objects;Moved.;
A0017709.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017726.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017765.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017780.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017790.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017846.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017882.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017891.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017924.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017932.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017942.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017943.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017948.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017949.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017951.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017996.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018004.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018030.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018043.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018078.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018081.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018094.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018096.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018107.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018182.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018230.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018260.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018306.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018310.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018433.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018444.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018468.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018472.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018477.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018490.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018513.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018530.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018538.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018542.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0018546.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0030170.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031152.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031155.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031157.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031158.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031160.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031172.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031173.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031177.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031194.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031197.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031235.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Trojan.DownLoad.40611;Deleted.;
A0031241.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031242.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031244.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031246.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031248.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0031250.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0033160.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Trojan.DownLoad.40611;Deleted.;
A0033162.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0033163.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0033166.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0033169.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0033172.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0033174.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0036189.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039198.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039203.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039207.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039214.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039215.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039225.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039227.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039229.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039231.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039247.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039248.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039250.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039253.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039254.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039255.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039256.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039259.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039260.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039264.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039265.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039270.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0039271.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0040248.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0040248.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Trojan.DownLoad.40611;Deleted.;
A0040251.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0040252.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0040254.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0040256.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0040258.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28;Win32.Virut.56;Cured.;
A0041284.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041285.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041289.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041291.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041293.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041294.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041301.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041305.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Trojan.Click.63227;Deleted.;
A0041306.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Trojan.Click.63227;Deleted.;
A0041307.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041309.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041315.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041330.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041336.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041339.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041354.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041368.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041375.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041376.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041389.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041397.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041409.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041419.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041433.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041438.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0041468.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0043422.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0043423.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0043425.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0043428.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045468.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045469.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045478.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045495.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045499.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045537.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045557.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045562.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045573.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045581.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045594.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045595.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045602.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045603.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045610.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045611.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045656.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045679.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045684.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045715.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045717.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045727.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045729.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045754.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045756.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045765.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045769.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045771.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045780.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045783.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045785.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045791.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045797.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045798.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045807.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045836.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045844.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0045861.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046470.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046494.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046495.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046498.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046499.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046556.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046558.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046566.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046571.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046577.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046583.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046601.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046605.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0046622.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29;Win32.Virut.56;Cured.;
A0047423.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30;Win32.Virut.56;Cured.;
A0047429.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047460.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047502.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047520.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047567.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047579.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047580.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047595.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047600.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047602.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047618.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047619.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047652.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047679.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047849.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047858.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047860.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047896.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047900.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047911.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047912.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0047913.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048035.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048126.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048128.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048132.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048135.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048157.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048194.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048197.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048245.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048262.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048288.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048291.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048294.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.Click.63227;Deleted.;
A0048295.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.Click.63227;Deleted.;
A0048313.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048314.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048321.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048322.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048351.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048353.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048355.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048356.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048357.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048359.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048360.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048362.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048362.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.DownLoad.40611;Deleted.;
A0048368.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048375.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048376.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048377.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048380.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048381.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048385.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048386.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048387.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048390.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048392.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048393.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048396.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048433.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048441.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048443.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048444.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048512.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0048520.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0049512.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0049513.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0049523.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0049524.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0049526.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0051540.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061510.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061512.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061516.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061520.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061522.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061525.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061527.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061530.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061531.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061532.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061534.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061534.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.DownLoad.40611;Deleted.;
A0061540.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061547.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061549.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.Click.63227;Deleted.;
A0061552.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061567.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061572.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061605.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061651.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061661.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061667.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061685.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061704.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061706.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061707.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061711.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061712.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061771.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061777.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061790.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061791.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061796.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061805.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061824.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061835.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061853.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061855.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061856.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061862.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061867.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061868.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061884.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061887.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061888.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061908.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061909.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061911.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061925.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061926.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061936.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061939.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061942.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061946.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061956.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061957.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061972.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061973.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061979.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0061985.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062004.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062008.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062016.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062038.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062056.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062062.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062074.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062075.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062093.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062097.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062105.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062108.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062118.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062120.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062125.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062128.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062129.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062149.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062166.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062181.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062186.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062188.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062194.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062208.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062212.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062217.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062222.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062227.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062243.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062251.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062263.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062283.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062284.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062287.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062292.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062304.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062305.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062309.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062323.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062327.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062343.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062344.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062361.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062368.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062369.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062377.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062378.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062379.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0062381.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0064298.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.DownLoad.40611;Deleted.;
A0064300.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0066411.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0066412.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0066414.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071320.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071322.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071329.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071330.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071340.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071351.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071382.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.Click.63227;Deleted.;
A0071383.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.Click.63227;Deleted.;
A0071403.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071407.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071410.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071411.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071441.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071459.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071501.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071504.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071536.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071547.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071559.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071562.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071574.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071601.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071602.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071623.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071630.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071637.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071650.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071652.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071656.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071659.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071663.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071666.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071706.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071737.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071774.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071784.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071790.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071800.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071806.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071810.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071812.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071815.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071817.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071818.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071824.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071830.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071856.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071885.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071890.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0071902.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0073331.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.DownLoad.40611;Deleted.;
A0073336.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0073338.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0073341.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076310.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076311.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.MulDrop1.36189;Deleted.;
A0076312.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.MulDrop1.36189;Deleted.;
A0076316.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076318.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076319.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076322.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076327.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076329.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076330.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076357.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076361.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076364.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076366.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076371.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076380.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076387.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076440.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Trojan.DownLoad.40611;Deleted.;
A0076441.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076443.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076453.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076744.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076745.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076762.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076790.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076791.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076795.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076796.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076797.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076799.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076875.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076898.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076940.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0076955.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077000.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077014.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077055.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077080.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077081.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077105.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077158.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077212.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077213.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077214.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077220.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077221.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077226.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077241.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077279.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077286.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077347.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077398.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077412.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077432.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077459.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077478.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077617.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077682.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077792.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077793.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077808.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077971.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0077972.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078081.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078090.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078091.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078140.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078151.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078152.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078154.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078155.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078158.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078159.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078163.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078167.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078170.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078171.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078190.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078207.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078236.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078282.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078304.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078305.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078308.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078360.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078368.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078375.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078383.scr;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078389.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078396.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078398.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078418.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078433.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078446.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078447.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078448.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078461.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078469.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078470.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078477.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078480.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078495.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078497.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078498.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078499.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078501.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078506.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078508.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078515.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078518.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078523.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078526.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078527.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078546.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078555.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0078556.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0079155.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0079157.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0079171.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0080161.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0080163.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0080164.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0080166.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0084179.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Tool.ProcessKill;Incurable.Moved.;
A0084200.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084203.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084206.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084250.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084251.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084265.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084269.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Tool.ShutDown.14;Incurable.Moved.;
A0084304.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084330.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084365.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Trojan.Click.2093;Deleted.;
A0084379.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084383.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33\A0084383.EXE;Adware.Gdown;;
A0084383.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Archive contains infected objects;Moved.;
A0084396.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084400.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084403.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084416.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084440.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084444.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084483.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084500.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084514.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084515.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084565.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084566.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084584.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084591.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084672.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084679.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084696.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084697.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084710.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084718.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084729.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084730.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084731.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084736.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084741.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084758.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084764.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084768.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084822.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084831.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084866.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084883.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084897.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084898.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084945.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0084993.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085065.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085073.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085074.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085076.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085078.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085081.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085088.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085102.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0086165.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0094320.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP36;Win32.Virut.56;Cured.;
A0094481.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP36;Win32.Virut.56;Cured.;
A0094877.rbf;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP37;Win32.Virut.56;Cured.;
A0099221.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP37;Win32.Virut.56;Cured.;
A0099281.sys;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38;BackDoor.Tdss.2459;Cured.;
A0099345.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38;Trojan.DownLoad.40611;Deleted.;
A0099346.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38;Win32.Virut.56;Cured.;
A0099348.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38;Trojan.Click.63227;Deleted.;
A0099349.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38;Trojan.Click.63227;Deleted.;
A0100672.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP42;Trojan.DownLoader.26498;Deleted.;
A0100707.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP42;Trojan.Click.2093;Deleted.;
A0100710.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP42\A0100710.EXE;Adware.Gdown;;
A0100710.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP42;Archive contains infected objects;Moved.;
agrsmdel.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
MicCal.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
RTLCPL.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;
RtlUpd.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
explorer.exe;C:\WINDOWS\$hf_mig$\KB938828\SP2QFE;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\$hf_mig$\KB969897-IE8\SP3QFE;Win32.Virut.56;Cured.;
Remind_XP.exe;C:\WINDOWS\CREATOR;Win32.Virut.56;Cured.;
ehmsas.exe;C:\WINDOWS\ehome;Win32.Virut.56;Cured.;
tenfoothelp.exe;C:\WINDOWS\ehome\ehHelp1;Win32.Virut.56;Cured.;
WINNT32.EXE;C:\WINDOWS\I386;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie8;Win32.Virut.56;Cured.;
_E0E140477A2B_41B0_8B73_F6E08C8722A0.exe;C:\WINDOWS\Installer\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44};Win32.Virut.56;Cured.;
_F83F6F5E5582_4132_8C41_7528BD20C0A1.exe;C:\WINDOWS\Installer\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44};Win32.Virut.56;Cured.;
NewShortcut13.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe;C:\WINDOWS\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05};Win32.Virut.56;Cured.;
NewShortcut14.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe;C:\WINDOWS\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05};Win32.Virut.56;Cured.;
NewShortcut16.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe;C:\WINDOWS\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05};Win32.Virut.56;Cured.;
NewShortcut18.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe;C:\WINDOWS\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05};Win32.Virut.56;Cured.;
NewShortcut21.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe;C:\WINDOWS\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05};Win32.Virut.56;Cured.;
NewShortcut6.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe;C:\WINDOWS\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05};Win32.Virut.56;Cured.;
NewShortcut9.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe;C:\WINDOWS\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05};Win32.Virut.56;Cured.;
mspicons.exe;C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
outicon.exe;C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
lanset64.exe;C:\WINDOWS\OPTIONS\CABS;Win32.Virut.56;Cured.;
Recguard.exe;C:\WINDOWS\SMINST;Win32.Virut.56;Cured.;
explorer.exe;C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr;Win32.Virut.56;Cured.;
irftp.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
lhmstsc.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
netstat.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
oobebaln.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
rsnotify.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
rtcshare.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
sessmgr.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
sstext3d.scr;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
telnet.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
tracerpt.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
utilman.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e;Win32.Virut.56;Cured.;
imjprw.exe;C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang;Win32.Virut.56;Cured.;
wthost.exe;C:\WINDOWS\wt\webdriver\4.1.1;Win32.Virut.56;Cured.;
WTHost.exe;C:\WINDOWS\wt\wtupdates\webd\4.1.1\files;Win32.Virut.56;Cured.;
DblRes.exe;D:\MiniNT\system32;Win32.Virut.56;Cured.;
NvRaidMan.exe;D:\MiniNT\system32;Win32.Virut.56;Cured.;
rundll32.exe;D:\MiniNT\system32;Win32.Virut.56;Cured.;
TELNET.EXE;D:\I386;Win32.Virut.56;Cured.;
WINNT32.EXE;D:\I386;Win32.Virut.56;Cured.;
MSWORKS.EXE;D:\I386\APPS\APP01882\src\MSWORKS\PFILES\MSWORKS;Win32.Virut.56;Cured.;
autorun.exe;D:\I386\APPS\APP08195\src\autorun;Win32.Virut.56;Cured.;
ISsetup.exe;D:\I386\APPS\APP08195\src\DISK1;Win32.Virut.56;Cured.;
HPZnop01.exe;D:\I386\APPS\APP10188\src\setup;Win32.Virut.56;Cured.;
HPZpsc01.exe;D:\I386\APPS\APP10188\src\setup;Win32.Virut.56;Cured.;
HPZrein01.exe;D:\I386\APPS\APP10188\src\setup;Win32.Virut.56;Cured.;
HPZscr01.exe;D:\I386\APPS\APP10188\src\setup;Win32.Virut.56;Cured.;
usbready.exe;D:\I386\APPS\APP10188\src\setup;Win32.Virut.56;Cured.;
MSMONEY.EXE;D:\I386\APPS\APP10781\src\MONEY;Win32.Virut.56;Cured.;
UPDATE.EXE;D:\I386\APPS\APP10781\src\MONEY;Win32.Virut.56;Cured.;
RhapsodyHp.EXE;D:\I386\APPS\APP15247\src;Win32.Virut.56;Cured.;
Install.exe;D:\I386\DRV\APP22439\src;Win32.Virut.56;Cured.;
RTHDCPL.exe;D:\I386\DRV\APP28003\src;Win32.Virut.56;Cured.;
DblRes.exe;D:\I386\SYSTEM32;Win32.Virut.56;Cured.;
NvRaidMan.exe;D:\I386\SYSTEM32;Win32.Virut.56;Cured.;
A0017209.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017129.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017183.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017196.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017206.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017219.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017229.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017232.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017235.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017240.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017242.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017246.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017250.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017257.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017259.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017262.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017270.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017272.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017275.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017341.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017365.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017366.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017367.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017407.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0017425.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20;Win32.Virut.56;Cured.;
A0062268.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP31;Win32.Virut.56;Cured.;
A0085120.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085140.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085152.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085199.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085200.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085211.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085230.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085231.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085255.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085261.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085265.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085266.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085275.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085290.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085294.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085306.EXE;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085365.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085390.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085405.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;
A0085431.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP33;Win32.Virut.56;Cured.;


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 PM

Posted 07 July 2010 - 03:05 PM

Dr Web has found a large amount of infected files and they stem from a nasty and a, as yet, not provably cleanable source.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558
QUOTE(AVG Technologies)
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034
QUOTE(Network Associates)
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

I will answer any questions about this but I recommend you cut your losses.
Posted Image
m0le is a proud member of UNITE

#11 sanjuontario

sanjuontario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 07 July 2010 - 07:17 PM

Well at least I know what I have. Thanks for the help. But how do you format/reinstall the operating system on my computer?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 PM

Posted 07 July 2010 - 07:30 PM

Yeah, sorry about having to give you the bad news

Reformatting and reinstalling guides are all over the net, they differ so much from machine to machine but this is the one I recommend for XP.
Posted Image
m0le is a proud member of UNITE

#13 sanjuontario

sanjuontario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 07 July 2010 - 10:18 PM

It's okay I really appreciate your help and at least I have a last resort with this Virut but if any consolation prize is that I am more knowledgeable with how to protect my computer against virus and infections.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 PM

Posted 12 July 2010 - 07:04 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users