View Full Version : Win 32 heur... i think.
devilsfrog
2009-02-28, 01:49
I was just browsing around and then my avg went crazy. Starting saying bunches of files were infected. At this time i can only boot into safe mode. i did back up my registry and then i got the hijack log and the second one is a scan of spybot. i did not remove anything i just ran it to see what it would say. avg finds nothing in safemode, but then again it will only do a very basic scan for some reason.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:45 PM, on 2/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\avgssie.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diamondback] E:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "E:\Program Files\Dragon\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU\..\Run: [Malware Sweeper] E:\Program Files\MalwareSweeper\MalSwep.exe /STARTUP
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210052857046
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Bluetooth\bin\btwdins.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
----- Search result list ---
Refpron: [SBI $F531BF62] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\m
Refpron: [SBI $CAF76633] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso
Refpron: [SBI $CAF76633] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udaf
Refpron: [SBI $70C182F0] System file (File, nothing done)
C:\WINDOWS\system32\udxfytw.sys
Properties.size=32768
Properties.md5=3100138B8D41033C0D50BF85BEB1EBDC
Properties.filedate=1235431686
Properties.filedatetext=2009-02-23 17:28:06
Win32.Delf.rtk: [SBI $B2ADE84B] System file (File, nothing done)
C:\WINDOWS\system32\comsa32.sys
Properties.size=8
Properties.md5=CEE3959C5E3B0602BB7B181607F52CFD
Properties.filedate=1235052298
Properties.filedatetext=2009-02-19 08:04:58
Win32.Delf.rtk: [SBI $97640337] Executable (File, nothing done)
C:\WINDOWS\system32\afisicx.exe
Properties.size=37888
Properties.md5=268A3619DEB28A23D5F59828DA3459B6
Properties.filedate=1091620800
Properties.filedatetext=2004-08-04 06:00:00
Win32.Delf.rtk: [SBI $578113FE] Executable (File, nothing done)
C:\WINDOWS\system32\soxpeca.exe
Properties.size=37888
Properties.md5=9EA6BF65658E1346316D8E05AABFBCFD
Properties.filedate=1091620800
Properties.filedatetext=2004-08-04 06:00:00
Win32.Delf.rtk: [SBI $E4A597F0] File (File, nothing done)
C:\WINDOWS\system32\tpszxyd.sys
Properties.size=242688
Properties.md5=5EC27B0722C9157BD385067398B0F925
Properties.filedate=1091620800
Properties.filedatetext=2004-08-04 06:00:00
Win32.Delf.rtk: [SBI $68C12074] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca
Win32.Delf.rtk: [SBI $B426EE4B] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca
Win32.Delf.rtk: [SBI $5E1B1ABB] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx
Win32.Delf.rtk: [SBI $82FCD484] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx
Win32.Delf.uc: [SBI $88B8013A] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
Win32.Delf.uc: [SBI $14B30E85] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
Hi devilsfrog
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
devilsfrog
2009-03-01, 00:18
Shaba
I did read over the ComboFix and attemped it. I tried to run it, but all it did was say that my AVG was still running. I checked the task manager and system tray and it is not in either. When I clicked ok any way cause the ComboFix guide says if it is not located in those then it is disabled. It says "Date Error: Sat 02/28/2009 Check your settings", but that is today. Am I missing something?
Thanks
devilsfrog
Please attempt then to redownload combofix and run it in safe mode, please.
devilsfrog
2009-03-01, 22:02
Shaba
Here is the information requested:
COMBO LOG:
ComboFix 09-02-28.01 - Administrator 2009-03-01 14:49:38.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1793 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: NVIDIA Firewall *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Install.txt
c:\windows\system32\afisicx.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\Install.txt
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\system32\soxpeca.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\udxfytw.sys
c:\windows\xccwinsys.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_SOXPECA
-------\Service_afisicx
-------\Service_soxpeca
((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.
2009-02-25 23:46 . 2009-02-25 23:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp
2009-02-25 22:30 . 2009-02-25 22:30 <DIR> d-------- c:\windows\LastGood.Tmp
2009-02-24 21:48 . 2009-02-24 21:48 <DIR> d-------- c:\documents and settings\Administrator
2009-02-24 21:05 . 2002-02-15 14:02 676,352 --a------ c:\windows\system32\rtl60.bpl
2009-02-24 21:05 . 2009-02-24 06:02 155,227 --a------ c:\windows\system\xccef090131.exe
2009-02-21 16:01 . 2009-02-21 16:02 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
2009-02-19 21:49 . 2009-02-19 21:51 57 --a------ c:\windows\TUTORI~1.INI
2009-02-19 21:36 . 2009-02-24 21:11 2,194 --a------ c:\documents and settings\Laura\Application Data\SAS7_000.DAT
2009-02-19 19:48 . 2009-02-19 19:48 <DIR> d-------- c:\documents and settings\Laura\Application Data\Nuance
2009-02-19 19:46 . 2009-02-19 19:48 <DIR> d-------- c:\windows\speech
2009-02-19 19:46 . 2009-02-19 19:46 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-02-19 19:46 . 2009-02-19 19:46 <DIR> d-------- c:\program files\Common Files\Nuance
2009-02-19 19:46 . 2009-02-19 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-19 19:46 . 2009-02-19 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nuance
2009-02-11 23:32 . 2009-02-11 23:32 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\agi
2009-02-11 21:05 . 2009-02-24 21:22 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-11 20:41 . 2009-02-24 18:07 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-11 20:41 . 2009-02-11 20:41 <DIR> d-------- c:\program files\AVG
2009-02-11 20:41 . 2009-02-24 21:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-11 20:41 . 2009-02-11 20:41 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-11 20:41 . 2009-02-11 20:41 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-11 20:41 . 2009-02-11 20:41 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\program files\Kiwee Toolbar
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\program files\AGI
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\LocalService\Application Data\agi
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\Laura\Application Data\agi
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\agi
2009-02-08 21:34 . 2009-02-08 21:34 2,117,632 --a------ c:\windows\system32\python25.dll
2009-02-08 21:34 . 2008-09-16 10:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2009-02-08 21:34 . 2009-02-08 21:34 339,968 --a------ c:\windows\system32\pythoncom25.dll
2009-02-08 21:34 . 2009-02-08 21:34 114,688 --a------ c:\windows\system32\pywintypes25.dll
2009-02-04 23:44 . 2009-02-04 23:44 <DIR> d-------- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 07:19 --------- d-----w c:\documents and settings\Laura\Application Data\GetRightToGo
2009-02-12 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 17:40 --------- d-----w c:\program files\QuickTime
2009-01-31 17:39 --------- d-----w c:\program files\Common Files\Apple
2009-01-24 18:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-01-20 02:20 --------- d-----w c:\program files\Common Files\PocketSoft
2009-01-11 19:38 --------- d-----w c:\documents and settings\Laura\Application Data\Sony Corporation
2009-01-11 19:34 --------- d--h--w c:\program files\InstallShield Installation Information
.
------- Sigcheck -------
2008-04-13 18:12 31744 795800abbaddba7b7e88d0d49533bd2f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 06:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe
2004-08-04 06:00 31232 430df4c5a697b3aec8a4a961a23c7912 c:\windows\system32\dllcache\svchost.exe
2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 06:00 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
2008-04-13 18:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\system32\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\system32\dllcache\user32.dll
2008-04-13 18:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll
2004-08-04 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\dllcache\ws2_32.dll
2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 04:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 05:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 06:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys
2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys
2008-04-13 18:12 524800 1711783c38123ca1bc2869a43d5fa45e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 06:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe
2004-08-04 06:00 519680 901293dbd51d4c7308c1f997e2b4ac2d c:\windows\system32\dllcache\winlogon.exe
2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 06:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-04 06:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys
2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 06:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-04 06:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys
2007-06-13 04:23 1050624 9e8858660ce2d8877219ead654a4eb65 c:\windows\explorer.exe
2007-06-13 05:26 1050624 0403dd7054c97ca283b41b1b3f442977 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 06:00 1049088 eac5fa54be5867d38eda17daf9f120fe c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 18:12 1050624 e870596452ad6d77fc9102d22ecde99a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 04:23 1050112 3192aa8754284f9b8f9c0af42d02f522 c:\windows\system32\dllcache\explorer.exe
2008-04-13 18:12 125952 7ecbe32f63466c0eed3c9442918c6d08 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 06:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe
2004-08-04 06:00 125440 ff0d9270393f95c8cc0d50fce41764f5 c:\windows\system32\dllcache\services.exe
2008-04-13 18:12 30720 1c937a8f35fe13aa09b5f8c631548692 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 06:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe
2004-08-04 06:00 30720 8b3ecd6c7c4d5b5021f016e6a67e5969 c:\windows\system32\dllcache\lsass.exe
2008-04-13 18:12 32256 b723025893b0de29680e12f190c1fd46 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 06:00 32256 6f2df587be7cbf0f0f9a8adbb77d3b3f c:\windows\system32\ctfmon.exe
2004-08-04 06:00 32256 3a2a57aa53078dee19521f456aaeb228 c:\windows\system32\dllcache\ctfmon.exe
2005-06-10 18:17 74752 051c5914ee6ab02ae41ed33cbdc3f3bc c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 06:00 74752 741f9e5f7157178f960744f11f8a1d49 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2005-06-10 17:53 75264 c23302196af4e3c2874c32b8063378ee c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
2005-06-10 18:17 75264 0f5e67e92a48f5cf36bb7e93ab2e989b c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe\spoolsv.exe
2008-04-13 18:12 74752 edfac040c20a9fa4bae52ff36a1235dc c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-10 17:53 74752 2666bcd45fceb7c2da198edd45c92c71 c:\windows\system32\spoolsv.exe
2005-06-10 17:53 75264 81802b19b1525198c08e4e56ee627cc2 c:\windows\system32\dllcache\spoolsv.exe
2008-04-13 18:12 43008 10e80c56164079272094f2b0a68c12bb c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 06:00 41472 aab9606562d634bbcf1eee8453cc3457 c:\windows\system32\userinit.exe
2004-08-04 06:00 41984 aa536d60f16ca1bca13be5a1a97c8691 c:\windows\system32\dllcache\userinit.exe
2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
2004-08-04 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
2004-08-04 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll
2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 10:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2004-08-04 06:00 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll
2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll
2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\SoftwareDistribution\Download\040e86cafc583a58922d9f353b3a41cf\sp2gdr\kernel32.dll
2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\SoftwareDistribution\Download\040e86cafc583a58922d9f353b3a41cf\sp2qfe\kernel32.dll
2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\dllcache\kernel32.dll
2008-04-13 18:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
2004-08-04 06:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\powrprof.dll
2004-08-04 06:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\dllcache\powrprof.dll
2008-04-13 18:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
2004-08-04 06:00 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\imm32.dll
2004-08-04 06:00 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\dllcache\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2009-02-08 21:34 277648 --a------ c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2009-02-08 277648]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malware Sweeper"="e:\program files\MalwareSweeper\MalSwep.exe" [2007-11-11 716800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"Diamondback"="e:\program files\Razer\razerhid.exe" [2007-08-01 167936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-11 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 434176]
"KiweeHook"="c:\program files\Kiwee Toolbar\2.8.167\kwtbaim.exe" [2009-02-08 76936]
"AVG8_TRAY"="e:\progra~1\AVG\avgtray.exe" [2009-02-11 1601304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DNS7reminder"="e:\program files\Dragon\Ereg\Ereg.exe" [2006-11-27 255528]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 435736]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - e:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-11 20:41 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--------- 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
-----c--- 2003-10-23 18:51 253952 c:\program files\Hp\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
-----c--- 2003-06-25 10:24 69632 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
-----c--- 2005-07-22 20:33 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
-----c--- 2005-04-29 17:22 286720 c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 434176 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 e:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
-----c--- 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-11 00:41 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2005-04-14 21:01 98304 c:\windows\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft\\MigWiz\\migwiz.exe"=
"c:\\Program Files\\Joost Plugin\\joostws.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\AVG\\avgupd.exe"=
"e:\\Program Files\\AVG\\avgnsx.exe"=
"e:\\Program Files\\Sacred\\Sacred.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2007-04-27 120320]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-11 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-11 107272]
S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-02-08 27648]
S2 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\avgwdsvc.exe [2009-02-11 298264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-29 45132]
S3 PCD65X2;PCD65X2;\??\c:\docume~1\Laura\LOCALS~1\Temp\PCD65X2.sys --> c:\docume~1\Laura\LOCALS~1\Temp\PCD65X2.sys [?]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-06-01 13225]
.
Contents of the 'Scheduled Tasks' folder
2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - e:\program files\Winamp\winampa.exe
HKLM-Run-RegistryMechanic - (no file)
MSConfigStartUp-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\\nTune.exe
.
------- Supplementary Scan -------
.
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 14:53:58
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(224)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-03-01 14:55:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-01 20:55:48
Pre-Run: 11,377,012,736 bytes free
Post-Run: 12,970,024,960 bytes free
284 --- E O F --- 2009-02-12 00:04:32
NEW HIJACK LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59, on 2009-03-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\avgssie.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diamondback] E:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "E:\Program Files\Dragon\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Malware Sweeper] E:\Program Files\MalwareSweeper\MalSwep.exe /STARTUP
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210052857046
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Bluetooth\bin\btwdins.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9348 bytes
Please see my link above how to install manually recovery console.
After that, please rerun combofix and post back a fresh combofix log and a fresh hijackthis log.
devilsfrog
2009-03-02, 07:13
Shaba,
Sorry about that here you go:
ComboFix 09-02-28.01 - Administrator 2009-03-01 23:58:38.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1782 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: NVIDIA Firewall *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\userinit.exe . . . is infected!!
c:\windows\system32\spoolsv.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.
2009-02-25 23:46 . 2009-02-25 23:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp
2009-02-25 22:30 . 2009-02-25 22:30 <DIR> d-------- c:\windows\LastGood.Tmp
2009-02-24 21:48 . 2009-02-24 21:48 <DIR> d-------- c:\documents and settings\Administrator
2009-02-24 21:05 . 2002-02-15 14:02 676,352 --a------ c:\windows\system32\rtl60.bpl
2009-02-24 21:05 . 2009-02-24 06:02 155,227 --a------ c:\windows\system\xccef090131.exe
2009-02-21 16:01 . 2009-02-21 16:02 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
2009-02-19 21:49 . 2009-02-19 21:51 57 --a------ c:\windows\TUTORI~1.INI
2009-02-19 21:36 . 2009-02-24 21:11 2,194 --a------ c:\documents and settings\Laura\Application Data\SAS7_000.DAT
2009-02-19 19:48 . 2009-02-19 19:48 <DIR> d-------- c:\documents and settings\Laura\Application Data\Nuance
2009-02-19 19:46 . 2009-02-19 19:48 <DIR> d-------- c:\windows\speech
2009-02-19 19:46 . 2009-02-19 19:46 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-02-19 19:46 . 2009-02-19 19:46 <DIR> d-------- c:\program files\Common Files\Nuance
2009-02-19 19:46 . 2009-02-19 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-19 19:46 . 2009-02-19 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nuance
2009-02-11 23:32 . 2009-02-11 23:32 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\agi
2009-02-11 21:05 . 2009-02-24 21:22 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-11 20:41 . 2009-02-24 18:07 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-11 20:41 . 2009-02-11 20:41 <DIR> d-------- c:\program files\AVG
2009-02-11 20:41 . 2009-02-24 21:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-11 20:41 . 2009-02-11 20:41 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-11 20:41 . 2009-02-11 20:41 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-11 20:41 . 2009-02-11 20:41 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\program files\Kiwee Toolbar
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\program files\AGI
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\LocalService\Application Data\agi
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\Laura\Application Data\agi
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\agi
2009-02-08 21:34 . 2009-02-08 21:34 2,117,632 --a------ c:\windows\system32\python25.dll
2009-02-08 21:34 . 2008-09-16 10:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2009-02-08 21:34 . 2009-02-08 21:34 339,968 --a------ c:\windows\system32\pythoncom25.dll
2009-02-08 21:34 . 2009-02-08 21:34 114,688 --a------ c:\windows\system32\pywintypes25.dll
2009-02-04 23:44 . 2009-02-04 23:44 <DIR> d-------- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-19 07:19 --------- d-----w c:\documents and settings\Laura\Application Data\GetRightToGo
2009-01-31 17:40 --------- d-----w c:\program files\QuickTime
2009-01-31 17:39 --------- d-----w c:\program files\Common Files\Apple
2009-01-24 18:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-01-20 02:20 --------- d-----w c:\program files\Common Files\PocketSoft
2009-01-11 19:38 --------- d-----w c:\documents and settings\Laura\Application Data\Sony Corporation
2009-01-11 19:34 --------- d--h--w c:\program files\InstallShield Installation Information
.
------- Sigcheck -------
2008-04-13 18:12 31744 795800abbaddba7b7e88d0d49533bd2f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 06:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe
2004-08-04 06:00 31232 430df4c5a697b3aec8a4a961a23c7912 c:\windows\system32\dllcache\svchost.exe
2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 06:00 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
2008-04-13 18:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\system32\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\system32\dllcache\user32.dll
2008-04-13 18:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll
2004-08-04 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\dllcache\ws2_32.dll
2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 04:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 05:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 06:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys
2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys
2008-04-13 18:12 524800 1711783c38123ca1bc2869a43d5fa45e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 06:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe
2004-08-04 06:00 519680 901293dbd51d4c7308c1f997e2b4ac2d c:\windows\system32\dllcache\winlogon.exe
2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 06:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-04 06:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys
2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 06:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-04 06:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys
2007-06-13 04:23 1050112 8e9bd4109c0c8d4d3fa26ab0a2cbd982 c:\windows\explorer.exe
2007-06-13 05:26 1050624 0403dd7054c97ca283b41b1b3f442977 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 06:00 1049088 eac5fa54be5867d38eda17daf9f120fe c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 18:12 1050624 e870596452ad6d77fc9102d22ecde99a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 04:23 1050112 3192aa8754284f9b8f9c0af42d02f522 c:\windows\system32\dllcache\explorer.exe
2008-04-13 18:12 125952 7ecbe32f63466c0eed3c9442918c6d08 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 06:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe
2004-08-04 06:00 125440 ff0d9270393f95c8cc0d50fce41764f5 c:\windows\system32\dllcache\services.exe
2008-04-13 18:12 30720 1c937a8f35fe13aa09b5f8c631548692 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 06:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe
2004-08-04 06:00 30720 8b3ecd6c7c4d5b5021f016e6a67e5969 c:\windows\system32\dllcache\lsass.exe
2008-04-13 18:12 32256 b723025893b0de29680e12f190c1fd46 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 06:00 32256 6f2df587be7cbf0f0f9a8adbb77d3b3f c:\windows\system32\ctfmon.exe
2004-08-04 06:00 32256 3a2a57aa53078dee19521f456aaeb228 c:\windows\system32\dllcache\ctfmon.exe
2005-06-10 18:17 74752 051c5914ee6ab02ae41ed33cbdc3f3bc c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 06:00 74752 741f9e5f7157178f960744f11f8a1d49 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2005-06-10 17:53 75264 c23302196af4e3c2874c32b8063378ee c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
2005-06-10 18:17 75264 0f5e67e92a48f5cf36bb7e93ab2e989b c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe\spoolsv.exe
2008-04-13 18:12 74752 edfac040c20a9fa4bae52ff36a1235dc c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-10 17:53 74752 62dc69916306d7141561c5ff2e742a59 c:\windows\system32\spoolsv.exe
2005-06-10 17:53 75264 81802b19b1525198c08e4e56ee627cc2 c:\windows\system32\dllcache\spoolsv.exe
2008-04-13 18:12 43008 10e80c56164079272094f2b0a68c12bb c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 06:00 41472 29e405081ff3a4a4814743212e2a4987 c:\windows\system32\userinit.exe
2004-08-04 06:00 41984 aa536d60f16ca1bca13be5a1a97c8691 c:\windows\system32\dllcache\userinit.exe
2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
2004-08-04 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
2004-08-04 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll
2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 10:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2004-08-04 06:00 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll
2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll
2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\SoftwareDistribution\Download\040e86cafc583a58922d9f353b3a41cf\sp2gdr\kernel32.dll
2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\SoftwareDistribution\Download\040e86cafc583a58922d9f353b3a41cf\sp2qfe\kernel32.dll
2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\dllcache\kernel32.dll
2008-04-13 18:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
2004-08-04 06:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\powrprof.dll
2004-08-04 06:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\dllcache\powrprof.dll
2008-04-13 18:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
2004-08-04 06:00 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\imm32.dll
2004-08-04 06:00 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\dllcache\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2009-02-08 21:34 277648 --a------ c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2009-02-08 277648]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malware Sweeper"="e:\program files\MalwareSweeper\MalSwep.exe" [2007-11-11 716800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"Diamondback"="e:\program files\Razer\razerhid.exe" [2007-08-01 167936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-11 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 434176]
"KiweeHook"="c:\program files\Kiwee Toolbar\2.8.167\kwtbaim.exe" [2009-02-08 76936]
"AVG8_TRAY"="e:\progra~1\AVG\avgtray.exe" [2009-02-11 1601304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DNS7reminder"="e:\program files\Dragon\Ereg\Ereg.exe" [2006-11-27 255528]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [BU]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]
"RegistryMechanic"="" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 435736]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - e:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-11 20:41 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--------- 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
-----c--- 2003-10-23 18:51 253952 c:\program files\Hp\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
-----c--- 2003-06-25 10:24 69632 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
-----c--- 2005-07-22 20:33 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
-----c--- 2005-04-29 17:22 286720 c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
c:\program files\NVIDIA Corporation\nTune\\nTune.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 434176 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 e:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
-----c--- 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-11 00:41 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2005-04-14 21:01 98304 c:\windows\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft\\MigWiz\\migwiz.exe"=
"c:\\Program Files\\Joost Plugin\\joostws.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\AVG\\avgupd.exe"=
"e:\\Program Files\\AVG\\avgnsx.exe"=
"e:\\Program Files\\Sacred\\Sacred.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2007-04-27 120320]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-11 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-11 107272]
S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-02-08 27648]
S2 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\avgwdsvc.exe [2009-02-11 298264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-29 45132]
S3 PCD65X2;PCD65X2;\??\c:\docume~1\Laura\LOCALS~1\Temp\PCD65X2.sys --> c:\docume~1\Laura\LOCALS~1\Temp\PCD65X2.sys [?]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-06-01 13225]
.
Contents of the 'Scheduled Tasks' folder
2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 00:07:02
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-03-02 0:08:53 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-03-02 06:08:50
ComboFix2.txt 2009-03-02 05:53:33
ComboFix3.txt 2009-03-02 05:46:37
ComboFix4.txt 2009-03-01 20:55:51
Pre-Run: 13,128,343,552 bytes free
Post-Run: 13,113,667,584 bytes free
273 --- E O F --- 2009-02-12 00:04:32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:17 AM, on 3/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\avgssie.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diamondback] E:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "E:\Program Files\Dragon\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Malware Sweeper] E:\Program Files\MalwareSweeper\MalSwep.exe /STARTUP
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210052857046
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Bluetooth\bin\btwdins.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9227 bytes
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
c:\windows\system32\userinit.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
Repeat steps for all files on the list.
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
devilsfrog
2009-03-03, 01:45
Shaba here is the scans by Jotti:
c:\windows\system32\userinit.exe
Scan taken on 03 Mar 2009 00:37:33 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Malware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found Virus.Win32.Virut.q
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
c:\windows\system32\spoolsv.exe
Scan taken on 03 Mar 2009 00:39:52 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Malware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
c:\windows\explorer.exe
Scan taken on 03 Mar 2009 00:42:20 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found Trojan.Win32.Patched
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Those seem to be bad.
Please upload these files next, sorry that there are so many but we will need to find out if your system files are infected:
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
c:\windows\system32\dllcache\svchost.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\dllcache\winlogon.exe
c:\windows\explorer.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 04:23 1050112 3192aa8754284f9b8f9c0af42d02f522 c:\windows\system32\dllcache\explorer.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
c:\windows\system32\services.exe
c:\windows\system32\dllcache\services.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
c:\windows\system32\lsass.exe
c:\windows\system32\dllcache\lsass.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
c:\windows\system32\dllcache\spoolsv.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
c:\windows\system32\dllcache\userinit.exe
devilsfrog
2009-03-03, 07:25
Shaba
here is most of the files requested. my only problem is there is no folder dllcache under the system32.
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
Scan taken on 03 Mar 2009 06:14:32 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Malware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\svchost.exe
there is no folder dllcache
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
Scan taken on 03 Mar 2009 06:20:03 (GMT)
A-Squared Found Trojan.Win32.Patched!IK
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found Trojan.Win32.Patched
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\winlogon.exe
Scan taken on 03 Mar 2009 06:22:21 (GMT)
A-Squared Found Trojan.Win32.Patched!IK
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found Trojan.Win32.Patched
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\winlogon.exe
there is no folder dllcache
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
c:\windows\explorer.scf
Scan taken on 03 Mar 2009 05:59:59 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
Scan taken on 03 Mar 2009 06:02:43 (GMT)
A-Squared Found Trojan.Win32.Patched!IK
AntiVir Found HEUR/Malware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found Trojan.Win32.Patched
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\explorer.exe
there is no folder dllcache
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
Scan taken on 03 Mar 2009 06:09:41 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\services.exe
Scan taken on 03 Mar 2009 05:47:33 (GMT)
A-Squared Found Virus.Win32.Virut.q!IK
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found Virus.Win32.Virut.q
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\services.exe
there is no folder dllcache
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
Scan taken on 03 Mar 2009 06:05:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\lsass.exe
Scan taken on 03 Mar 2009 05:44:25 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Malware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\lsass.exe
there is no folder dllcache
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
Scan taken on 03 Mar 2009 06:12:04 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\spoolsv.exe
there is no folder dllcache
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
Scan taken on 03 Mar 2009 06:17:27 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\userinit.exe
there is no folder dllcache
There is but it is hidden system folder.
See here (http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp) how to unhide them and let me know if you can now find them.
devilsfrog
2009-03-04, 02:50
these files are from the dllcache folder. thank you for link showing how to find them.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\explorer.exe
Scan taken on 04 Mar 2009 01:32:00 (GMT)
A-Squared Found Trojan.Win32.Patched!IK
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found Trojan.Win32.Patched
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\winlogon.exe
Scan taken on 04 Mar 2009 01:44:53 (GMT)
A-Squared Found Trojan.Win32.Patched!IK
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Patched.E.gen!Eldorado
F-Secure Anti-Virus Found nothing
Ikarus Found Trojan.Win32.Patched
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\svchost.exe
Scan taken on 04 Mar 2009 01:39:56 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\services.exe
Scan taken on 04 Mar 2009 01:37:30 (GMT)
A-Squared Found Virus.Win32.Virut.q!IK
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found Virus.Win32.Virut.q
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\spoolsv.exe
Scan taken on 04 Mar 2009 01:47:50 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\lsass.exe
Scan taken on 04 Mar 2009 01:34:52 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\windows\system32\dllcache\userinit.exe
Scan taken on 04 Mar 2009 01:42:27 (GMT)
A-Squared Found Virus.Win32.Virut.q!IK
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found Virus.Win32.Virut.q
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Results are not very good because it looks like that there is not a clean copy for every file.
Let's run this next:
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
devilsfrog
2009-03-04, 07:59
Shaba
i can't run that, i am only able to get into safe mood and have no internet there. is there anything i can d/l and then transfer over so i can run it on there?
Yes you can try this one:
Download to the desktop: Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe)
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
devilsfrog
2009-03-05, 07:47
e_s40rp7.exe;c:\documents and settings\all users\application data\epson\epw!3 ssrp;Win32.Virut.56;Cured.;
pythonservice.exe;c:\program files\agi\common\win32;Win32.Virut.56;Cured.;
idrivert.exe;c:\program files\common files\installshield\driver\1150\intel 32;Win32.Virut.56;Cured.;
kwtbaim.exe;c:\program files\kiwee toolbar\2.8.167;Win32.Virut.56;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.56;Cured.;
apache.exe;c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin;Win32.Virut.56;Cured.;
nsvcappflt.exe;c:\program files\nvidia corporation\networkaccessmanager\bin;Win32.Virut.56;Cured.;
nsvcip.exe;c:\program files\nvidia corporation\networkaccessmanager\bin;Win32.Virut.56;Cured.;
nsvclog.exe;c:\program files\nvidia corporation\networkaccessmanager\bin;Win32.Virut.56;Cured.;
ntunecmd.exe;c:\program files\nvidia corporation\ntune;Win32.Virut.56;Cured.;
ntuneservice.exe;c:\program files\nvidia corporation\ntune;Win32.Virut.56;Cured.;
setup50.exe;c:\program files\outlook express;Win32.Virut.56;Cured.;
qttask.exe;c:\program files\quicktime;Win32.Virut.56;Cured.;
viewpointservice.exe;c:\program files\viewpoint\common;Win32.Virut.56;Cured.;
wlsetupsvc.exe;c:\program files\windows live\installer;Win32.Virut.56;Cured.;
wmpnetwk.exe;c:\program files\windows media player;Win32.Virut.56;Cured.;
explorer.exe;c:\windows;Win32.Virut.56;Will be cured after restart.;
unregmp2.exe;c:\windows\inf;Win32.Virut.56;Cured.;
infocard.exe;c:\windows\microsoft.net\framework\v3.0\windows communication foundation;Win32.Virut.56;Cured.;
smsvchost.exe;c:\windows\microsoft.net\framework\v3.0\windows communication foundation;Win32.Virut.56;Cured.;
presentationfontcache.exe;c:\windows\microsoft.net\framework\v3.0\wpf;Win32.Virut.56;Cured.;
xpnetdiag.exe;c:\windows\network diagnostic;Win32.Virut.56;Cured.;
alg.exe;c:\windows\system32;Win32.Virut.56;Cured.;
cisvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
clipsrv.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ctfmon.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dllhost.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dmadmin.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dumprep.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ie4uinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ieudinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
imapi.exe;c:\windows\system32;Win32.Virut.56;Cured.;
locator.exe;c:\windows\system32;Win32.Virut.56;Cured.;
logon.scr;c:\windows\system32;Win32.Virut.56;Cured.;
logonui.exe;c:\windows\system32;Win32.Virut.56;Cured.;
mnmsrvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
msdtc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
msiexec.exe;c:\windows\system32;Win32.Virut.56;Cured.;
netdde.exe;c:\windows\system32;Win32.Virut.56;Cured.;
nvsvc32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
nwiz.exe;c:\windows\system32;Win32.Virut.56;Cured.;
regsvr32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
rsvp.exe;c:\windows\system32;Win32.Virut.56;Cured.;
rundll32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
scardsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
sessmgr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
shmgrate.exe;c:\windows\system32;Win32.Virut.56;Cured.;
smlogsvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
e_faticda.exe;c:\windows\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
spoolsv.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ssstars.scr;c:\windows\system32;Win32.Virut.56;Cured.;
tlntsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ups.exe;c:\windows\system32;Win32.Virut.56;Cured.;
userinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
vssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
winmgmt.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
wmiapsrv.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
weather.exe;e:\program files\aws\weatherbug;Win32.Virut.56;Cured.;
btwdins.exe;e:\program files\bluetooth\bin;Win32.Virut.56;Cured.;
autoback.exe;e:\program files\erunt;Win32.Virut.56;Cured.;
malswep.exe;e:\program files\malwaresweeper;Win32.Virut.56;Cured.;
razerhid.exe;e:\program files\razer;Win32.Virut.56;Cured.;
ComboFix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\Administrator\Desktop\ComboFix.exe/data002;Probably BATCH.Virus;;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Administrator\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Administrator\Desktop;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Administrator\Desktop;Container contains infected objects;Moved.;
Lame.exe;C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}\OFFLINE\46DCAF14\431AE4FA;Win32.Virut.56;Cured.;
OggEnc.exe;C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}\OFFLINE\63E85F6B\431AE4FA;Win32.Virut.56;Cured.;
cp.exe;C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}\OFFLINE\7EC83F15\8917324D;Win32.Virut.56;Cured.;
Battlefront 2 +4 trainer.exe;C:\Documents and Settings\Laura\Desktop\Games;Win32.Virut.56;Cured.;
FableTrn.exe;C:\Documents and Settings\Laura\Desktop\Games;Tool.GameCrack;;
widget manager.exe;C:\Documents and Settings\Laura\Local Settings\Application Data\widget manager;Win32.Virut.56;Cured.;
EPSONREG.EXE;C:\EPSONREG;Win32.Virut.56;Cured.;
nvudisp.exe;C:\NVIDIA\Win2KXP\93.71;Win32.Virut.56;Cured.;
nvudisp.exe;C:\NVIDIA\Win2KXP\94.24;Win32.Virut.56;Cured.;
LogTransport2.exe;C:\Program Files\Adobe\Reader 9.0\Reader;Win32.Virut.56;Cured.;
Ages.exe;C:\Program Files\Ages;Win32.Virut.56;Cured.;
win32popenWin9x.exe;C:\Program Files\AGI\common\win32;Win32.Virut.56;Cured.;
python.exe;C:\Program Files\AGI\Python25;Win32.Virut.56;Cured.;
pythonw.exe;C:\Program Files\AGI\Python25;Win32.Virut.56;Cured.;
amdcon.exe;C:\Program Files\AMD\Athlon 64 Processor Driver;Win32.Virut.56;Cured.;
InitMediaLib.exe;C:\Program Files\ArcSoft\PhotoImpression 6;Win32.Virut.56;Cured.;
MediaPlayer.exe;C:\Program Files\ArcSoft\PhotoImpression 6;Win32.Virut.56;Cured.;
Monitor.exe;C:\Program Files\ArcSoft\PhotoImpression 6;Win32.Virut.56;Cured.;
PhotoImpression Slideshow.scr;C:\Program Files\ArcSoft\PhotoImpression 6;Win32.Virut.56;Cured.;
PhotoImpression.exe;C:\Program Files\ArcSoft\PhotoImpression 6;Win32.Virut.56;Cured.;
PhotoViewer.exe;C:\Program Files\ArcSoft\PhotoImpression 6;Win32.Virut.56;Cured.;
TwainEnum.exe;C:\Program Files\ArcSoft\PhotoImpression 6;Win32.Virut.56;Cured.;
Sendmail.exe;C:\Program Files\ArcSoft\PhotoImpression 6\Modules\SimpleEmail;Win32.Virut.56;Cured.;
MyLogo.exe;C:\Program Files\ASUS\AsusUpdate;Win32.Virut.56;Cured.;
Update.exe;C:\Program Files\ASUS\AsusUpdate;Win32.Virut.56;Cured.;
WinFlash.exe;C:\Program Files\ASUS\AsusUpdate;Win32.Virut.56;Cured.;
AsusSetup.exe;C:\Program Files\ASUS\AsusUpdate\New\V7.14.01;Win32.Virut.56;Cured.;
AsIoUnins.exe;C:\Program Files\ASUS\IO;Win32.Virut.56;Cured.;
Probe2.exe;C:\Program Files\ASUS\PC Probe II;Win32.Virut.56;Cured.;
rtlrack.exe;C:\Program Files\AvRack;Win32.Virut.56;Cured.;
template.exe;C:\Program Files\Common Files\Adobe AIR\Versions\1.0;Win32.Virut.56;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32;Win32.Virut.56;Cured.;
IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32;Win32.Virut.56;Cured.;
IDriverT.exe;C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32;Win32.Virut.56;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Virut.56;Cured.;
IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Virut.56;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32;Win32.Virut.56;Cured.;
IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32;Win32.Virut.56;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32;Win32.Virut.56;Cured.;
IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32;Win32.Virut.56;Cured.;
IKernel.exe;C:\Program Files\Common Files\InstallShield\engine\6\Intel 32;Win32.Virut.56;Cured.;
DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32;Win32.Virut.56;Cured.;
DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32;Win32.Virut.56;Cured.;
DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32;Win32.Virut.56;Cured.;
ISDM.exe;C:\Program Files\Common Files\InstallShield\UpdateService;Win32.Virut.56;Cured.;
issch.exe;C:\Program Files\Common Files\InstallShield\UpdateService;Win32.Virut.56;Cured.;
JascUpdate.exe;C:\Program Files\Common Files\Jasc Software Inc\JascUpdate;Win32.Virut.56;Cured.;
patchjre.exe;C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\patch-j2re1.4.2_07-b05;Win32.Virut.56;Cured.;
msinfo32.exe;C:\Program Files\Common Files\Microsoft Shared\MSInfo;Win32.Virut.56;Cured.;
sapisvr.exe;C:\Program Files\Common Files\Microsoft Shared\Speech;Win32.Virut.56;Cured.;
artpschd.exe;C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP;Win32.Virut.56;Cured.;
cabarc.exe;C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP;Win32.Virut.56;Cured.;
chktrust.exe;C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP;Win32.Virut.56;Cured.;
r1puninst.exe;C:\Program Files\Common Files\Real\Update_OB;Win32.Virut.56;Cured.;
ppupdstub.exe;C:\Program Files\Common Files\Scanner;Win32.Virut.56;Cured.;
DAMN NFO Viewer.exe;C:\Program Files\DAMN NFO Viewer;Win32.Virut.56;Cured.;
UnInstall.exe;C:\Program Files\DAMN NFO Viewer;Win32.Virut.56;Cured.;
config.exe;C:\Program Files\DivX\DivX Codec;Win32.Virut.56;Cured.;
Converter.exe;C:\Program Files\DivX\DivX Converter;Win32.Virut.56;Cured.;
DivX Player.exe;C:\Program Files\DivX\DivX Player;Win32.Virut.56;Cured.;
escndv.exe;C:\Program Files\epson\escndv;Win32.Virut.56;Cured.;
EPUTY287.EXE;C:\Program Files\epson\PrinterDriverTemp\SCX7400;Win32.Virut.56;Cured.;
E_DPPE06.EXE;C:\Program Files\epson\PrinterDriverTemp\SCX7400;Win32.Virut.56;Cured.;
E_S40MT7.EXE;C:\Program Files\epson\PrinterDriverTemp\SCX7400;Win32.Virut.56;Cured.;
E_S40RN7.EXE;C:\Program Files\epson\PrinterDriverTemp\SCX7400;Win32.Virut.56;Cured.;
E_S40RP7.EXE;C:\Program Files\epson\PrinterDriverTemp\SCX7400;Win32.Virut.56;Cured.;
E_S8I0D7.EXE;C:\Program Files\epson\PrinterDriverTemp\SCX7400;Win32.Virut.56;Cured.;
SAGENT4.EXE;C:\Program Files\epson\PrinterDriverTemp\SCX7400;Win32.Virut.56;Cured.;
E_DUPA10.EXE;C:\Program Files\epson\Scanner Driver Update\CX7400;Win32.Virut.56;Cured.;
browser.exe;C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin;Win32.Virut.56;Cured.;
printpcl.exe;C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin;Win32.Virut.56;Cured.;
DoReboot.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;
enum.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;
HPUpdateUtility.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;
hpwuSchd.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;
hpzglu09.exe;C:\Program Files\Hewlett-Packard\hpz\glue;Win32.Virut.56;Cured.;
hpfpdi09.exe;C:\Program Files\Hewlett-Packard\hpz\glue\util\common;Win32.Virut.56;Cured.;
hpzghl09.exe;C:\Program Files\Hewlett-Packard\hpz\glue\util\common;Win32.Virut.56;Cured.;
hpzpin09.exe;C:\Program Files\Hewlett-Packard\hpz\glue\util\common;Win32.Virut.56;Cured.;
hpcmpmgr.exe;C:\Program Files\Hp\hpcoretech;Win32.Virut.56;Cured.;
hpdarc.exe;C:\Program Files\Hp\hpcoretech\comp;Win32.Virut.56;Cured.;
hptskmgr.exe;C:\Program Files\Hp\hpcoretech\comp;Win32.Virut.56;Cured.;
hpuihost.exe;C:\Program Files\Hp\hpcoretech\comp;Win32.Virut.56;Cured.;
Setup.exe;C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C};Win32.Virut.56;Cured.;
Setup.exe;C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166};Win32.Virut.56;Cured.;
iedw.exe;C:\Program Files\Internet Explorer;Win32.Virut.56;Cured.;
icwrmind.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
icwtutor.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
inetwiz.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
isignup.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;
Paint Shop Pro 9.exe;C:\Program Files\Jasc Software Inc\Paint Shop Pro 9;Win32.Virut.56;Cured.;
register.exe;C:\Program Files\Jasc Software Inc\Paint Shop Pro 9;Win32.Virut.56;Cured.;
w9xpopen.exe;C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Python Libraries;Win32.Virut.56;Cured.;
wininst.exe;C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Python Libraries\Lib\distutils\command;Win32.Virut.56;Cured.;
Paint Shop Pro 9.exe;C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\UnPatch Backup;Win32.Virut.56;Cured.;
javaws.exe;C:\Program Files\Java\jre1.6.0_02\bin;Win32.Virut.56;Cured.;
cb32.exe;C:\Program Files\NetMeeting;Trojan.Packed.140;Deleted.;
conf.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;
nTrayFw.exe;C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin;Win32.Virut.56;Cured.;
NVMonitor.exe;C:\Program Files\NVIDIA Corporation\nTune;Win32.Virut.56;Cured.;
msimn.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;
wab.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;
PictureViewer.exe;C:\Program Files\QuickTime;Win32.Virut.56;Cured.;
QTInfo.exe;C:\Program Files\QuickTime;Win32.Virut.56;Cured.;
realjbox.exe;C:\Program Files\Real\RealPlayer;Win32.Virut.56;Cured.;
RegMech.exe;C:\Program Files\Registry Mechanic;Win32.Virut.56;Cured.;
riched20.dll;C:\Program Files\Windows Live\Messenger;Adware.MyWebSearch.8;;
migrate.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmdbexport.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
wmplayer.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;
explorer.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.Virut.56;Cured.;
afisicx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.;
soxpeca.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.;
spoolsv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.;
userinit.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.;
A0098816.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0098942.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Trojan.Packed.140;Deleted.;
A0098981.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0098982.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0098983.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0099982.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0101094.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102117.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102142.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102144.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102169.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102180.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102205.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102207.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102235.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102260.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102262.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102290.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102315.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102317.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102345.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102370.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102372.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102400.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102425.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102427.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102455.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102480.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102482.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102510.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102535.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102537.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102565.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102590.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102592.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102629.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102633.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102641.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102659.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0102665.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102671.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102672.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102690.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102690.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Program.PsExec.170;;
A0102714.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102733.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102744.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102744.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0102747.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620\A0102747.exe/data002;Probably BATCH.Virus;;
A0102747.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620\A0102747.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Archive contains infected objects;;
A0102747.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Container contains infected objects;Moved.;
A0103698.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0103700.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0103701.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0103709.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0103727.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0103742.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0103754.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0103770.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0104662.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0104663.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0104672.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0104685.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0104700.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0104712.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0104729.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105663.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105664.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105673.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105684.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105685.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105686.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105698.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably BATCH.Virus;;
A0105717.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Program.PsExec.170;;
A0105724.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105737.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105755.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0105887.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Trojan.Packed.140;Deleted.;
A0105937.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Trojan.Packed.140;Deleted.;
A0105988.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Trojan.Packed.140;Deleted.;
A0106217.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106218.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106219.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106220.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106221.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106222.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106223.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106224.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106225.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106226.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106227.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106228.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106229.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106230.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106231.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106232.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106233.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106234.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106235.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106236.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106237.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106238.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106239.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106240.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106241.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106242.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106243.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106244.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106245.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106246.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106247.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106248.scr;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106249.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106250.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106251.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106252.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106253.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106254.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106255.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106256.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106257.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106258.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106259.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106260.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106261.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106262.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106263.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106264.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106265.scr;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106266.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106267.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106268.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106269.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106270.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106276.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620\A0106276.exe/data002;Probably BATCH.Virus;;
A0106276.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620\A0106276.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Archive contains infected objects;;
A0106276.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Container contains infected objects;Moved.;
A0106279.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106280.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106281.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106282.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106283.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106284.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106285.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106286.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106287.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106288.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106289.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106290.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106291.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106292.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106293.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106294.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106295.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106296.scr;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106297.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106298.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106300.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106301.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106302.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106303.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106304.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106305.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106307.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106308.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106309.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106310.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106311.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106312.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106313.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106314.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106315.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106316.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106317.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106318.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106319.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106320.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106321.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106322.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106324.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106325.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106326.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106327.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106328.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106330.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106331.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106332.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106333.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106334.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106335.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106336.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106337.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106338.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106339.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106340.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106341.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106342.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106343.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106344.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106345.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106346.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106347.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106348.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106349.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106350.EXE;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106351.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106352.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106353.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106354.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106355.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106356.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106357.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106358.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106359.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106360.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106361.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106362.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106363.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106364.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106365.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106366.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106367.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106368.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106369.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106370.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106371.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106372.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106373.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106376.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106377.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106378.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106400.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106435.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106466.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106470.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106471.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106473.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106475.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106476.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106480.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106482.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106488.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106491.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106494.exe;C:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
ALCFDRTM.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;
alcrmv.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
alcupd.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
explorer.exe.delete_on_reboot;C:\WINDOWS;Win32.Virut.56;Cured.;
fdsv.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
grep.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
hh.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
IsUninst.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
NIRCMD.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
NOTEPAD.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;
regedit.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
sed.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
SOUNDMAN.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;
SWREG.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
SWSC.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
SWXCACLS.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
TASKMAN.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;
twunk_32.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
unvise32.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
VFIND.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
winhlp32.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
zip.exe;C:\WINDOWS;Win32.Virut.56;Cured.;
spuninst.exe;C:\WINDOWS\$hf_mig$\KB873339;Win32.Virut.56;Cured.;
update.exe;C:\WINDOWS\$hf_mig$\KB873339\update;Win32.Virut.56;Cured.;
spuninst.exe;C:\WINDOWS\$hf_mig$\KB885835;Win32.Virut.56;Cured.;
update.exe;C:\WINDOWS\$hf_mig$\KB885835\update;Win32.Virut.56;Cured.;
spuninst.exe;C:\WINDOWS\$hf_mig$\KB885836;Win32.Virut.56;Cured.;
update.exe;C:\WINDOWS\$hf_mig$\KB885836\update;Win32.Virut.56;Cured.;
spuninst.exe;C:\WINDOWS\$hf_mig$\KB886185;Win32.Virut.56;Cured.;
update.exe;C:\WINDOWS\$hf_mig$\KB886185\update;Win32.Virut.56;Cured.;
spuninst.exe;C:\WINDOWS\$hf_mig$\KB887472;Win32.Virut.56;Cured.;
msmsgs.exe;C:\WINDOWS\$hf_mig$\KB887472\SP2QFE;Win32.Virut.56;Cured.;
update.exe;C:\WINDOWS\$hf_mig$\KB887472\update;Win32.Virut.56;Cured.;
spuninst.exe;C:\WINDOWS\$hf_mig$\KB888302;Win32.Virut.56;Cured.;
update.exe;C:\WINDOWS\$hf_mig$\KB888302\update;Win32.Virut.56;Cured.;
spuninst.exe;C:\WINDOWS\$hf_mig$\KB891781;Win32.Virut.56;Cured.;
update.exe;C:\WINDOWS\$hf_mig$\KB891781\update;Win32.Virut.56;Cured.;
devilsfrog
2009-03-05, 07:48
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB893756\update;Win32.Virut.56;Cured.;
hh.exe;C:\WINDOWS\$hf_mig$\KB896358\SP2QFE;Win32.Virut.56;Cured.;
spoolsv.exe;C:\WINDOWS\$hf_mig$\KB896423\SP2QFE;Win32.Virut.56;Cured.;
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB896423\update;Win32.Virut.56;Cured.;
telnet.exe;C:\WINDOWS\$hf_mig$\KB896428\SP2QFE;Win32.Virut.56;Cured.;
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB899587\update;Win32.Virut.56;Cured.;
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB899591\update;Win32.Virut.56;Cured.;
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB900725\update;Win32.Virut.56;Cured.;
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB901017\update;Win32.Virut.56;Cured.;
migregdb.exe;C:\WINDOWS\$hf_mig$\KB902400\SP2QFE;Win32.Virut.56;Cured.;
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB902400\update;Win32.Virut.56;Cured.;
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB905414\update;Win32.Virut.56;Cured.;
arpidfix.exe;C:\WINDOWS\$hf_mig$\KB905749\update;Win32.Virut.56;Cured.;
verclsid.exe;C:\WINDOWS\$hf_mig$\KB908531\SP2QFE;Win32.Virut.56;Cured.;
agentsvr.exe;C:\WINDOWS\$hf_mig$\KB920213\SP2QFE;Win32.Virut.56;Cured.;
explorer.exe;C:\WINDOWS\$hf_mig$\KB938828\SP2QFE;Win32.Virut.56;Cured.;
spoolsv.exe;C:\WINDOWS\$NtUninstallKB896423$;Win32.Virut.56;Cured.;
explorer.exe;C:\WINDOWS\$NtUninstallKB938828$;Win32.Virut.56;Cured.;
ERDNT.EXE;C:\WINDOWS\ERDNT\Hiv-backup;Win32.Virut.56;Cured.;
ERDNT.EXE;C:\WINDOWS\ERDNT\subs;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB928090-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB928090-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB928090-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB931768-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB931768-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB931768-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB933566-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB933566-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB933566-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB937143-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB937143-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB937143-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB939653-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB939653-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB939653-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB942615-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB942615-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB942615-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB944533-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB944533-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB944533-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB947864-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB947864-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB947864-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB950759-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB950759-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB950759-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB953838-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB953838-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB953838-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB956390-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB956390-IE7;Win32.Virut.56;Cured.;
iexplore.exe;C:\WINDOWS\ie7updates\KB956390-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB958215-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB958215-IE7;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\ie7updates\KB961260-IE7;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\ie7updates\KB961260-IE7;Win32.Virut.56;Cured.;
Icon25B052BB2.exe;C:\WINDOWS\Installer\{70DECFBF-9119-4434-B2D3-A3C283D15E45};Win32.Virut.56;Cured.;
accicons.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
cagicon.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
misc.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
mspicons.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
oisicon.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
opwicon.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
outicon.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
pptico.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
wordicon.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
xlicons.exe;C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9};Win32.Virut.56;Cured.;
Dragonlog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe;C:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA};Win32.Virut.56;Cured.;
NatSpeakD_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe;C:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA};Win32.Virut.56;Cured.;
NatSpeak_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe;C:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA};Win32.Virut.56;Cured.;
Setuplog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe;C:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA};Win32.Virut.56;Cured.;
ServiceModelReg.exe;C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation;Win32.Virut.56;Cured.;
HelpCtr.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;
HelpSvc.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.;
spoolsv.exe;C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr;Win32.Virut.56;Cured.;
spoolsv.exe;C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe;Win32.Virut.56;Cured.;
alg.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Trojan.Packed.140;Deleted.;
ctfmon.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
explorer.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
fsquirt.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Trojan.Packed.140;Deleted.;
iexplore.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
lsass.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
mqsvc.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Trojan.Packed.140;Deleted.;
rdshost.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Trojan.Packed.140;Deleted.;
services.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
spoolsv.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
svchost.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
telnet.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Trojan.Packed.140;Deleted.;
userinit.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
winlogon.exe;C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e;Win32.Virut.56;Cured.;
xccef090131.exe;C:\WINDOWS\system;Trojan.Inject.5553;Deleted.;
actmovie.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ahui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
arp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_fmt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_ldm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
asr_pfu.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
at.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
atmadm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
attrib.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
auditusr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
blastcln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootcfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootok.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
bootvrfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cacls.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
CapabilityTable.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ChCfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
chkdsk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
chkntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cidaemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cipher.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cleanmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cliconfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmdl32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmmon32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cmstp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
comp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
compact.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
conime.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
control.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
convert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
cscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dcomcnfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ddeshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
defrag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dfrgfat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dfrgntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diantz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diskpart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
diskperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
DivXsm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dllhst3g.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dmremote.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
doskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dplaysvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dpnsvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dpvsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
driverquery.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
drmupgds.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dvdplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dvdupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dwwin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
dxdiag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
EPSTP32U.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
esentutl.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eudcedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventcreate.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventtriggers.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
eventvwr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
expand.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
extrac32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
Faac.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
find.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
findstr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
finger.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fixmapi.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fltmc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fontview.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
forcedos.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fsquirt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
fsutil.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
getmac.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
gpresult.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
gpupdate.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
grpconv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
H@tKeysH@@k.DLL;C:\WINDOWS\system32;Tool.Hatkeys;;
help.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
hostname.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
iexpress.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipconfig.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipsec6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipv6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ipxroute.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
java.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
javaw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
javaws.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
keystone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
label.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
Lame.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lights.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lnkstub.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
logagent.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
logman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
logoff.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lpq.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
lpr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
magnify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
migpwd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mmc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mobsync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mountvol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mpnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqbkup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqsvc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mqtgsvc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mrinfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msfeedssync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mshta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msrstart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
msswchx.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mstinit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
mstsc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
myodbc3i.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
myodbc3m.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
narrator.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nbtstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nddeapir.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
net.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
net1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
netstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
notepad.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nslookup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ntbackup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ntvdm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvappbar.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvcolor.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvcplui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvdspsch.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvudisp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
NVUNINST.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvunrm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nvusmb.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nwscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
nxtepad.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
odbcad32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
odbcconf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
OggEnc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
openfiles.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
osk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
osuninst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
packager.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
pathping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
pentnt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
perfmon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
PhotoImpression Slideshow.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ping6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
powercfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
print.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
progman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
proquota.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
proxycfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qappsrv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qprocess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
qwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasautou.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasdial.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rasphone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rcimlby.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rcp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdpclip.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdsaddin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rdshost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
recover.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
reg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
regedt32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
regini.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
regwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
relog.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
replace.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
reset.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rexec.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
route.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
routemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsmsink.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsmui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rsopprov.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rtcshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
RTLCPL.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
runas.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
runonce.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
rwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
savedump.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
schtasks.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
scrnsave.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sdbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
secedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sethc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
setup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sfc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shadow.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shrpubw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
shutdown.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sigverif.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
skeys.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
smbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sort.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
spiisupd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
spnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ss3dfo.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssbezier.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssflwbox.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmarque.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmypics.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
ssmyst.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sspipes.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sstext3d.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
stimon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
subst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
syncapp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
syskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
sysocmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
systeminfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
systray.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskkill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tasklist.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
taskmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tcmsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tcpsvcs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
telnet.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tlntadmn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tlntsess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tourstart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracerpt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tracert6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tscupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tsdiscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tskill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tsshutdn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tswpfwrp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
typeperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
tzchange.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
unlodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
upnpcont.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
usrmlnka.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
usrprbda.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
usrshuta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
utilman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
uwdf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
verclsid.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
verifier.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
vssadmin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
w32tm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wdfmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wextract.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wiaacmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
WinFXDocObj.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winhlp32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winmsd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
winver.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
WISPTIS.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wpabaln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wpdshextautoplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wpnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wscntfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
WudfHost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
wupdmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
xcopy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;
comrepl.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;
comrereg.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;
accwiz.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
actmovie.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
admin.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
agentsvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ahui.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
alg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
arp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
asr_fmt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
asr_ldm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
asr_pfu.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
at.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
atmadm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
attrib.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
auditusr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
author.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
bckgzm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
blastcln.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
bootcfg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
bootok.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
bootvrfy.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cacls.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
calc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cb32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cfgwiz.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
change.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
charmap.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
chglogon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
chgport.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
chgusr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
chkdsk.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
chkntfs.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
chkrzm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cidaemon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cintsetp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cipher.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cisvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ckcnv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cleanmgr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
clipbrd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
clipsrv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cmd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cmdl32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cmmon32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cmstp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
comp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
compact.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
comrepl.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
comrereg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
conf.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
conime.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
control.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
convert.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
convlog.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cplexe.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cprofile.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
cscript.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ctfmon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
davcdata.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dcomcnfg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ddeshare.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
defrag.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dfrgfat.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dfrgntfs.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dialer.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
diantz.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
diskpart.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
diskperf.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dllhost.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dllhst3g.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dmadmin.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dmremote.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
doskey.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dplaysvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dpnsvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dpvsetup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
drvqry.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
drwtsn32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dumprep.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dvdupgrd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dwwin.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
dxdiag.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
esentutl.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
eudcedit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
evcreate.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
eventvwr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
evntcmd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
evntwin.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
evtrig.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
EXCH_regtrace.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
expand.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
explorer.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
extrac32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
find.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
findstr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
finger.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fixmapi.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
flattemp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fltmc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fontview.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
forcedos.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fp98sadm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fp98swin.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fpadmcgi.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fpcount.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fpremadm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
freecell.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fsutil.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ftp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fxsclnt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fxscover.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fxssend.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
fxssvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
getmac.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
gprslt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
gpupdate.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
grpconv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
help.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
helpctr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
helphost.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
helpsvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
hh.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
hostname.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
hrtzzm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
hscupd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
icwconn1.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
icwconn2.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
icwrmind.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
icwtutor.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ie4uinit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
iedw.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ieudinit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
iexpress.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
iisreset.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
iisrstas.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
iissync.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imapi.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imekrmig.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imjpdadm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imjpdct.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imjpdsvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imjpinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imjpmig.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imjprw.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imjpuex.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imjputy.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imkrinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
imscinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
inetin51.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
inetmgr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
inetwiz.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
label.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
lights.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
lnkstub.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
locator.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
lodctr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
logagent.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
logman.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
logoff.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
logon.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
logonui.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
lpq.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
lpr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
lsass.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
magnify.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
makecab.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mnmsrvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mobsync.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mofcomp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mountvol.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
moviemk.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mplay32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mplayer2.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mpnotify.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mqbkup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mqsvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mqtgsvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mrinfo.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
msconfig.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
msdtc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
msg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
msimn.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
msinfo32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
msiregmv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
msoobe.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mspaint.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
msswchx.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mstinit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mstsc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
mtstocom.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
muisetup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
narrator.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
nbtstat.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
nddeapir.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
net.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
net1.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
netdde.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
netsetup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
netsh.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
netstat.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
notepad.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
notiflag.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
nppagent.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
nslookup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ntbackup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ntsd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ntvdm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
nwscript.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
odbcad32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
odbcconf.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
oemig50.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
oobebaln.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
opnfiles.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
osk.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
osuninst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
packager.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
pathping.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
pentnt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
perfmon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
pinball.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ping.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ping6.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
pintlphr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
powercfg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
print.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
PrintFilterPipelineSvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
progman.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
proquota.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
proxycfg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
qappsrv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
qprocess.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
query.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
quser.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
qwinsta.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rasautou.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rasdial.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rasphone.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rcimlby.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rcp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rdpclip.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rdsaddin.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rdshost.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
recover.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
reg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
regedit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
regedt32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
regini.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
register.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
regsvr32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
regwiz.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
relog.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
replace.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
reset.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rexec.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
route.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
routemon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rsh.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rsm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rsmsink.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rsmui.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rsnotify.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rsopprov.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rstrui.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rsvp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rtcshare.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
runas.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rundll32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
runonce.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rvsezm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
rwinsta.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sapisvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
savedump.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
scardsvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
scrcons.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
scrnsave.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sctasks.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sdbinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
secedit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
services.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sessmgr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sethc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
setup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
setup50.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
setup_wm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sfc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
shadow.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
shmgrate.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
shrpubw.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
shtml.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
shutdown.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
shvlzm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sigverif.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
skeys.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
smbinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
smi2smir.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
smlogsvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sndrec32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sndvol32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
snmp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
snmptrap.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sol.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sort.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
spider.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
spiisupd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
spnpinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
spoolsv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
srdiag.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ss3dfo.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ssbezier.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ssflwbox.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ssmarque.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ssmypics.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ssmyst.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sspipes.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ssstars.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sstext3d.scr;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
stimon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
subst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
svchost.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
syncapp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sysinfo.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
syskey.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
sysocmgr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
systray.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
taskkill.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tasklist.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
taskman.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
taskmgr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tcmsetup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tcpsvcs.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tcptest.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
telnet.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tftp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tintlphr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tintsetp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tlntadmn.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tlntsess.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tlntsvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tourstrt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tracerpt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tracert.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tracert6.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tscon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tscupgrd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tsdiscon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tskill.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tsprof.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
tsshutdn.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
twunk_32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
typeperf.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
unlodctr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
unregmp2.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
unsecapp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
uploadm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
upnpcont.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
ups.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
userinit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
utilman.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
verifier.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
vssadmin.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
vssvc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
w32tm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
wab.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
wabmig.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
wb32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
wbemtest.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
wextract.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
wiaacmgr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
winhlp32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
winhstb.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
winlogon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
winmgmt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;
Download.exe;C:\WINDOWS\system32\Macromed\Shockwave 10;Win32.Virut.56;Cured.;
SwInit.exe;C:\WINDOWS\system32\Macromed\Shockwave 10;Win32.Virut.56;Cured.;
msoobe.exe;C:\WINDOWS\system32\oobe;Win32.Virut.56;Cured.;
rstrui.exe;C:\WINDOWS\system32\Restore;Win32.Virut.56;Cured.;
E_FARNCDA.EXE;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
hpztsb09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;
migload.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
migwiz.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
migwiz_a.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;
wmiprvse.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;
escfg.exe;C:\WINDOWS\twain_32\escndv;Win32.Virut.56;Cured.;
escndv.exe;C:\WINDOWS\twain_32\escndv;Win32.Virut.56;Cured.;
Battlefront 2 +4 trainer.exe;D:\Old info\2-24-09\Desktop\Games;Win32.Virut.56;Cured.;
FableTrn.exe;D:\Old info\2-24-09\Desktop\Games;Tool.GameCrack;;
FableTrn.exe;D:\Old info\4-12-07 UPDATED\Games;Tool.GameCrack;;
A0107463.exe;D:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
BattlefrontII.exe;E:\;Win32.Virut.56;Cured.;
LaunchBFII.exe;E:\;Win32.Virut.56;Cured.;
ERDNT.EXE;E:\Erunt\2-25-2009;Win32.Virut.56;Cured.;
piratestrn-068.exe.exe;E:\My Documents;Tool.GameCrack;;
AviC.exe;E:\My Documents\Xvid;Win32.Virut.56;Cured.;
MiniCalc.exe;E:\My Documents\Xvid;Win32.Virut.56;Cured.;
OGMCalc.exe;E:\My Documents\Xvid;Win32.Virut.56;Cured.;
StatsReader.exe;E:\My Documents\Xvid;Win32.Virut.56;Cured.;
vidccleaner.exe;E:\My Documents\Xvid;Win32.Virut.56;Cured.;
3DMark06.exe;E:\Program Files\3dmark;Win32.Virut.56;Cured.;
ACDSee32.exe;E:\Program Files\ACDSee32;Win32.Virut.56;Cured.;
ameditor.exe;E:\Program Files\Audio MP3 Editor;Win32.Virut.56;Cured.;
cp.exe;E:\Program Files\Blaze Media Pro;Win32.Virut.56;Cured.;
BTTray.exe;E:\Program Files\Bluetooth;Win32.Virut.56;Cured.;
SPUBuiltInAccMaintenance.exe;E:\Program Files\Cybershot\BuiltInAccMaintenance;Win32.Virut.56;Cured.;
PPMusicTransfer.exe;E:\Program Files\Cybershot\Music Transfer;Win32.Virut.56;Cured.;
SPUAnnounce.exe;E:\Program Files\Cybershot\PMBCore;Win32.Virut.56;Cured.;
SPUBrowser.exe;E:\Program Files\Cybershot\PMBCore;Win32.Virut.56;Cured.;
SPUImporterLauncher.exe;E:\Program Files\Cybershot\PMBCore;Win32.Virut.56;Cured.;
SPUInit.exe;E:\Program Files\Cybershot\PMBCore;Win32.Virut.56;Cured.;
SPULocaleSetting.exe;E:\Program Files\Cybershot\PMBCore;Win32.Virut.56;Cured.;
SPUVolumeWatcher.exe;E:\Program Files\Cybershot\PMBCore;Win32.Virut.56;Cured.;
ERUNT.EXE;E:\Program Files\ERUNT;Win32.Virut.56;Cured.;
NTREGOPT.EXE;E:\Program Files\ERUNT;Win32.Virut.56;Cured.;
Fable.exe;E:\Program Files\Fable;Win32.Virut.56;Cured.;
s5detection.exe;E:\Program Files\Heritage of Kings\Support\Detection;Win32.Virut.56;Cured.;
RegistrationReminder.exe;E:\Program Files\Heritage of Kings\Support\Register;Win32.Virut.56;Cured.;
joan.exe;E:\Program Files\Joan of Arc;Win32.Virut.56;Cured.;
LimeWire.exe;E:\Program Files\LimeWire;Win32.Virut.56;Cured.;
update.exe;E:\Program Files\MalwareSweeper;Win32.Virut.56;Cured.;
piratestrn-068.exe.exe;E:\Program Files\Pirates!;Tool.GameCrack;;
razercfg.exe;E:\Program Files\Razer;Win32.Virut.56;Cured.;
razertra.exe;E:\Program Files\Razer;Win32.Virut.56;Cured.;
Config.exe;E:\Program Files\Sacred;Win32.Virut.56;Cured.;
GameServer.exe;E:\Program Files\Sacred;Win32.Virut.56;Cured.;
Sacred.exe;E:\Program Files\Sacred;Win32.Virut.56;Cured.;
SDFiles.exe;E:\Program Files\Spybot - Search & Destroy;Win32.Virut.56;Cured.;
SDShred.exe;E:\Program Files\Spybot - Search & Destroy;Win32.Virut.56;Cured.;
LaunchBFII.EXE;E:\Program Files\Star Wars Battlefront II;Win32.Virut.56;Cured.;
battlefrontII.exe;E:\Program Files\Star Wars Battlefront II\GameData;Win32.Virut.56;Cured.;
uninst.exe;E:\Program Files\Star Wars Battlefront II\Install;Win32.Virut.56;Cured.;
ArtManager.exe;E:\Program Files\Titan Quest;Win32.Virut.56;Cured.;
Editor.exe;E:\Program Files\Titan Quest;Win32.Virut.56;Cured.;
QuestEditor.exe;E:\Program Files\Titan Quest;Win32.Virut.56;Cured.;
Titan Quest.exe;E:\Program Files\Titan Quest;Win32.Virut.56;Cured.;
ArtManager.exe;E:\Program Files\Titan Quest Immortal Throne;Win32.Virut.56;Cured.;
DotNetLauncher.exe;E:\Program Files\Titan Quest Immortal Throne;Trojan.Packed.140;Deleted.;
Editor.exe;E:\Program Files\Titan Quest Immortal Throne;Win32.Virut.56;Cured.;
QuestEditor.exe;E:\Program Files\Titan Quest Immortal Throne;Win32.Virut.56;Cured.;
Tqit.exe;E:\Program Files\Titan Quest Immortal Throne;Win32.Virut.56;Cured.;
A0106271.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106272.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106273.EXE;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106274.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0106275.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107633.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107634.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107635.EXE;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107638.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107639.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107640.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107641.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107642.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107643.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107646.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107648.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107649.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107652.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107659.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107663.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107664.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107665.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107669.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107670.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107671.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107678.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107683.EXE;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107684.EXE;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107685.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107687.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107688.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107689.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107692.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107694.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107698.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107700.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107701.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107702.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107703.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107704.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107705.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107706.EXE;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107707.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107712.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107715.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107717.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107721.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107724.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107727.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107729.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107734.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0107738.exe;E:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
CALC.EXE;J:\WINDOWS.000;Win32.Virut.56;Cured.;
ilasm.exe;J:\WINDOWS.000\Microsoft.NET\Framework\v1.1.4322;Trojan.Packed.140;Deleted.;
MSPAINT.EXE;J:\Program Files\Accessories;Win32.Virut.56;Cured.;
WORDPAD.EXE;J:\Program Files\Accessories;Win32.Virut.56;Cured.;
sdcmon.dll;J:\Program Files\Support.com\bin;Probably DLOADER.Trojan;;
tgupdate.exe;J:\Program Files\Support.com\bin;Probably DLOADER.Trojan;;
fullagent.exe/data025\_tv91D3.tmp;J:\Program Files\Support.com\temp\fullagent.exe/data025;Probably DLOADER.Trojan;;
data025;J:\Program Files\Support.com\temp;Archive contains infected objects;;
fullagent.exe/data047\_tv8B13.tmp;J:\Program Files\Support.com\temp\fullagent.exe/data047;Probably DLOADER.Trojan;;
data047;J:\Program Files\Support.com\temp;Archive contains infected objects;;
fullagent.exe;J:\Program Files\Support.com\temp;Archive contains infected objects;Moved.;
A0107758.EXE;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0108032.EXE;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0108033.EXE;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Win32.Virut.56;Cured.;
A0108123.exe;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Probably DLOADER.Trojan;;
A0108124.exe/data025\_tv91D3.tmp;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620\A0108124.exe/data025;Probably DLOADER.Trojan;;
data025;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Archive contains infected objects;;
A0108124.exe/data047\_tv8B13.tmp;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620\A0108124.exe/data047;Probably DLOADER.Trojan;;
data047;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Archive contains infected objects;;
A0108124.exe;J:\System Volume Information\_restore{77444528-1E05-4BC0-AA57-F773520E99A2}\RP620;Archive contains infected objects;Moved.;
MSINFO32.EXE;L:\Old info\win\PFILES\COMMON\MSSHARED\MSINFO;Trojan.Packed.140;Deleted.;
FableTrn.exe;L:\Old info\4-12-07 UPDATED\Games;Tool.GameCrack;;
devilsfrog
2009-03-05, 07:49
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:21 AM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\avgssie.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diamondback] E:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "E:\Program Files\Dragon\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Malware Sweeper] E:\Program Files\MalwareSweeper\MalSwep.exe /STARTUP
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210052857046
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Bluetooth\bin\btwdins.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9227 bytes
Doesn't look good at all.
You have/had virut which is a file infector and able to infect all your .exe, .scr and .html files.
Even though looks like cureit was able to cure them, there are no guarantees that files will work properly after that or that there is no infected file left (which would mean reinfection).
Best choice would be backupping of all non .exe, .scr and .html files. and reformat.
If you don't want to do that, we can research if system files are now clean and working like they should.
Let me know your decision.
devilsfrog
2009-03-05, 08:13
i would prefer not to reformat because i have so many programs installed. it would take me a whole day just to get mostly back in order. how much trouble is it to not reformat? plus if this is on a partitioned disc and i format just that drive will the rest be ok?
It depends on two things.
1) Does cured files work or not
2) Have you been reinfected after that cureit run
If answer is yes 2) or cured files don't work, you will need to reformat.
Try to use for example notepad, paint shop pro and ArcSoft programs and let me know if they work ok.
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.