Jump to content

Recommended Posts

My computer went a little haywire earlier today and now loginning seems to be affected.

Here are my MBAM and HJT logs and hopefully someone will be able to help. thank you.

Malwarebytes' Anti-Malware 1.33

Database version: 1738

Windows 5.1.2600 Service Pack 3

2/8/2009 1:39:42 AM

mbam-log-2009-02-08 (01-39-42).txt

Scan type: Quick Scan

Objects scanned: 64166

Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 10

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 37

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{a407fae3-6795-49fb-8a12-27ef0bb63116} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\58e6c40a (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Mike Powell\Local Settings\Temp\winlognn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\fprcyxcw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\hdlhnnbt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkHApMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kjdcutmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcekkmtu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_hsfd83jfdg.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\protect.sys (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\K6QQGIAQ\hrobc[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\K6QQGIAQ\islre[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\K6QQGIAQ\qjgguh[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\K6QQGIAQ\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\aasuper0[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\aSPhJ[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\dnxkllz[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\nddaa[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\vbclmznn[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\P0P7D11N\aasuper2[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\XOV63UKZ\img[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\7z.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\codeblocks.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\makehm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TMPD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nancy Powell\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\senekarwxvnsru.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:34:15 AM, on 2/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [58e6c40a] rundll32.exe "C:\WINDOWS\system32\qcxijcry.dll",b

O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\MIKEPO~1\LOCALS~1\Temp\winlognn.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMPD.tmp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKUS\S-1-5-20\..\Run: [pitedehega] Rundll32.exe "C:\WINDOWS\system32\giyesewu.dll",s (User 'NETWORK SERVICE')

O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab

O20 - AppInit_DLLs: qhjdij.dll bbsyju.dll qdlath.dll

O20 - Winlogon Notify: ddcYrQkL - ddcYrQkL.dll (file missing)

O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8705 bytes

Link to post
Share on other sites

  • Root Admin

STEP 1

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.

  • F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
  • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  • O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  • O4 - HKLM\..\Run: [58e6c40a] rundll32.exe "C:\WINDOWS\system32\qcxijcry.dll",b
  • O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\MIKEPO~1\LOCALS~1\Temp\winlognn.exe
  • O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMPD.tmp
  • O4 - HKUS\S-1-5-20\..\Run: [pitedehega] Rundll32.exe "C:\WINDOWS\system32\giyesewu.dll",s (User 'NETWORK SERVICE')
  • O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
  • O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
  • O20 - AppInit_DLLs: qhjdij.dll bbsyju.dll qdlath.dll
  • O20 - Winlogon Notify: ddcYrQkL - ddcYrQkL.dll (file missing)
  • O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
    Then Quit All Browsers including the one you're reading this in now.
    Then click on Fix checked and then quit HJT

STEP 2

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

ComboFix 09-02-07.01 - Administrator 2009-02-08 13:50:07.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.713 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\services.exe

c:\windows\system32\3.tmp

c:\windows\system32\4.tmp

c:\windows\system32\bepesata.dll.tmp

c:\windows\system32\drivers\protect.sys

c:\windows\system32\gwqypx.dll

c:\windows\system32\MlTEgNnn.ini

c:\windows\system32\MlTEgNnn.ini2

c:\windows\system32\nnNgETlM.dll.vir

c:\windows\system32\okirezun.ini

c:\windows\system32\pdxlryir.dll

c:\windows\system32\pewofesa.dll

c:\windows\system32\qdlath.dll

c:\windows\system32\tutatezu.dll.tmp

c:\windows\system32\yrcjixcq.ini

c:\windows\Tasks\illtwywq.job

----- BITS: Possible infected sites -----

hxxp://childhe.com

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PROTECT

-------\Service_Passthru

-------\Service_protect

((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))

.

2009-02-08 13:33 . 2005-10-27 19:24 49,664 -ra------ c:\windows\system32\drivers\hpzid412.sys.bak

2009-02-08 13:33 . 2005-10-27 19:24 16,496 -ra------ c:\windows\system32\drivers\hpzipr12.sys.bak

2009-02-08 13:33 . 2009-02-08 13:33 11,776 --ah----- c:\windows\system32\config\systemprofile\uuu.exe

2009-02-08 13:33 . 2009-02-08 13:33 3,584 --a------ c:\windows\jrfwotwn.exe

2009-02-08 13:33 . 2009-02-08 13:33 130 --a------ c:\windows\adobe.bat

2009-02-08 13:33 . 2009-02-08 13:45 6 --a------ c:\windows\_id.dat

2009-02-08 13:29 . 2009-02-08 13:29 64,000 --a------ c:\windows\system32\i386kd.exe

2009-02-08 13:29 . 2009-02-08 13:29 168 --a------ c:\windows\system32\2.tmp

2009-02-08 01:44 . 2009-02-08 01:44 32,256 --ah----- c:\documents and settings\Administrator\acxb.exe

2009-02-08 01:33 . 2009-02-08 01:33 <DIR> d-------- c:\program files\Trend Micro

2009-02-08 01:30 . 2009-02-08 01:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-02-08 01:24 . 2009-02-08 01:24 67,585 --a------ c:\windows\system32\20.tmp

2009-02-08 01:24 . 2009-02-08 01:24 29,184 --a------ c:\windows\system32\1F.tmp

2009-02-08 01:24 . 2009-02-08 01:24 7,073 --a------ c:\windows\system32\22.tmp

2009-02-08 01:24 . 2009-02-08 01:24 172 --a------ c:\windows\system32\1E.tmp

2009-02-07 20:58 . 2009-02-07 20:58 <DIR> d-------- c:\documents and settings\Nancy Powell\Application Data\Apple Computer

2009-02-07 19:42 . 2009-02-07 19:42 33,920 --a------ c:\windows\system32\drivers\qktksgef.sys

2009-02-07 19:41 . 2009-02-08 01:44 137,408 --a------ c:\windows\system32\drivers\ethyhoay.sys

2009-02-07 19:41 . 2009-02-08 13:33 66,560 ---h----- c:\windows\system32\secupdat.dat

2009-02-07 19:41 . 2009-02-08 13:33 53,248 --a------ c:\windows\system32\drivers\ndisio.sys

2009-02-07 19:41 . 2009-02-07 19:41 32,768 --ah----- c:\documents and settings\Nancy Powell\ouoj.exe

2009-02-07 19:38 . 2009-02-07 19:41 164,708 --a------ c:\windows\system32\17.tmp

2009-02-07 19:38 . 2009-02-07 19:38 67,585 --a------ c:\windows\system32\15.tmp

2009-02-07 19:38 . 2009-02-07 19:38 29,184 --a------ c:\windows\system32\14.tmp

2009-02-07 19:38 . 2009-02-07 19:38 172 --a------ c:\windows\system32\13.tmp

2009-02-07 11:52 . 2009-02-07 11:52 39,936 --a------ C:\xxweksc.exe

2009-02-07 11:52 . 2009-02-07 11:52 21,504 --a------ C:\wskrote.exe

2009-02-07 11:52 . 2009-02-07 11:52 21,504 --a------ C:\jwfmld.exe

2009-02-07 11:52 . 2009-02-07 11:52 2 --a------ C:\1491518629

2009-01-30 20:49 . 2009-01-30 20:49 <DIR> d-------- c:\documents and settings\Nancy Powell\Application Data\HP

2009-01-20 16:05 . 2009-02-07 19:43 764 --ah----- C:\aaw7boot.cmd

2009-01-20 14:27 . 2009-01-20 14:27 <DIR> d-------- c:\documents and settings\Mike Powell\Application Data\Malwarebytes

2009-01-20 14:22 . 2009-01-20 14:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-20 14:22 . 2009-01-20 14:21 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-01-20 14:22 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-20 14:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-20 14:18 . 2009-01-20 14:18 <DIR> d-------- c:\program files\Lavasoft

2009-01-20 14:18 . 2009-01-20 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-20 14:18 . 2009-01-20 14:18 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-01-20 13:37 . 2009-01-20 13:37 <DIR> d-------- c:\program files\Canon

2009-01-20 13:36 . 2009-01-20 13:36 <DIR> d-------- c:\program files\Common Files\Canon

2009-01-18 16:42 . 2000-01-18 04:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec

2009-01-18 16:42 . 2009-02-08 01:44 <DIR> d-------- c:\documents and settings\Administrator

2009-01-15 00:55 . 2009-01-15 00:55 <DIR> d-------- c:\documents and settings\Mike Powell\Application Data\F-Secure

2009-01-14 23:39 . 2009-01-15 01:04 <DIR> d-------- c:\program files\F-Secure Internet Security

2009-01-14 23:39 . 2009-01-14 23:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\fssg

2009-01-14 23:35 . 2009-01-15 00:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\f-secure

2009-01-14 22:53 . 2009-02-08 13:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-01-14 22:46 . 2009-01-14 23:28 <DIR> d-------- c:\documents and settings\Nancy Powell\Application Data\uTorrent

2009-01-14 22:25 . 2009-01-20 15:51 4 --a------ c:\windows\prpdlcze

2009-01-14 21:58 . 2009-01-14 21:58 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP

2009-01-14 21:04 . 2009-01-18 16:02 <DIR> d-------- c:\program files\RocketDock

2009-01-14 20:41 . 2003-12-13 00:40 202,763 --a------ c:\windows\system32\uxtheme.uxtender

2009-01-14 16:35 . 2009-01-14 17:33 <DIR> d-------- c:\documents and settings\Mike Powell\Application Data\Download Manager

2009-01-12 18:02 . 2008-04-14 07:00 218,624 --a------ c:\windows\system32\uxtheme.backup

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-07 19:48 --------- d-----w c:\program files\Trillian

2009-01-29 23:48 --------- d-----w c:\documents and settings\Mike Powell\Application Data\uTorrent

2009-01-28 22:21 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-15 03:24 --------- d-----w c:\program files\BigFix

2009-01-15 02:59 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-01-15 02:58 --------- d-----w c:\program files\Symantec

2009-01-15 02:50 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-15 01:52 202,763 ----a-w c:\windows\system32\uxtheme.dll

2009-01-10 19:18 --------- d-----w c:\program files\Google

2009-01-10 03:06 --------- d-----w c:\documents and settings\Mike Powell\Application Data\Apple Computer

2009-01-03 23:32 --------- d-----w c:\documents and settings\Mike Powell\Application Data\Media Player Classic

2008-12-19 08:21 --------- d-----w c:\program files\iTunes

2008-12-19 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Last.fm

2008-12-19 08:20 --------- d-----w c:\program files\Last.fm

2008-12-18 02:43 --------- d-----w c:\program files\Norton PC Checkup

2008-12-16 09:25 --------- d-----w c:\program files\CDisplay

2008-12-15 23:45 --------- d-----w c:\program files\QuickTime

2008-12-15 23:45 --------- d-----w c:\program files\iPod

2008-12-15 23:45 --------- d-----w c:\program files\Common Files\Apple

2008-12-15 23:45 --------- d-----w c:\program files\Bonjour

2008-12-15 23:45 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-15 23:43 --------- d-----w c:\program files\Apple Software Update

2008-12-15 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2008-12-15 19:11 --------- d-----w c:\program files\Ubisoft

2008-12-15 19:10 --------- d-----w c:\program files\Common Files\InstallShield

2008-12-15 06:36 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS

2008-12-15 03:20 --------- d-----w c:\program files\Combined Community Codec Pack

2008-12-12 20:16 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-08-18 21:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat

.

------- Sigcheck -------

2008-04-14 07:00 1050624 bf24e3c99638657a52bbff0a397276bb c:\windows\explorer.exe

2008-04-14 07:00 1050624 66a371085bbfb8fcfbd2f99fe82702d1 c:\windows\system32\dllcache\explorer.exe

2008-04-14 07:00 32256 b649223adec090eca1954db5ca3acd62 c:\windows\system32\ctfmon.exe

2008-04-14 07:00 32768 a4947940dffadae7bdef24b6cecb3bb6 c:\windows\system32\dllcache\ctfmon.exe

2008-04-14 07:00 74752 fc2de0c15ccc5b6670493a8304d21276 c:\windows\system32\spoolsv.exe

2008-04-14 07:00 74752 9c103d4448987e2668c1756fe504f88e c:\windows\system32\dllcache\spoolsv.exe

2008-04-14 07:00 43008 172373b6195eb3e5a97d81eb0f46fd3f c:\windows\system32\userinit.exe

2008-04-14 07:00 43008 33a53a9bc77aa02d10b57a3b23dd71c5 c:\windows\system32\dllcache\userinit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 511432]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 32256]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-24 8491008]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 229432]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 83896]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 472576]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 472576]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 72736]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-24 81920]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 442368]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 69632]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 434176]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"nwiz"="nwiz.exe" [2008-02-24 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"jrfwotwn.exe"="c:\windows\jrfwotwn.exe" [2009-02-08 3584]

c:\documents and settings\Mike Powell\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qktksgef.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=

"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=

"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"80:TCP"= 80:TCP:Promo

"53:UDP"= 53:UDP:Promo

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160]

R0 qktksgef;qktksgef;c:\windows\system32\drivers\qktksgef.sys [2009-02-07 33920]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 33280]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 151552]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-11-22 45132]

S1 ethyhoay;ethyhoay;c:\windows\system32\drivers\ethyhoay.sys [2009-02-07 137408]

.

Contents of the 'Scheduled Tasks' folder

2009-02-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-20 14:21]

2009-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-14 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job

- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 21:43]

2009-02-08 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job

- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 21:43]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe

HKCU-Run-jsf8uiw3jnjgffght - c:\docume~1\MIKEPO~1\LOCALS~1\Temp\winlognn.exe

HKCU-Run-tezrtsjhfr84iusjfo84f - c:\docume~1\MIKEPO~1\LOCALS~1\Temp\csrssc.exe

HKLM-Run-LaunchApp - (no file)

HKU-Default-Run-services - c:\windows\services.exe

HKLM-Explorer_Run-services - c:\windows\services.exe

HKU-Default-Explorer_Run-services - c:\windows\services.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0808&m=le1200

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0808&m=le1200

uInternet Settings,ProxyOverride = *.local

IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab

FF - ProfilePath - c:\documents and settings\Mike Powell\Application Data\Mozilla\Firefox\Profiles\vrvwtex5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.stickyscreen.org/

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-08 13:54:21

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00

c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00\appcompat.txt 16188 bytes

c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00\logonui.exe.hdmp 2917399 bytes

c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00\logonui.exe.mdmp 476081 bytes

c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00\manifest.txt 2020 bytes

scan completed successfully

hidden files: 5

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)

c:\program files\Bonjour\mdnsNSP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\windows\system32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Completion time: 2009-02-08 13:56:38 - machine was rebooted [Mike Powell]

ComboFix-quarantined-files.txt 2009-02-08 18:56:33

Pre-Run: 50,189,938,688 bytes free

Post-Run: 49,361,727,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

315 --- E O F --- 2009-01-15 00:45:07

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:21, on 2009-02-08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [jrfwotwn.exe] C:\WINDOWS\jrfwotwn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [jrfwotwn.exe] C:\WINDOWS\jrfwotwn.exe (User 'Default user')

O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8837 bytes

How she look doc?

Link to post
Share on other sites

  • Root Admin

Screwed up.

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

You will need access to another Windows XP system and a CD burner and possibly the original Windows XP CD to fix this.

We can try and see if one of the Anti-Virus scanners can fix it but I don't think it can.

We'll try this one first.

Download to the desktop: Dr.Web CureIt

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
Link to post
Share on other sites

Dr.Web Cure It

A0017499.dll;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Trojan.Juan.80;Deleted.;

A0017503.dll;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Trojan.Virtumod.1615;Deleted.;

A0018008.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Trojan.Packed.154;Deleted.;

A0018025.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Trojan.DownLoad.12588;Deleted.;

A0018027.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Trojan.Spambot.2424;Deleted.;

A0018599.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.154;Deleted.;

A0018616.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.DownLoad.12588;Deleted.;

A0018618.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Spambot.2424;Deleted.;

A0018661.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.DownLoad.12588;Deleted.;

A0018718.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.154;Deleted.;

A0018720.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.154;Deleted.;

A0018746.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.140;Deleted.;

A0018921.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.140;Deleted.;

acxb.exe;C:\Documents and Settings\Administrator;Trojan.Packed.154;Deleted.;

bepesata.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1610;Deleted.;

Buildalot2.exe;C:\Program Files\eMachines Games\Build-a-lot 2;Trojan.Packed.140;Deleted.;

chglogon.exe;C:\WINDOWS\system32\dllcache;Trojan.Packed.140;Deleted.;

dxdiag.exe;C:\WINDOWS\system32\dllcache;Trojan.Packed.140;Deleted.;

gwqypx.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;

hpoapd01.exe;C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup;Trojan.Packed.140;Deleted.;

hpsjrreg.exe;C:\Program Files\HP\Digital Imaging\bin;Trojan.Packed.140;Deleted.;

i386kd.exe;C:\WINDOWS\system32;Trojan.Spambot.2424;Deleted.;

jrfwotwn.exe;c:\windows;Trojan.DownLoad.12588;Deleted.;

kinit.exe;C:\Program Files\Java\jre1.6.0_05\bin;Trojan.Packed.140;Deleted.;

ouoj.exe;C:\Documents and Settings\Nancy Powell;Trojan.Packed.154;Deleted.;

pewofesa.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;

protect.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.429;Deleted.;

tutatezu.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1610;Deleted.;

uuu.exe;C:\WINDOWS\system32\config\systemprofile;Trojan.Packed.154;Deleted.;

HUD.Vision_by_Jiri_Mahel-v1.9.exe\Skins\HUD.Vision\Black\util\fileExec.exe;C:\Documents and Settings\Mike Powell\My Documents\Vis Style Stuff\Rain\HUD.Vision_by_Jiri_Mahel-v1.9.exe;Trojan.DownLoader.origin;;

HUD.Vision_by_Jiri_Mahel-v1.9.exe\Skins\HUD.Vision\White\util\fileExec.exe;C:\Documents and Settings\Mike Powell\My Documents\Vis Style Stuff\Rain\HUD.Vision_by_Jiri_Mahel-v1.9.exe;Trojan.DownLoader.origin;;

A0017548.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Program.PsExec.170;;

A0017656.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Program.PsExec.170;;

A0018133.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Program.PsExec.170;;

A0018970.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;;

mplayer2.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;;

A0010313.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010314.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010315.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010316.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010317.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010318.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010319.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010320.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010321.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010322.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010323.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010324.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010325.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010326.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010327.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010328.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010329.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010330.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010331.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010332.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010333.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010334.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010335.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010336.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010337.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010338.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010339.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010340.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010341.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010342.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010343.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010344.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010345.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010346.scr;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010347.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010348.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010349.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010350.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010351.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010352.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010353.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010354.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010355.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010356.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010357.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010358.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010359.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010360.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010361.scr;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010362.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010363.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010364.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010365.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010366.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010367.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.;

A0010369.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0010380.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0010382.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0011300.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0011303.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0011304.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0011305.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0011312.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0011313.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0011314.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013306.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013307.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013308.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013309.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013311.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013312.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013313.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013326.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013336.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013337.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013338.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013339.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0013340.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0016338.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0016339.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017493.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017494.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017495.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017496.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017497.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017498.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017506.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017507.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017508.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017509.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017510.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017511.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017522.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017535.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017548.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017559.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017572.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017585.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017592.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017607.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017608.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017610.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017622.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017623.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017624.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017656.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017664.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017677.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017695.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.;

A0017717.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017718.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017719.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017721.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017723.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017724.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017725.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017730.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017731.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017785.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017787.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017788.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017791.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017792.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017793.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017794.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017795.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017796.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017797.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017798.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017799.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017910.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017911.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017912.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017913.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017914.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017915.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017916.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017917.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017922.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0017923.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018027.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018036.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018037.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018045.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018046.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018047.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018048.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018049.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018086.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018087.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018089.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018101.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018102.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018103.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018107.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018133.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018140.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018153.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018173.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.;

A0018215.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018239.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018241.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018242.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018243.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018246.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018248.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018249.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018250.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018255.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018256.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018306.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018307.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018308.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018313.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018318.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018323.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018324.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018378.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018380.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018382.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018383.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018384.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018385.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018386.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018387.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018388.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018389.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018390.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018501.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018502.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018503.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018504.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018505.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018506.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018507.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018508.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018513.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018514.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018618.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018627.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018628.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018630.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018631.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018632.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018633.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018634.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018645.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018646.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018647.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018648.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018649.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018650.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018651.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018652.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018653.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018654.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018655.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018656.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018657.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018658.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018659.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018660.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018662.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018663.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018664.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018665.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018666.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018667.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018668.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018669.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018670.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018671.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018672.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018673.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018674.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018675.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018676.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018677.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018678.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018679.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018680.scr;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018681.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018682.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018683.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018684.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018685.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018686.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018687.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018688.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018689.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018690.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018691.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018692.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018693.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018694.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018695.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018696.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018697.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018698.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018699.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018700.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018701.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018702.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018703.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018706.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018706.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018709.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018710.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018718.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018720.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018732.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018733.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018734.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018735.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018736.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018738.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018741.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018743.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018747.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018750.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018762.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018796.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018803.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018807.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018809.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018811.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018814.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018825.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018843.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018847.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018864.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018871.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018873.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018880.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018881.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018882.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018883.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018884.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018885.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018886.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018908.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018926.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018928.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018929.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018930.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018931.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018932.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018933.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018934.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018936.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018937.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018938.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018943.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018944.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018945.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018946.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018948.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018963.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018964.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018969.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018970.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018971.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018972.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018973.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018974.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018975.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018976.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018977.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018978.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018979.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018980.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018981.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018982.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

A0018987.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.;

accwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

actmovie.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

acxb.exe;C:\Documents and Settings\Administrator;Win32.Virut.56;Cured.;

agentsvc.exe;c:\program files\newtech infosystems\nti backup now 5\client;Win32.Virut.56;Cured.;

agrsmsvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

ahui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

Alaunch.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

Alcmtr.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

alcwzrd.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

alg.exe;c:\windows\system32;Win32.Virut.56;Cured.;

AMove.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

APanel.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

arp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ARPPRODUCTICON.exe;C:\WINDOWS\Installer\{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE};Win32.Virut.56;Cured.;

ARPPRODUCTICON.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

ARPPRODUCTICON.exe;C:\WINDOWS\Installer\{12EFA1A4-AC3B-443C-8143-237EDE760403};Win32.Virut.56;Cured.;

at.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

atmadm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

attrib.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

auditusr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

bckgzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

blastcln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

bootok.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

bootvrfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cacls.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

calc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cb32.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;

CDisplay.exe;C:\Program Files\CDisplay;Win32.Virut.56;Cured.;

charmap.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ChCfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

CheckD2DSystem.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

chkdsk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

chkntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

chkrzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

cidaemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cisvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

ckcnv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cleanmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ClearEvent.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cliconfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

clipbrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

clipsrv.exe;c:\windows\system32;Win32.Virut.56;Cured.;

cmd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cmdl32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cmmon32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cmstp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

CombatArms.exe;C:\Nexon\Combat Arms;Win32.Virut.56;Cured.;

comp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

compact.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

comrepl.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;

comrereg.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;

conf.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;

ConfigWizards.exe;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;Win32.Virut.56;Cured.;

conime.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

control.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

convert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ctfmon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

ctfmon.exe;c:\windows\system32;Win32.Virut.56;Cured.;

daemon.exe;c:\program files\daemon tools lite;Win32.Virut.56;Cured.;

dcomcnfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ddeshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

defrag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

devcon.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

dfrgfat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dfrgntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dialer.exe;C:\Program Files\Windows NT;Win32.Virut.56;Cured.;

diantz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

diskpart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

diskperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dllhost.exe;c:\windows\system32;Win32.Virut.56;Cured.;

dllhst3g.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dmadmin.exe;c:\windows\system32;Win32.Virut.56;Cured.;

dmremote.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

doskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dplaysvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dpnsvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dpvsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

drmupgds.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

drwtsn32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dumprep.exe;c:\windows\system32;Win32.Virut.56;Cured.;

dvdplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dvdupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dwwin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dxdiag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

EndingBanner.exe;C:\Nexon\Combat Arms;Win32.Virut.56;Cured.;

Engine.exe;C:\Nexon\Combat Arms;Win32.Virut.56;Cured.;

EOS Utility.exe;C:\Program Files\Canon\EOS Utility;Win32.Virut.56;Cured.;

eragent.exe;c:\acer\empowering technology\erecovery;Win32.Virut.56;Cured.;

ERDNT.EXE;C:\WINDOWS\ERDNT\subs;Win32.Virut.56;Cured.;

ERDNT.EXE;C:\WINDOWS\ERDNT\Hiv-backup;Win32.Virut.56;Cured.;

eRecovery.exe;C:\Acer\Empowering Technology\eRecovery;Win32.Virut.56;Cured.;

eRecoveryUI.exe;C:\Acer\Empowering Technology\eRecovery;Win32.Virut.56;Cured.;

ERUpdateHidden.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

esentutl.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

eudcedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

eventvwr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

expand.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

explorer.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

explorer.exe;c:\windows;Win32.Virut.56;Cured.;

explorer.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.Virut.56;Cured.;

extrac32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fdsv.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

find.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

findstr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

finger.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fixmapi.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fltMc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fontview.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

forcedos.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

freecell.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fsquirt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fsutil.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fxsclnt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fxscover.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fxssend.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fxssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

grep.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

grpconv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

help.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

HelpCtr.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;

HelpSvc.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;

hh.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

HideWin.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

HijackThis.exe;C:\Program Files\Trend Micro\HijackThis;Win32.Virut.56;Cured.;

hostname.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

HP_IZE.exe;C:\Program Files\HP\Photosmart Essential;Win32.Virut.56;Cured.;

hpqdirec.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.;

HpqPhUnl.exe;C:\Program Files\HP\Digital Imaging\Unload;Win32.Virut.56;Cured.;

hpqpprop.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.;

hpqste08.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.;

hpqtbx01.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.;

hpqtra08.exe;c:\program files\hp\digital imaging\bin;Win32.Virut.56;Cured.;

hpqusgl.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.;

hpqwrg.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.;

hprbui.exe;C:\Program Files\HP\Digital Imaging\Product Assistant\bin;Win32.Virut.56;Cured.;

HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe;C:\WINDOWS\Installer\{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93};Win32.Virut.56;Cured.;

HPWUCli.exe;C:\Program Files\HP\HP Software Update;Win32.Virut.56;Cured.;

hpwuschd2.exe;c:\program files\hp\hp software update;Win32.Virut.56;Cured.;

HPZinw12.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

hpzipm12.exe;c:\windows\system32;Win32.Virut.56;Cured.;

hpzscr01.exe;C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup;Win32.Virut.56;Cured.;

hrtzzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

HSUpdate.exe;C:\Nexon\Combat Arms\HShield;Win32.Virut.56;Cured.;

HWID_detect.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

hypertrm.exe;C:\Program Files\Windows NT;Win32.Virut.56;Cured.;

i386kd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

icon.exe;C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71};Win32.Virut.56;Cured.;

icwconn1.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

icwconn2.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

icwrmind.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

icwtutor.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

ie4uinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;

iedw.exe;C:\Program Files\Internet Explorer;Win32.Virut.56;Cured.;

ieudinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;

iexpress.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

imapi.exe;c:\windows\system32;Win32.Virut.56;Cured.;

imjpmig.exe;c:\windows\ime\imjp8_1;Win32.Virut.56;Cured.;

imscinst.exe;c:\windows\system32\ime\pintlgnt;Win32.Virut.56;Cured.;

inetwiz.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

ipconfig.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ipsec6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ipv6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ipxroute.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

isignup.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

IsUninst.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

java.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

javaw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

javaws.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

javaws.exe;C:\Program Files\Java\jre1.6.0_07\bin;Win32.Virut.56;Cured.;

keystone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

label.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

language.exe;c:\program files\cyberlink\powerdvd\language;Win32.Virut.56;Cured.;

LastFM.exe;C:\Program Files\Last.fm;Win32.Virut.56;Cured.;

lights.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

lnkstub.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

locator.exe;c:\windows\system32;Win32.Virut.56;Cured.;

lodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

logagent.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

logman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

logoff.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

logon.scr;c:\windows\system32;Win32.Virut.56;Cured.;

logonui.exe;c:\windows\system32;Win32.Virut.56;Cured.;

lpq.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

lpr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

lssrvc.exe;c:\program files\common files\lightscribe;Win32.Virut.56;Cured.;

magnify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

makecab.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.Virut.56;Cured.;

MicCal.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

migpwd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

migrate.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

migwiz.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;

mmc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mmcperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mnmsrvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

mobsync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mofcomp.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

mountvol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

moviemk.exe;C:\Program Files\Movie Maker;Win32.Virut.56;Cured.;

mplay32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mplayer2.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

mplayerc.exe;C:\Program Files\Combined Community Codec Pack\MPC;Win32.Virut.56;Cured.;

mpnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mrinfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

msdtc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

msfeedssync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

msg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mshearts.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mshta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

msiexec.exe;c:\windows\system32;Win32.Virut.56;Cured.;

msimn.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;

msinfo32.exe;C:\Program Files\Common Files\Microsoft Shared\MSInfo;Win32.Virut.56;Cured.;

msmsgs.exe;c:\program files\messenger;Win32.Virut.56;Cured.;

mspaint.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

msswchx.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mstinit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mstsc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

napstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

narrator.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nbtstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nddeapir.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

net.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

net1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

netdde.exe;c:\windows\system32;Win32.Virut.56;Cured.;

netsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

netsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

netstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe;C:\WINDOWS\Installer\{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6};Win32.Virut.56;Cured.;

NewShortcut1_12EFA1A4AC3B443C8143237EDE760403.exe;C:\WINDOWS\Installer\{12EFA1A4-AC3B-443C-8143-237EDE760403};Win32.Virut.56;Cured.;

NewShortcut1_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

NewShortcut1_C673DF680CDE41FC9DFBF63D31DE4F28.exe;C:\WINDOWS\Installer\{CE386A4E-D0DA-4208-8235-BCE43275C694};Win32.Virut.56;Cured.;

NewShortcut11_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

NewShortcut2_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe;C:\WINDOWS\Installer\{CE386A4E-D0DA-4208-8235-BCE43275C694};Win32.Virut.56;Cured.;

NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe;C:\WINDOWS\Installer\{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE};Win32.Virut.56;Cured.;

NewShortcut3_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

NewShortcut6_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

NewShortcut7_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

NewShortcut8_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

NewShortcut9_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.;

NIRCMD.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

NMService.exe;C:\Nexon\Combat Arms;Win32.Virut.56;Cured.;

notepad.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

NOTEPAD.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;

nslookup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ntsd.exe;c:\windows\system32;Win32.Virut.56;Cured.;

ntvdm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nvappbar.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nvcolor.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nvdspsch.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nvsvc32.exe;c:\windows\system32;Win32.Virut.56;Cured.;

nvudisp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

NVUNINST.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nvunrm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nvusmb.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nwiz.exe;c:\windows\system32;Win32.Virut.56;Cured.;

odbcad32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

odbcconf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

oemig50.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;

osk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

osuninst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ouoj.exe;C:\Documents and Settings\Nancy Powell;Win32.Virut.56;Cured.;

packager.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

pathping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

pentnt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

perfmon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

PictureViewer.exe;C:\Program Files\QuickTime;Win32.Virut.56;Cured.;

PINBALL.EXE;C:\Program Files\Windows NT\Pinball;Win32.Virut.56;Cured.;

ping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ping6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

places.exe;C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227};Win32.Virut.56;Cured.;

powercfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

print.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

progman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

proquota.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

proxycfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

qappsrv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

qprocess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

qttask.exe;c:\program files\quicktime;Win32.Virut.56;Cured.;

qwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rasautou.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rasdial.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rasphone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rcimlby.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rcp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rdpclip.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rdsaddin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rdshost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

recover.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

reg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

regedit.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

regedt32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

regini.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

regipe.exe;C:\Program Files\HP\Digital Imaging\DocProc;Win32.Virut.56;Cured.;

regsvr32.exe;c:\windows\system32;Win32.Virut.56;Cured.;

regwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

replace.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

reset.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rexec.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

route.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

routemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsmsink.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsmui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rstrui.exe;C:\WINDOWS\system32\Restore;Win32.Virut.56;Cured.;

rsvp.exe;c:\windows\system32;Win32.Virut.56;Cured.;

rtcshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rthdcpl.exe;c:\windows;Win32.Virut.56;Cured.;

RTLCPL.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

RtlUpd.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

runas.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rundll32.exe;c:\windows\system32;Win32.Virut.56;Cured.;

runonce.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

Rvsezm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

rwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

savedump.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

scardsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;

schedulersvc.exe;c:\program files\newtech infosystems\nti backup now 5;Win32.Virut.56;Cured.;

scrcons.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

scrnsave.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sdbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sed.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

services.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.Virut.56;Cured.;

sessmgr.exe;c:\windows\system32;Win32.Virut.56;Cured.;

sethc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

setup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

setup_wm.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

setup50.exe;c:\program files\outlook express;Win32.Virut.56;Cured.;

setupn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sfc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

shadow.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

shmgrate.exe;c:\windows\system32;Win32.Virut.56;Cured.;

shrpubw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

shutdown.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

shvlzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

sigverif.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

skeys.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

SkyTel.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

slsk.exe;C:\Program Files\SoulseekNS;Win32.Virut.56;Cured.;

smbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

smlogsvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

sndrec32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sndvol32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sort.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

SoundMan.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

spider.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

spnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

spoolsv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

spoolsv.exe;c:\windows\system32;Win32.Virut.56;Cured.;

spoolsv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.;

ss3dfo.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssbezier.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssflwbox.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssmarque.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssmypics.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssmyst.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sspipes.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssstars.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sstext3d.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

stimon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

STLauncher.exe;C:\Program Files\Canon\PhotoStitch;Win32.Virut.56;Cured.;

subst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

SWREG.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

SWSC.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

SWXCACLS.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

syncapp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

syskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sysocmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

systray.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

taskman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

TASKMAN.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;

taskmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tcmsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tcpsvcs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

telnet.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tintsetp.exe;c:\windows\system32\ime\tintlgnt;Win32.Virut.56;Cured.;

tourstart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tracert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tracert6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tsdiscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tskill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tsshutdn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

twunk_32.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

tzchange.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

Uninstall_eRecovery.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

unlodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

unregmp2.exe;c:\windows\inf;Win32.Virut.56;Cured.;

unsecapp.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;

upnpcont.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ups.exe;c:\windows\system32;Win32.Virut.56;Cured.;

userinit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

userinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;

userinit.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.;

usrmlnka.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

usrprbda.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

usrshuta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

utilman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

uwdf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

verclsid.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

verifier.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

VFIND.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

viewpointservice.exe;c:\program files\viewpoint\common;Win32.Virut.56;Cured.;

vssadmin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

vssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

w32tm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wab.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;

wabmig.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;

wb32.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;

wbemtest.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

wdfmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wextract.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wiaacmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

WinFXDocObj.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

winhlp32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

winhlp32.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

winmgmt.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;

winmine.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

winmsd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

WinRAR.exe;C:\Program Files\WinRAR;Win32.Virut.56;Cured.;

winver.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

WISPTIS.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wmdbexport.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmiadap.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

wmiapsrv.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;

wmiprvse.exe;c:\windows\system32\wbem;Win32.Virut.56;Will be cured after restart.;

wmiprvse.exe.delete_on_reboot;C:\WINDOWS\system32\wbem;Win32.Virut.56;Will be cured after restart.;

wmlaunch.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmpenc.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmplayer.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmpnetwk.exe;c:\program files\windows media player;Win32.Virut.56;Cured.;

wmpnscfg.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmpshare.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmsetsdk.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wordpad.exe;C:\Program Files\Windows NT\Accessories;Win32.Virut.56;Cured.;

wpabaln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wpdshextautoplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wpnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

write.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wscntfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wuauclt1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

WudfHost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wupdmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

xcopy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

xpnetdiag.exe;c:\windows\network diagnostic;Win32.Virut.56;Cured.;

xxweksc.exe;C:\;Win32.Virut.56;Cured.;

xxweksc.exe;C:\;Win32.Virut.56;Cured.;

zip.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

zplayer.exe;C:\Program Files\Combined Community Codec Pack\Zoom Player;Win32.Virut.56;Cured.;

A0018704.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Incurable.Moved.;

A0018705.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Incurable.Moved.;

HUD.Vision_by_Jiri_Mahel-v1.9.exe;C:\Documents and Settings\Mike Powell\My Documents\Vis Style Stuff\Rain;Archive contains infected objects;Moved.;

jwfmld.exe;C:\;Win32.Virut.56;Incurable.Moved.;

wskrote.exe;C:\;Win32.Virut.56;Incurable.Moved.;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:22, on 2009-02-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\dumprep.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-2350346248-1977711859-2420409974-1007\..\Run: [Power2GoExpress] NA (User '?')

O4 - HKUS\S-1-5-21-2350346248-1977711859-2420409974-1007\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')

O4 - HKUS\S-1-5-21-2350346248-1977711859-2420409974-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-2350346248-1977711859-2420409974-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')

O4 - S-1-5-21-2350346248-1977711859-2420409974-1007 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')

O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')

O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9526 bytes

Thanks for the help.

Is anything here also affecting my internet connection as well? Because when trying to repair my connection, it's saying that it failed to query tcp ip settings of the connection. cannot proceed.

Just wondering if this had anything to do with my current infection, or if it caused from running combofix.

Link to post
Share on other sites

  • Root Admin

Well it is the common belief that this computer should be formated and Windows re-installed.

This virus: Win32.Virut.56 has screwed with just about every EXE file on your system and trusting it ever again even though potentially cleaned up is impossible. Too many files and too much damage has been done.

My recommendation is to backup your data and FDISK, FORMAT, Re-install Windows.

It's up to you though and we can continue to attempt to cleanup the system as best as possible, just let me know what you want to do.

Link to post
Share on other sites

  • Root Admin

You could try Symantec AV, or Kaspersky AV and see if they can clean it up some enough to use.

But apparently this is an updated attack and the current AV may not be up to fixing it either, but worth a shot I suppose, but remember that you can not trust this box anymore even if you do get it operational again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.