Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nod 32 Antivirus 4 keeps detecting svchost.exe and many other programs


  • This topic is locked This topic is locked
16 replies to this topic

#1 triet96

triet96

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 06 July 2014 - 07:28 AM

Hi!

* I followed the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help and ended up here. I didn't see the "Topic Description" as described in the guide so I couldn't help but leaving it out

 

 

* This is my issue:

I have a netbook running win 7 starter. I just re-installed it for fear that it had already been affected. This is not the first time I have done such re-installment of windows due to virus problems. As such, I notice that whenever I have NOD 32 Antivirus 4 installed, it constantly pops up warning about "svchost" and put it in quarantine. Once, right after I have installed it on a just-re-installed pc, it keeps on warning about the "svchost" files and went on deleteting/quarantining them. I do not know what "svchost" files is but I kinda have a notion that they are important because my reboot failed right after that. 

The same thing seems to be happening again now. This one thing I think is important: When the "svchost" file is put in quarantine for "Win32/Neshta.A virus", I can not start almost any programs and instead, got a message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." If I went on to restore it from Nod then at the next start of any applications, the same thing happens. So right now, in order to use a web browser and post a help-request, I have my nod "real-time file system protection" and "antivirus and antispyware protection" disabled. Also, when I access my D drive, which is where I store my programs/datas..., Nod 32 constantly pops up about the files like "uTorrent.exe", "vcredist_x86.exe", "ChromeSetup.exe" ... so almost like anything *.exe is affected. (I got all those installments from their respective owners/official websites)

 

--------------------------------------DDS REPORT--------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7601.17514
Run by TMT at 17:32:43 on 2014-07-06
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2047.965 [GMT 7:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\ESET\ESETNO~1\egui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\INTERN~2\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\WI54FB~1\wmplayer.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskmgr.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - c:\program files\idm\quickfind\plugins\IEHelp.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [UniKey] d:\portable\unikey~1\UniKeyNT.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\progra~1\quickt~1\QTTask.exe" -atboottime
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{1C83FD6D-7A5C-4BCC-AE82-93107299CC54} : DHCPNameServer = 192.168.100.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-11-28 108000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
.
=============== File Associations ===============
.
FileExt: .exe: exefile=c:\windows\svchost.com "%1" %*
.
=============== Created Last 30 ================
.
2014-07-06 15:15:33 -------- d-----w- c:\windows\Panther
2014-07-06 15:15:16 -------- d-sh--w- C:\Boot
2014-07-06 09:53:24 -------- d-----w- c:\users\tmt\appdata\local\ESET
2014-07-06 09:50:15 -------- d-----w- c:\program files\UltraISO
2014-07-06 09:50:15 -------- d-----w- c:\program files\common files\EZB Systems
2014-07-06 06:54:40 -------- d-----w- c:\users\tmt\appdata\roaming\uTorrent
2014-07-06 06:51:12 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-07-06 06:51:12 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-07-06 06:51:11 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-07-06 06:50:13 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-07-06 06:50:13 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-07-06 06:50:12 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-07-06 06:50:12 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-07-06 06:50:09 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-07-06 06:50:08 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-07-06 06:50:08 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-07-06 06:49:56 -------- d-----r- c:\program files\Skype
2014-07-06 06:46:26 -------- d-----w- c:\users\tmt\appdata\local\oald8
2014-07-06 06:46:20 -------- d-----w- c:\users\tmt\appdata\roaming\oald8
2014-07-06 06:46:19 47 ----a-w- c:\windows\directx.sys
2014-07-06 06:45:50 -------- d-----w- c:\program files\HP
2014-07-06 06:45:41 293888 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HP1006S.DLL
2014-07-06 06:45:08 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2014-07-06 06:45:08 286720 ----a-w- c:\windows\system32\HP1006LM.DLL
2014-07-06 06:44:58 -------- d-----w- c:\program files\IDM
2014-07-06 06:44:56 41472 ----a-w- c:\windows\svchost.com.vir
2014-07-06 06:44:56 41472 ----a-w- c:\windows\svchost.com
2014-07-06 06:44:40 -------- d--h--w- c:\program files\Avago-HP
2014-07-06 06:43:22 -------- d-----w- c:\program files\Oxford
2014-07-06 06:42:17 -------- d-----w- C:\hp_P1000_P1500_Full_Solution
2014-07-06 06:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2014-07-06 06:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2014-07-06 06:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-07-06 06:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-07-06 06:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-07-06 06:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-07-06 06:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-07-06 06:41:09 -------- d-----w- c:\program files\FreeTime
2014-07-06 06:38:22 -------- d-----w- c:\users\tmt\appdata\local\Apple
2014-07-06 06:35:02 -------- d-----w- c:\users\tmt\appdata\roaming\Foxit Software
2014-07-06 06:34:54 -------- d-----w- c:\program files\Foxit Software
2014-07-06 06:33:04 -------- d-----w- c:\program files\ESET
2014-07-06 06:32:04 -------- d-----w- c:\users\tmt\appdata\roaming\IDM
2014-07-06 06:32:04 -------- d-----w- c:\programdata\IDM
2014-07-06 06:32:02 -------- d-----w- c:\users\tmt\appdata\roaming\DMCache
2014-07-06 06:31:35 -------- d-----w- c:\program files\Internet Download Manager
2014-07-06 06:27:17 -------- d-----w- c:\users\tmt\appdata\local\Google
2014-07-06 06:20:57 -------- d-----w- c:\program files\Yahoo!
2014-07-06 06:20:10 -------- d-sh--w- c:\windows\Installer
2014-07-06 05:44:05 -------- d-----w- c:\windows\system32\MRT
2014-07-06 05:38:08 839680 ----a-w- c:\windows\system32\lameACM.acm
2014-07-06 05:38:08 39936 ----a-w- c:\windows\system32\huffyuv.dll
2014-07-06 05:38:07 650752 ----a-w- c:\windows\system32\xvidcore.dll
2014-07-06 05:38:07 3649536 ----a-w- c:\windows\system32\x264vfw.dll
2014-07-06 05:38:07 216064 ----a-w- c:\windows\system32\lagarith.dll
2014-07-06 05:38:06 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2014-07-06 05:38:06 122880 ----a-w- c:\windows\system32\ac3acm.acm
2014-07-06 05:38:05 218200 ----a-w- c:\windows\system32\unrar.dll
2014-07-06 05:38:02 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-07-06 05:37:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-07-06 05:33:55 -------- d-----w- c:\users\tmt\appdata\local\Programs
2014-07-06 05:18:37 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-07-06 05:18:20 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3ee0113d-4be5-4bca-910b-021d5756aaea}\mpengine.dll
2014-07-06 05:17:29 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-06 04:59:09 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-07-06 04:59:00 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-07-06 04:58:52 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-06 04:58:52 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-06 04:46:17 -------- d-sh--w- C:\Recovery
.
==================== Find3M  ====================
.
.
============= FINISH: 17:33:48.16 ===============
 

----------------------------------------------------------------------------------------------------------------------------------------------------------

PS: THANKS IN ADVANCE

PSS: I see that your "average response time" is 5 days and that you have lost of requests for help so I guess I should tell you this. I am now busy with some "undone business" and do not have to make essential use of this computer until 14th of July. This means that I still use this computer however, only for music/dictionary. Therefore, if it is any help to you, I will be happy to receive first response on 14th or 15th of July (or later if needed...) (though I make sure to check this post regularly in case you decide to stick with the "first come first serve" slogan :D). 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:23 PM

Posted 06 July 2014 - 08:35 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi triet96,

 

If you saw the unedited post, then ignore it as I located some information which makes it slightly different.
 
Virus:Win32/Neshta is a file infector which targets and infects .exe files. Virus:Win32/Neshta copies itself in the Windows folder as svchost.com. It modifies the system registry so that it is run every time an EXE file is opened. It also connects to a remote server and sends information like currently installed applications, running programs, and email accounts on the infected computer.
 
Neshta is commonly spread via a flash drive (usb, pen, thumb, jump) where it can infect executable files on local, removable and remote shared drives. The infection is often contracted by visiting remotecrack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.
 

I will help you backup and reformat if you wish to do so. I can also attempt to clean the computer, but I would not do so without a backup of all files you would not want to lose. The fact is that the system could become unbootable or could be reinfected very easily by cleaning depending on how badly the system is infected. There are no guarantees with cleaning the computer, but I am willing to take the challenge. Let me know what you choose to do.

 

xXToffeeXx~


Edited by xXToffeeXx, 06 July 2014 - 09:01 AM.
Changed post a bit

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 triet96

triet96
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 06 July 2014 - 10:51 AM

Hi xXToffeeXx!

I am so much happy to receive your help this fast! This is incredible!

 

First, I would like to update the situation from the last post.

Right now, Eset Nod 32 doesn't load on startup anymore. Every programs, including explorer needs to be run as administrator or I will get the message "C:\Program Files\Internet Explorer\ieplore.exe is not a valid Win32 application." - in the case of Internet Explorer.

 

I do not store any data on drive C, but there are tons of personal files on drive D that adds up to more than 30 Gb . If re-installing means formatting the whole drive C only then it's no problem.

 

I would like it very much if you could show me the proper way to re-install everything so that it is not likely to get re-infected. 

 

Thanks

triet96



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:23 PM

Posted 06 July 2014 - 01:10 PM

Hi triet96,
 
Okay, good to know. Since the C drive is pretty much empty then it would be a good idea to see whether your D drive is infected and what exactly is infected on there and then we can figure out how best to reinstall without reintroducing the malware back into the system.
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
 
Rkill.com: http://download.bleepingcomputer.com/grinler/rkill.com

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

After the tool has finished running, a text file named Rkill.txt should be located on the desktop. Please copy and paste the contents into your next reply.
 
--------------
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Exit the program without taking any action.
  • Copy and paste the contents of MBAM.txt in your reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Rkill.txt
  • MBAM.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 triet96

triet96
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 06 July 2014 - 08:33 PM

Hi xXToffeeXx

I downloaded Rkill and tried to open it. Although I couldn't find the "Run as administrator" command from the context menu like usual, double clicking on the file worked! It popped up an "Open file - security warning" box and I chose "Run".

--------------------------------------Rkill--------------------------------------

Rkill 2.6.7 by Lawrence Abrams (Grinler)

Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/07/2014 07:49:40 AM in x86 mode.
Windows Version: Windows 7 Starter Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command "@" was changed. It was reset to "%1" %*!
 
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * SensrSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1    www.idmsilent.net
  127.0.0.1    star.idmsilent.net
  127.0.0.1    www.tonec.com
  127.0.0.1    www.registeridm.com
  127.0.0.1    secure.registeridm.com
  127.0.0.1    www.internetdownloadmanager.com
  127.0.0.1    secure.internetdownloadmanager.com
  127.0.0.1    mirror.internetdownloadmanager.com
  127.0.0.1    mirror2.internetdownloadmanager.com
  127.0.0.1    mirror3.internetdownloadmanager.com
 
Program finished at: 07/07/2014 07:51:06 AM
Execution time: 0 hours(s), 1 minute(s), and 26 seconds(s)
Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/07/2014 07:49:40 AM in x86 mode.
Windows Version: Windows 7 Starter Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command "@" was changed. It was reset to "%1" %*!
 
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * SensrSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1    www.idmsilent.net
  127.0.0.1    star.idmsilent.net
  127.0.0.1    www.tonec.com
  127.0.0.1    www.registeridm.com
  127.0.0.1    secure.registeridm.com
  127.0.0.1    www.internetdownloadmanager.com
  127.0.0.1    secure.internetdownloadmanager.com
  127.0.0.1    mirror.internetdownloadmanager.com
  127.0.0.1    mirror2.internetdownloadmanager.com
  127.0.0.1    mirror3.internetdownloadmanager.com
 
Program finished at: 07/07/2014 07:51:06 AM
Execution time: 0 hours(s), 1 minute(s), and 26 seconds(s)
Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/07/2014 07:49:40 AM in x86 mode.
Windows Version: Windows 7 Starter Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command "@" was changed. It was reset to "%1" %*!
 
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * SensrSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1    www.idmsilent.net
  127.0.0.1    star.idmsilent.net
  127.0.0.1    www.tonec.com
  127.0.0.1    www.registeridm.com
  127.0.0.1    secure.registeridm.com
  127.0.0.1    www.internetdownloadmanager.com
  127.0.0.1    secure.internetdownloadmanager.com
  127.0.0.1    mirror.internetdownloadmanager.com
  127.0.0.1    mirror2.internetdownloadmanager.com
  127.0.0.1    mirror3.internetdownloadmanager.com
 
Program finished at: 07/07/2014 07:51:06 AM
Execution time: 0 hours(s), 1 minute(s), and 26 seconds(s)
 

 --------------------------------------MBAM--------------------------------------

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 7/7/2014
Scan Time: 8:00:18 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.06.08
Rootkit Database: v2014.07.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: TMT
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 269542
Time Elapsed: 20 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Virus.Neshta, C:\Windows\svchost.com, , [df71cfcd354694a2dc14e35b14ef47b9], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:23 PM

Posted 07 July 2014 - 10:50 AM

Hi triet96,

 

Yes, I made sure to choose the version which is not an exe file, so cannot be affected by Neshta.

 

Running Malwarebytes on your D:\ drive:

  • Double click the Malwarebytes icon on your desktop and the program will launch.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the Scan tab.
  • Select Custom Scan, and click the 'Scan Now >>' button.
  • Select your D: drive and then click the Start Scan button.
  • When  the scan has completed, click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Exit the program without taking any action.
  • Copy and paste the contents of MBAM.txt in your reply

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 triet96

triet96
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 07 July 2014 - 03:24 PM

Hi xXToffeeXx,

 

I noticed that on the left handle of the scan window, the "rootkit" box was left unchecked. I decided not to tick it cause you didn't say anything about that.

 

Here is the scan log of my D drive

--------------------------------------MBAM--------------------------------------

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 7/8/2014
Scan Time: 2:08:10 AM
Logfile: MBAM_D.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.07.08
Rootkit Database: v2014.07.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: TMT
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 293768
Time Elapsed: 1 hr, 8 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 380
Virus.Neshta, D:\AdobePhotoshopCS6Portable\App\PhotoshopCS6\arh.exe, , [8f25bfdde497a492d1347316bf42c739], 
Virus.Neshta, D:\AdobePhotoshopCS6Portable\App\PhotoshopCS6\LogTransport2.exe, , [54605448bbc039fdb352a3e67e83748c], 
Virus.Neshta, D:\Portable\JDownloader\tools\Windows\unrarw32\unrar.exe, , [9321465606756acc996ca0e948b9ea16], 
Virus.Neshta, D:\Portable\Longman\Longman Pronunciation Dictionary\xpcshell.exe, , [63511a820b7089ad1fe617727c8526da], 
Virus.Neshta, D:\Portable\PhotoshopPortable\App\PhotoshopCS6\LogTransport2.exe, , [8c28a6f65724b383a85dc9c09b6651af], 
RiskWare.Tool.CK, D:\rar and split\[thuthuat-vnzet.com]Driver_easy_4.5.4_Full_Keygen.rar, , [bff589132457e155cd0708a921e31ae6], 
Dont.Steal.Our.Software, D:\rar and split\[vn-hello.com]_Malwarebytes.Anti-Malware.v1.70.0.1100.Incl.keygen.rar, , [6f450f8d611a082e271fe657d034f60a], 
RiskWare.Tool.CK, D:\rar and split\WebcamMax v7.7.1.6 Final [vnbacklink].rar, , [6f45b4e8324937ffc1f18f617c8504fc], 
Virus.Neshta, D:\rar and split\SinhVienIT.Net---Photodex ProShow Producer 6.0.3392 Portable\ProShow Producer 6.0.3392 eng\SKEL\f6d5f0cc9bfa38d9aa12adb247025d426d4f38.Console.EXE, , [fbb90f8dd8a383b30cf9fc8d936ee917], 
PUP.Optional.OpenCandy, D:\Software\DTLite4481-0347.exe, , [b3010b912c4f5bdbc156ad0ebd474bb5], 
PUP.Optional.Somoto.A, D:\Software\IDMOptimizerStablev2.exe, , [8b29029acbb0bd79af7171c7e02037c9], 
Virus.Neshta, D:\Software\Revo Uninstaller Pro v3.0.7 (x86-x64) Incl Crack [TorDigger]\Crack x64\RevoAppBar.exe, , [a4104755a3d89d9953b2ec9d09f815eb], 
PUP.Optional.OpenCandy.A, D:\SOURCE\3DP_Chip_v1403.exe, , [31836636fb80bc7a5e22ba8829d72bd5], 
Virus.Neshta, D:\SOURCE\DRIVERS\14-CMOS_Camera_Chicony_CNF7129_XP_080903\2ksetup.exe, , [377d3369720954e2c045c9c0dc257f81], 
Virus.Neshta, D:\SOURCE\DRIVERS\14-CMOS_Camera_Chicony_CNF7129_XP_080903\DrvInst.exe, , [d4e05349c0bbd75feb1a3554fc0532ce], 
Virus.Neshta, D:\SOURCE\DRIVERS\3-ChipsetINFUpdate_XP_080903\x64\Difx64.exe, , [0aaa8b11ccaf63d3bd484a3ff11006fa], 
Virus.Neshta, D:\SOURCE\DRIVERS\6-Nvidia Graphics Driver for WIN XP-VGA_Nvidia_XP_080903\HDAudio\2ksetup.exe, , [169e3765097263d30afbc4c5a55c23dd], 
Virus.Neshta, D:\SOURCE\DRIVERS\8-ALCORCard_Reader_XP_080903\CHKDEV.EXE, , [288c4656c7b443f38580deab50b1fe02], 
Virus.Neshta, D:\SOURCE\DRIVERS\8-ALCORCard_Reader_XP_080903\SLEEP.EXE, , [0aaa4f4d7a013105e421f396d8298080], 
Virus.Neshta, D:\SOURCE\DRIVERS\8-ALCORCard_Reader_XP_080903\program files\Multimedia Card Reader\x64\Installer.exe, , [189c6438f88347ef030213769e633ec2], 
Virus.Neshta, D:\SOURCE\DRIVERS\8-ALCORCard_Reader_XP_080903\program files\Multimedia Card Reader\x64\Uninstaller.exe, , [6f4574284437ae889f6644456c9511ef], 
Virus.Neshta, D:\SOURCE\DRIVERS\8-ALCORCard_Reader_XP_080903\program files\Multimedia Card Reader\x86\Installer.exe, , [753f821a2655da5c37ced0b954ad40c0], 
Virus.Neshta, D:\SOURCE\DRIVERS\8-ALCORCard_Reader_XP_080903\program files\Multimedia Card Reader\x86\Uninstaller.exe, , [cde76b315625e452cd38d4b5f60b2bd5], 
Virus.Neshta, D:\SOURCE\DRIVERS\ATKDrv_XP_080530\2ksetup.exe, , [6351415be398989e5baab5d4a958649c], 
Virus.Neshta, D:\SOURCE\DRIVERS\ATKMedia_XP_080616\ASUNINST.EXE, , [09ab0795e69574c20104296027da6a96], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1028\KB818801_1028.exe, , [d6de63397cff2a0c42c37811a9588b75], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1028\Q816650_1028.exe, , [63517c2095e6c27406ff830656ab8b75], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1030\KB818801_1030.exe, , [8d271e7e04773df9dd28810844bd59a7], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1030\Q816650_1030.exe, , [3a7adebe6c0f072f04011d6cf20fe61a], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1031\KB818801_1031.exe, , [dcd8cbd1c3b876c036cf1c6dda2719e7], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1031\Q816650_1031.exe, , [684cb2ea7cfffb3b8481addc956c52ae], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1033\KB818801_1033.exe, , [b8fcfba1a1dac86e57ae3c4dbc453ec2], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1033\Q816650_1033.exe, , [bcf8f4a8cead72c4d72ecdbcdf2237c9], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1034\KB818801_1034.exe, , [83316834e497c07657aee6a3b84902fe], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1034\Q816650_1034.exe, , [8e26900c780303339a6bfd8cd32e8c74], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1035\KB818801_1035.exe, , [2f85e3b9e69561d50ff61b6e5aa7f010], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1035\Q816650_1035.exe, , [6252c5d7601bb38330d5fa8f47ba768a], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1036\KB818801_1036.exe, , [a014a9f3a6d5f44243c2484142bf3fc1], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1036\Q816650_1036.exe, , [2490acf0ed8ed85ee0254c3da65b629e], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1040\KB818801_1040.exe, , [6b49801cafcc84b2dc29addc05fcf30d], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1040\Q816650_1040.exe, , [862e68342e4db0861ee70881748d47b9], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1041\KB818801_1041.exe, , [a90b504c99e2d56161a4ee9b23de629e], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1041\Q816650_1041.exe, , [961e8517423939fd679e5a2fd52cc838], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1042\KB818801_1042.exe, , [efc53f5ded8e3402f3122465fd04e818], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1042\Q816650_1042.exe, , [565e5a421368f54159ac8405b24fde22], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1043\KB818801_1043.exe, , [bef65f3d6c0fda5c29dccbbe02ffab55], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1043\Q816650_1043.exe, , [c7eddebe99e2db5b9e67fc8d8e73f907], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1044\KB818801_1044.exe, , [2b893567c3b853e359ac6524cd344cb4], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1044\Q816650_1044.exe, , [d6defaa23f3cb581b4515534a35ed62a], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1045\KB818801_1045.exe, , [763e277554272b0b1bead5b48e7336ca], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1045\Q816650_1045.exe, , [2e868b11b0cbf0461de8acdd10f126da], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1046\KB818801_1046.exe, , [377d0a922754e353986d840517eae719], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1046\Q816650_1046.exe, , [684c326aee8d41f517ee9cedfd040af6], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1049\KB818801_1049.exe, , [4173e2ba87f4a29422e3d6b3ec150cf4], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1049\Q816650_1049.exe, , [edc7306c87f423130005a1e891702bd5], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1053\KB818801_1053.exe, , [c1f3fba14c2f0f27e42102874fb28b75], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\1053\Q816650_1053.exe, , [298b920ae19aed4936cf7613000139c7], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\2052\KB818801_2052.exe, , [a410465632493df92bdaf495b051f709], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Bt-250_Xp\Win32\Lang\2052\Q816650_2052.exe, , [b400abf1f18ac2746d980089ea17fa06], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1028\KB818801_1028.exe, , [942087154b3081b5a65f6b1e9d64738d], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1028\Q816650_1028.exe, , [3e761c8084f788ae3ec72663fe03c937], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1030\KB818801_1030.exe, , [9a1af1ab6a11c86e9f666f1a946d12ee], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1030\Q816650_1030.exe, , [9222633992e9a1959a6bdbae45bc42be], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1031\KB818801_1031.exe, , [3a7af1ab2457a294a461018822df18e8], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1031\Q816650_1031.exe, , [a50ffca081fa5adc867f048519e810f0], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1033\KB818801_1033.exe, , [3282b7e517641224e322692046bb9a66], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1033\Q816650_1033.exe, , [456f920a6417fd3922e39dec57aa2fd1], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1034\KB818801_1034.exe, , [6d47e8b4c3b82e08788d1079d72a847c], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1034\Q816650_1034.exe, , [f7bdc9d393e8ef4728dde0a9936e48b8], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1035\KB818801_1035.exe, , [c4f0524a95e6d66042c32b5eac55e719], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1035\Q816650_1035.exe, , [f8bc0c9084f73303887dec9df908b749], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1036\KB818801_1036.exe, , [b8fc326a2d4eca6c80852663dd24c937], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1036\Q816650_1036.exe, , [9e162478ccaf6bcb34d191f8917033cd], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1040\KB818801_1040.exe, , [6054920aa7d4979f9a6b0f7a847d6a96], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1040\Q816650_1040.exe, , [2d876438d6a5eb4b52b3860345bcd22e], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1041\KB818801_1041.exe, , [d0e4c8d4bdbe2e087a8baedbef12eb15], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1041\Q816650_1041.exe, , [585cc4d8750693a359ac4c3d669b7789], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1042\KB818801_1042.exe, , [664e4d4fbbc04beb986dacdd51b06a96], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1042\Q816650_1042.exe, , [852f46564239f73fc1447811a55c6898], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1043\KB818801_1043.exe, , [cee6910bb1cac0765aabb1d8ad54b848], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1043\Q816650_1043.exe, , [496b306c8eed68ce798c7316ae53cc34], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1044\KB818801_1044.exe, , [c4f0d8c4106b45f1c83d2a5fb15054ac], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1044\Q816650_1044.exe, , [2b89bce0b2c93ff7be473e4b26db8779], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1045\KB818801_1045.exe, , [ecc804980a71e84eda2b3d4cc23fc63a], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1045\Q816650_1045.exe, , [b7fd7824bebdae88976e97f255ac29d7], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1046\KB818801_1046.exe, , [bef67d1fdf9c4beb21e4484113ee28d8], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1046\Q816650_1046.exe, , [0fa5a0fc790272c440c5d5b4d13056aa], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1049\KB818801_1049.exe, , [ddd7623af08b0e28b94cd1b822df05fb], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1049\Q816650_1049.exe, , [5163c7d5196220160ff6d7b2c04136ca], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1053\KB818801_1053.exe, , [d9db712b5d1e14222bda0c7db64bb848], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\1053\Q816650_1053.exe, , [555fecb01863f14526dfbecb6f92b54b], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\2052\KB818801_2052.exe, , [654f3369abd038febf460782c1401de3], 
Virus.Neshta, D:\SOURCE\DRIVERS\Bluetooth_AW-BT253_XP_080903\Win32\Lang\2052\Q816650_2052.exe, , [7440a6f63b406cca04010089639e60a0], 
Virus.Neshta, D:\SOURCE\DRIVERS\Sounds\ChCfg.exe, , [f2c2ddbf4a3173c3e52062277a8754ac], 
Virus.Neshta, D:\SOURCE\DRIVERS\Sounds\SetCDfmt.exe, , [2a8a58447704ef47b3529beed72a36ca], 
Virus.Neshta, D:\SOURCE\DRIVERS\Sounds\WDM\CPLUtl64.exe, , [9f15dfbdf289191d53b2cfba61a0db25], 
Virus.Neshta, D:\SOURCE\ENCYCLOPEDIA.Britannica.2012\BritannicaDVD\autorun.exe, , [763e2c70403b8fa7759093f61fe26a96], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\DOTNETFX\DELTEMP.EXE, , [efc5c3d94734ce68f80d3851e21fbe42], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\DOTNETFX\REBOOTST.EXE, , [4272b5e75229ed4995700980e81909f7], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\AUTOCHK.EXE, , [6c48ecb095e6ae88fc09dfaaf90817e9], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\AUTOFMT.EXE, , [4b690993fd7ea98db055cfbaaa573ec2], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\EXPAND.EXE, , [872d603c38431a1c09fc5d2ca859c739], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\FAXPATCH.EXE, , [d3e163393c3f92a4689d3d4cea179a66], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\SYSPARSE.EXE, , [5a5adac2700be94d768fa0e9c33e4cb4], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\USETUP.EXE, , [30847d1f126939fd7f8637522ed3bc44], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\WINNT.EXE, , [64503468106be94d8e77f792c73ad62a], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\WINNT32.EXE, , [5262beded9a22d09e124acdd946dba46], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\DRW\DWWIN.EXE, , [e8cc19833942da5c49bcfd8c44bdf40c], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\SYSTEM32\SMSS.EXE, , [7c38cdcf7605d660bb4a92f7768bf10f], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\WIN9XMIG\FAX\AWDVSTUB.EXE, , [516369332c4fbd791ee7b2d7c73aaf51], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\I386\WIN9XMIG\MAPI\DLL\MKNTFRMCACHE.EXE, , [4f6529736615ff373ec70c7d06fb35cb], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\SUPPORT\TOOLS\SETUP.EXE, , [288c4a524a310a2c9c696d1c649d8878], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\VALUEADD\MSFT\NET\TOOLS\TTCP.EXE, , [555fcbd1bebd3bfb0ff690f9fa07a858], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\VALUEADD\MSFT\USMT\LOADSTATE.EXE, , [f3c196065b20de5840c53653748d8d73], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\VALUEADD\MSFT\USMT\SCANSTATE.EXE, , [c9eb23790774ba7ce2237910ad54bf41], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\VALUEADD\MSFT\USMT\SCANSTATE_A.EXE, , [c3f1e2ba43384beb8c794a3f946d946c], 
Virus.Neshta, D:\SOURCE\WINXPSP3EN\VALUEADD\MSFT\USMT\ANSI\SCANSTATE.EXE, , [c6ee2b71a5d659ddf015454406fb12ee], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004633.exe, , [496b8d0f1764280efd085c2d39c831cf], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004635.exe, , [3d77029a63183ef87293addc719034cc], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004637.EXE, , [526275274d2e7db90afb6a1fb54c17e9], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004638.EXE, , [763e5c40a2d92b0bd2334841ff02fb05], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004641.DLL, , [753f9b01cead76c0b0ff9edf02fe6997], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004642.DLL, , [e5cf0993e09b67cf6748027b24dccc34], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004643.DLL, , [92224755770477bf2788c5b8cc3443bd], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004644.DLL, , [882cf4a8314a6bcbf5ba95e831cf8b75], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004645.DLL, , [ae06c4d83f3c44f202ad6716c43c46ba], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004646.DLL, , [07ade5b7bebd41f5258a5726d729c040], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004647.DLL, , [793b5d3f403b06307e314c31ff01eb15], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004648.DLL, , [2e86cece176481b5911e1d607b85d32d], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004649.DLL, , [d1e31c804e2d68cefbb47607eb1536ca], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004651.DLL, , [a60edfbd3a413cfa5758691415eb7b85], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004652.DLL, , [f8bcf9a337445bdbb6f94c31649c2bd5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004653.DLL, , [2391cad2c6b51224505fc1bca55baf51], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004654.DLL, , [30849efe8bf00a2c58572b5252ae32ce], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004655.DLL, , [595be9b31e5d3ff7b3fcfc8127d92dd3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004656.DLL, , [a90b0b916a1186b0b6f9433ae31d36ca], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004657.DLL, , [6351c2dad6a5d75f357a4f2e33cdbc44], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004659.DLL, , [d7dd4b51accf6dc97935cdb0f60ac53b], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004660.DLL, , [bafa8616a9d279bdc6e96419a95754ac], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004661.DLL, , [1b99d8c44734f442fdb247360cf41de3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004662.DLL, , [cee69309d2a9a98d8728522b2cd406fa], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004663.DLL, , [466e128a0a71f83e7e314934926ec23e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004664.DLL, , [13a1f0acf5860036921dc2bb966a649c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004665.DLL, , [b10386160f6ca88e307f65181ee26a96], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004666.DLL, , [169e44588cef62d47b3488f540c029d7], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004667.DLL, , [c1f3b7e50c6ffe3808a795e8b7495ca4], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004669.DLL, , [b004d2cac3b8d165d7d81e5fde2204fc], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004670.DLL, , [cee6c2daa2d9f83e545b7ffe768a6b95], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004671.DLL, , [bff54f4d80fb31056b44562747b935cb], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004672.DLL, , [f2c2f3a9d7a4c571a00f9fde5da306fa], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004673.DLL, , [3e761389502b1c1a4e61304dff017888], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004674.DLL, , [179d89130f6cce680aa5116c28d8956b], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004675.DLL, , [8e26d2ca74071e180ba32d50b947768a], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004676.DLL, , [d4e0e7b5473469cd18965e1fb14f13ed], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004677.DLL, , [456f9a02d1aab680634c0578f7099070], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004678.DLL, , [179dafedfd7e999de3cce39aab558a76], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004679.DLL, , [4a6a1c8067147bbbebc4f786f40cf40c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004680.DLL, , [af05207cc9b2c96d347b611c2ad6e917], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004681.DLL, , [c3f1603c0c6f6bcbb2fc85f8e11f2cd4], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004682.DLL, , [1d97e3b97cff0333fcb3c9b40bf51ce4], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004683.DLL, , [0aaa73294f2cd660a00ffd80c63af709], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004684.DLL, , [d2e2d6c615660d29bdf29fdef60a1de3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004685.DLL, , [0ca86b31b4c76ccafdb289f4dc24c937], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004687.DLL, , [0aaa6d2fe29936008b2325589d6347b9], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004688.DLL, , [a70dc3d92e4d2115604e0875817f8878], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004689.DLL, , [c7ed8418403bb383e4cbc5b84cb4ed13], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004690.DLL, , [496b475537445bdbb0ff2558b947847c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004691.DLL, , [2193980485f6fd3938771c61e31def11], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004692.DLL, , [209454486c0fb680cce3770659a79d63], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004694.DLL, , [dcd8851783f847ef802fbebfdc24cb35], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004695.DLL, , [eec6bae2c4b77bbbd8d6d8a50ef245bb], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004697.DLL, , [dfd5eeae5d1ea98df2bd611c9f61ea16], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004698.DLL, , [3480ecb03843fd3906a85726ef1149b7], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004699.DLL, , [6c48a6f6f08bee48eac55c21e41c3cc4], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004700.DLL, , [52629b014635ed49179880fd7f814ab6], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004701.DLL, , [f8bc5c4083f8a096357ab7c6c937b24e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004702.DLL, , [6d475f3d57241125bef0f48923ddae52], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004703.DLL, , [4173b1ebdd9ebf77e9c76c11e61a39c7], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004705.DLL, , [5163bede106bd561e6caafceb0508a76], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004706.DLL, , [b6fe7923bcbfa98d47683c4154ac669a], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004707.DLL, , [6d479408b4c7e056e8c795e8629ef60a], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004708.DLL, , [387c5f3d5823d462cde27508ff01817f], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004709.DLL, , [05af8f0d0576c670f8b7304d02fe3ec2], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004710.DLL, , [21937e1e512a77bf2788334ab050ef11], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004711.DLL, , [793b6e2ec5b6ea4c86294736b14f28d8], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004712.DLL, , [f0c4188492e93204cfe088f5ad53a15f], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004713.DLL, , [7044900c047786b03a75c8b56c945da3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004714.DLL, , [991b207cf487f83e1a95dda0ea163ec2], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004715.DLL, , [dcd86537d7a4072f505f037afa06be42], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004716.DLL, , [496b306ce09bf4422c83c2bb867ac739], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004717.DLL, , [b103a0fcc7b450e66d41abd237c916ea], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004718.DLL, , [07addfbdfc7f0a2c6e4090edbd43b44c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004719.DLL, , [991b4854146739fd416ea8d5c937936d], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004720.DLL, , [21937428bebdaa8c604fd9a4ee12bc44], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004721.DLL, , [63518c100d6e88ae654a1964b749ba46], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004723.DLL, , [2c88bae27209e2548a25ef8eef117888], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004724.DLL, , [d1e3990398e37fb7e3ccc3ba5ba50000], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004725.DLL, , [1d976438b4c7290dab040d70778908f8], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004726.DLL, , [e3d1217b96e53df98e21631a48b8c937], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004727.DLL, , [1c98712bf4870c2ac0ef6419f80860a0], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004728.DLL, , [565ed4c889f245f1d5dab2cb12ee6898], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004729.DLL, , [5e563e5e215a6fc7634ceb9219e727d9], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004731.dll, , [7440f3a9a7d4072f01ad2c51649c2bd5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004732.dll, , [664e43599fdce452d3db7c01ab5509f7], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004733.dll, , [892bbfddafcc5dd9ffaf5429936ddf21], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004734.dll, , [a60e425ae695da5c9f0fd9a408f847b9], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004735.dll, , [a80ce4b8502b49edd6d890edce322bd5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004736.dll, , [fdb7e9b34833d95daa04aad317e9669a], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004737.dll, , [3c78435955268bab5559710ca25ea55b], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004738.dll, , [496ba9f3d3a8b383bfefd1acbd43d22e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004739.dll, , [84302775d9a2a78fae00ec91887838c8], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004650.DLL, , [367e4557a8d31b1b18972a5354aca957], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004668.DLL, , [377d316b334875c116999de0a15f30d0], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004686.DLL, , [ddd74b518bf0ec4a5a544c31a35df709], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004704.DLL, , [c3f1c1dbd6a596a03c73f4890000ca36], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004722.DLL, , [5064e4b80d6e58de6649d0ad6a9652ae], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004740.dll, , [0da76735007bcc6ae1cdd3aa23ddaf51], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004758.dll, , [8e265943ef8cd363cee0710c44bc18e8], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004776.dll, , [694bdebe344776c09818b3cacc34718f], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004794.dll, , [8f25a7f56e0d270fcde104791fe1bb45], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004812.dll, , [892b17853d3e83b304ab275623dd9a66], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004830.dll, , [f2c2504c45363df95f4f027b49b733cd], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004848.dll, , [7143c6d67407e6506b434439c33d8d73], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004866.dll, , [2c881f7ddaa18ea83d714934e11f9b65], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004741.dll, , [e0d4c7d5a9d2f73fb6f8b7c6ef11aa56], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004742.DLL, , [f6beefadbcbf05319618b5c88779ac54], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004743.DLL, , [fabac0dc6d0e81b501ad6b1215ebbf41], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004744.DLL, , [3c788d0f0477a096218d5d20966aed13], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004745.DLL, , [1c98b7e5a9d2d95de8c6047937c935cb], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004746.DLL, , [991b108c4e2dbc7a228cc8b531cfb14f], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004747.DLL, , [d3e1128a4f2cb87eb2fcc2bb20e0f40c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004748.dll, , [595ba0fcfa81f93d2a846b1234cc28d8], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004749.dll, , [565eb2ead0ab181e109fec910ff13cc4], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004750.dll, , [892ba8f4b0cb96a0a806d6a747b9f50b], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004751.dll, , [02b2a9f34d2e23131c93106dc937e719], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004752.dll, , [03b124784f2cc3732a85790487798e72], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004753.dll, , [d6de5c403e3d3006109ee499b9474eb2], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004754.dll, , [9b197428512ae1557836106d827e9769], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004755.dll, , [cee6059797e47eb8337c730a1ae64bb5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004756.dll, , [3183128aa4d7ed49f1bd4f2ecf311ee2], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004757.dll, , [546005977902f83e634b6b121ce4827e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004759.dll, , [fcb80e8ea7d479bd139b1c6110f0b24e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004760.dll, , [12a2bfddc4b72c0a7d31dda0b54bf907], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004761.dll, , [298b3864ed8e63d3961882fb60a037c9], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004762.dll, , [f5bffd9f205b1f176d4217660000619f], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004763.dll, , [6153eeae56252610c6e988f5c0409f61], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004764.dll, , [5e566f2d4734c1754e60136aae527b85], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004765.dll, , [a113d4c84437a98dc7e797e6b44ca35d], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004766.dll, , [d7dd73294a3178be5757fa834bb5bb45], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004767.dll, , [872d7b21c8b3cb6bf1bdc6b78a76837d], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004768.dll, , [8430425abbc06bcb8727fc81dc248779], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004769.dll, , [e0d404986615a98d4c63eb9259a7af51], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004770.dll, , [397b4c50adce8aac664947361ae67e82], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004771.dll, , [09ab18842c4fc076e1cdd8a588789f61], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004772.dll, , [d0e44359adcee2542985215ca25ef808], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004773.dll, , [f6be0d8f611a70c6248a5c21f8087d83], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004774.dll, , [9222e6b6b9c275c10f9fcbb2dc246898], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004775.dll, , [546053491e5da88e2b85dca10df3e21e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004777.dll, , [1e964a52e6950531e2ce027b05fb35cb], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004778.dll, , [1a9a7d1fb7c466d09a14156842be2bd5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004780.dll, , [4a6a2a726516c175ddd365185fa1ca36], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004781.dll, , [d6de0399c5b63303624caad34fb1a957], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004782.dll, , [1d97079584f742f408a6f687c53b3fc1], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004783.dll, , [7b39a4f891ea55e1dbd32459e719f40c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004784.dll, , [09ab78244f2c9f97228ce39a03fdc739], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004785.dll, , [3f75415b6f0c191d139b9de052ae2bd5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004786.dll, , [4272d7c52259a98d4767f38a3ec2ee12], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004787.dll, , [10a4138982f9c96d7737e29b04fca35d], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004788.dll, , [3d77405c4f2cdc5a5856de9f7c84d22e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004789.dll, , [c4f02775e893171f0ea0d3aa11ef956b], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004790.dll, , [caeac9d3aecd2412f3bbceaf02fe7888], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004791.DLL, , [684c1686ee8dec4a4866592421df15eb], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004795.dll, , [bef607959cdf50e6a60a2b528e72ae52], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004796.dll, , [d4e02a720d6e999df3bdb3ca16ea6997], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004797.dll, , [9d179903cab11e18d8d63d406e92c040], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004800.dll, , [bff5cece63181d19535b6716dd23c43c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004801.dll, , [cee6b7e5b2c943f3515d601de020a060], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004802.dll, , [e2d2afeda4d71c1a7a340a73916f09f7], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004803.dll, , [674d9903d7a4ef47fab480fddc243ec2], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004804.dll, , [07ad2c70007b85b1406ee19c5ea2758b], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004805.dll, , [486c8f0dcab139fdd5d9304d19e77c84], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004806.dll, , [0ba9613b6516b1858f1fd6a7b9473bc5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004807.dll, , [eaca316b58235fd703ab0f6e4bb5bf41], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004808.dll, , [d6defaa2e09b7fb7ffaff489f01055ab], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004809.dll, , [b7fd415b7605ff37634bc9b4c83833cd], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004810.dll, , [229226764c2f64d216997a03d42c4db3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004811.dll, , [c4f0821ac8b3c373b1feff7e22de29d7], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004813.dll, , [3d778e0ec8b3ef47228d6c1114ecee12], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004814.dll, , [1f9534683b408da9921d48359b6518e8], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004815.dll, , [dcd8623aa5d6ef47ffb0720b966a867a], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004816.dll, , [bbf9c8d4cfac72c47738c7b617e925db], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004817.dll, , [496b0795c6b5d95dfdb298e534ccec14], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004818.dll, , [1a9a3a62fe7de4524b644d30e51be41c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004819.dll, , [d1e3ecb00e6d0432f0bf106d4bb537c9], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004820.dll, , [0ea6c5d72853db5b5c52cbb240c0a65a], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004821.dll, , [684cd7c50c6fc274efbfa9d419e730d0], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004822.dll, , [4d672775daa1f73f4866ceaf1fe150b0], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004823.dll, , [664e6e2e1e5df73f5f4f6d107f81c739], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004824.dll, , [298b3369d4a7f244149af38ae9171be5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004825.dll, , [3480603c35463df9ebc32c516c94d729], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004826.dll, , [7242b5e7b8c3e94d436b7706ee12c040], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004827.dll, , [9321910b0972979fc7e797e6768aa25e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004828.dll, , [2d87eeae502b2d09ae00acd1e11f9d63], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004829.dll, , [4074247879028babdcd26e0ffd034db3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004831.dll, , [803453498fec1b1bcde1b9c442beb848], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004832.dll, , [dadabbe183f88caa436b235a946c7b85], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004833.dll, , [961e46565823ab8b5658433a57a9a25e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004834.dll, , [09abe4b885f68ea8b0fe790412ee8080], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004835.dll, , [81331389f883b87edbd338456e9256aa], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004836.dll, , [82326a323a41ed490ba3ee8f3dc3be42], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004837.dll, , [eaca2e6eadce3ff7545a09740cf449b7], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004838.dll, , [3e76e2ba3b4010266e4081fc7090bf41], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004839.dll, , [a80ce5b7a4d7cb6ba20c027bf709c23e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004840.dll, , [6054c5d7007be5517d31dda0738d2bd5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004841.dll, , [4e666537b3c8f541921c0c71d42c5ea2], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004842.dll, , [bcf838642a51d462c5e9acd16e9255ab], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004843.dll, , [674d3a6216653402c3ebb6c756aa1ee2], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004844.dll, , [2391009ca6d547ef1a94add0da266898], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004845.dll, , [7a3a7b21bbc01422b3fb65185da33cc4], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004846.dll, , [a1136636215a1b1bd0de0f6e0df39070], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004847.dll, , [258fa1fba2d9bd794b63027b2bd5926e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004849.dll, , [fdb70795ff7cff37208eb6c7a8588b75], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004850.dll, , [199b36662457b383d9d5324b738dd62a], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004851.dll, , [357fbbe127540d29b3fb82fbd828c838], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004852.dll, , [a2120d8f92e97bbb0da1cdb06e92ae52], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004853.dll, , [d6de8e0ed3a80a2c426c89f487796d93], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004854.dll, , [92226438b3c84bebb1fd1667a55ba45c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004855.dll, , [9e165349b2c9270f97172c514eb22dd3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004856.dll, , [c6eeb0ec4e2d7fb7feb0ff7e4ab65ca4], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004857.dll, , [5c58e9b34b30d85e5d51ea9348b8ec14], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004858.dll, , [ded67f1d24571e18446a5a2327d9b44c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004859.dll, , [367e9a02c1baad89862879048779926e], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004860.dll, , [3282702c0b70e650258955283ac66c94], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004861.dll, , [1d976537ed8e2e08832b7c01c43c19e7], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004862.dll, , [565e5e3e2358ab8b822cd6a719e7ce32], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004863.dll, , [e3d10795fd7e48ee6e406a130000d828], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004864.dll, , [1d97dfbd0b7040f6bef0205de31d58a8], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004865.dll, , [8b290f8d0a71c472604e512c31cf946c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004867.dll, , [288c5f3dd2a9ec4a0ba3d6a76e9216ea], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004868.dll, , [179da7f593e840f65559d7a6fe02b050], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004869.dll, , [fdb7514bfd7ec472efbf245913ede11f], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004870.dll, , [8a2a6a32374476c0129c215c99675ba5], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004871.dll, , [496b9b01cfacb97d9618c5b8b749d62a], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004872.dll, , [4b6967356e0d39fdbef00f6ede2216ea], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004873.dll, , [9b19a0fce3983afc1599c4b947b90000], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004874.dll, , [e7cda0fc84f724121e908bf24bb50ff1], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004875.dll, , [2d873864700b2214901e106d2bd59d63], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004876.dll, , [07ad524a205b1a1c3a748df0a25eba46], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004877.dll, , [5f554c50552677bf377781fc926e46ba], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004878.dll, , [0ea69507f18a7bbb406e9ce1649cf40c], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004879.dll, , [773dadefa6d524120ba3aecf817f1de3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004880.dll, , [6252069693e857dfad01106d6a9651af], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004881.dll, , [a212118be29964d26945ea9347b96b95], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004882.dll, , [05afa2fa522975c1c0eeabd235cb2ad6], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004883.dll, , [d5dfc6d6adcecc6a9c12abd2b94718e8], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004884.dll, , [3d773963463537ffe8c66419659b7090], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004885.dll, , [7a3aa3f9c5b68fa702ac93ea02fe5ca4], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004886.dll, , [11a3326a90eb70c68529fc819967cf31], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004887.dll, , [8034b5e7710a3cfaf5b9cbb20ff1fa06], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004888.dll, , [516395073a4156e07e30dba2d9271de3], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004889.dll, , [f0c41983bebd3ff7a9056c1135cb3fc1], 
Virus.Ramnit, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0004890.dll, , [9c18a8f4532806303778cfae2bd5e818], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP14\A0005399.exe, , [377d26761d5eee48ea1bbacf15ecb14f], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP19\A0006374.exe, , [f8bc5349c4b70234ef168ffa05fc24dc], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP19\A0006376.exe, , [03b1d8c47209b97d0bfaaadfcc35de22], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP19\A0006378.exe, , [7440dfbd52291125dc29d2b7d9284eb2], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP19\A0006380.exe, , [73411983275466d0768ff0999170f907], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP19\A0006384.exe, , [a014c0dc0f6cec4a9075addc818009f7], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP19\A0006385.EXE, , [ecc81e7e96e5360014f1e4a5cf326d93], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP19\A0006386.EXE, , [4470cad2ccaf9b9b53b2365337ca35cb], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP20\A0006416.exe, , [2292881485f62016fe075f2ab051d828], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP66\A0011527.EXE, , [4074bfdd7209201648bd8cfd9170ed13], 
Virus.Neshta, D:\System Volume Information\_restore{292E8EE4-315E-45AD-9D7D-F82AE111A554}\RP66\A0011529.EXE, , [10a4c4d8d3a8d56148bd45446e93ec14], 
PUP.Optional.OpenCandy.A, D:\System Volume Information\_restore{4444EFC9-E159-4E35-8985-547465FF7C02}\RP8\A0000271.exe, , [a014cad25328c6703a46ca78d92732ce], 
PUP.Optional.OpenCandy.A, D:\System Volume Information\_restore{B5453B3E-FC1F-403F-A611-E905C897040F}\RP45\A0125548.EXE, , [e0d4d6c6f289ee4837490a3845bb8c74], 
Virus.Neshta, D:\System Volume Information\_restore{B5453B3E-FC1F-403F-A611-E905C897040F}\RP45\A0125555.EXE, , [71435547512aa78f11f41a6f49b8db25], 
Virus.Neshta, D:\System Volume Information\_restore{B5453B3E-FC1F-403F-A611-E905C897040F}\RP45\A0125556.EXE, , [e8ccbddfc1ba23137293098043be639d], 
PUP.Optional.Somoto.A, D:\System Volume Information\_restore{B5453B3E-FC1F-403F-A611-E905C897040F}\RP45\A0125558.EXE, , [6a4a8c10166544f2d7740a1403fef40c], 
Virus.Neshta, D:\System Volume Information\_restore{B5453B3E-FC1F-403F-A611-E905C897040F}\RP45\A0125627.exe, , [b7fd801c9fdc90a6a75e2c5dd22f8d73], 
Virus.Neshta, C:\Windows\svchost.com, , [8d27742895e67cbae76264dcd42f58a8], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
---------------------------------------------------------------------------------
PS: I really really appreciate your effort!


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:23 PM

Posted 09 July 2014 - 07:20 AM

Hi triet96,

 

Sorry about the delay, some stuff came up yesterday which I had to attend to.

 

Please tell me how your two drives are set up (i.e. it seems windows is installed on C, but programs are on D).

A number of your programs on your D drive are infected, so we will have to at least remove them or wipe the drive. Do you have any documents, or non-exe files which are important to you on there?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 triet96

triet96
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 09 July 2014 - 08:05 AM

Hi xXToffeeXx,

 

I hope you had dealt with your problem thoroughly. Please, just take all the time you need to attend to your trouble.  Your response is already incredibly fast for a free help service, seriously! When I first posted, I thought it would take a week...not hours :D

 

About my computer:

I install windows and programs on drive C. I made sure I do not install anything onto drive D. However, I have portable programs that can just "fire away" and don't require any installments, which I store on drive D. Almost all other *.exe files are install packages of programs/drivers.

And yes, I do have a lot of important documents/music/videos/pictures/*.pdf/*.txt.... (non-.exe) on my drive D. In addition to that, I realize that I do not have any flashdrives that have enough room for even one-tenth of them. 

If you're talking about deleting the .exe files, I'm okay with that cause they're re-downloadable. It's the non-.exes that matter. My laptop is currently hooked up to my home network. I can transfer those files from my lap to another pc. The thing is that other pc is pretty much infected as well....

 

So, do you have any suggestions? 

 

Also, I'd like to ask you this: If a file is non-.exe, could it be infected by virus? Cause if it couldn't, I may as well copy them all to the other infected pc and have every single bit on my lap wiped out.

 

Thanks a lot! 

 



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:23 PM

Posted 10 July 2014 - 01:17 PM

Hi triet96,

 

It got sorted out, just a little more busy at the moment. Hehe, I'm glad to be of help and quick replies is what we hope to achieve for the majority of topics.

 

Also, I'd like to ask you this: If a file is non-.exe, could it be infected by virus? Cause if it couldn't, I may as well copy them all to the other infected pc and have every single bit on my lap wiped out.

This malware only infects exe files, so yes you could do that if you wish. You'd need to use a recovery partition or windows disk to reinstall though.

 

If you want then you can just re-run malwarebytes with the instructions from post 6, but make sure to remove everything found. Then run rkill with the instructions from post 4 (no need to redownload it).

 

xXToffeeXx~


Edited by xXToffeeXx, 10 July 2014 - 01:17 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 triet96

triet96
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 10 July 2014 - 03:05 PM

Hi xXToffeeXx,

You said this malware only affects exe files so non-exe files stored on my lap won't be affected. However what if I moved it to the other pc of mine and it happened to have some kinds of virus that attacks non-exe files? Then, when I have my lap newly fully installed and have those files back, will they come with virus?

I really think it could work out this way. I just need a word from a professional to say "it's a go" to encourage me :D

Thanks



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:23 PM

Posted 11 July 2014 - 11:57 AM

Hi triet96,

 

Well, if you plan to move all of your files over then it would be best to make sure the other laptop is clean. If you plan to move only exes over, then you have to make sure you have all the exe files from the D drive moved (you would still need to run malwarebytes to remove the virus file anyway). A reinstall should be done with deleting all files on that computer, but yes that would make sure no malware could reinfect them.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 triet96

triet96
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 11 July 2014 - 03:05 PM

Hi xXToffeeXx,

 

I run Malwarebytes to check everything on drive d on my lap. I move all non-exe files to the other pc. I made sure I moved the least number of exe files (also they are not reported to have been infected) to that one too. 

 

Encouraged by your words, I'm proceeding to have everything on my lap cleaned up! (I"m pretty eager for this too :D)

 

I guess everything is done! You have helped me so much and yet I can't do anything in return (do we have like "thanking-system) here on bleepingcomputer.com?). So, for what it is worth, I really really thank you!

 

To Bleepingcomputer.com: It seems like I'm gonna run into more virus-related trouble in the future. This website is absolutely useful for me. Thank you all!



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:23 PM

Posted 12 July 2014 - 07:57 AM

Hi triet96,

 

Let me know how this goes. I suggest running malwarebytes after moving the exe files to remove that svchost.com and then again to check it has really gone (rkill will be needed to fix the exe shell value I believe too). Otherwise if it's not gone then post here and I'll make a script to remove it for you.

 

You are welcome, and we don't really have a thanking system, but just a simple thanks is always nice.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 triet96

triet96
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 13 July 2014 - 01:19 AM

Hi xXToffeeXx,

I am replying to you on my just-reinstalled lap. I have malwarebyte checked everything after the installment of the window and it seems to be going fine now! 

My problem is solved! Thank you

I think you can close this topic from now on.

Good bye and good luck!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users