Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

wplugin.dll- NES trojan - google chrome [Solved]

Started by jolene singh , Oct 29 2009 02:20 AM

  • This topic is locked This topic is locked

#16
jolene singh
Posted 07 November 2009 - 11:13 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
the first log was created after I ran the custom scan in otl before the reboot. A folder named "_OTL" was creaed in my E drive where i had saved my OTL software. within "_OTL", another folder named "moved files" was created. The log was saved in this folder by itself.

11072009_194929.log :

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\explorer.exe.local moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UserXP
->Temp folder emptied: 333507441 bytes
->Temporary Internet Files folder emptied: 291640890 bytes
->Google Chrome cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 623527 bytes
RecycleBin emptied: 38578279 bytes

Total Files Cleaned = 633.61 mb


OTL by OldTimer - Version 3.1.3.3 log created on 11072009_194929

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

====================================================================================

Then another OTL.txt was created after the reboot

OTL.txt :

OTL logfile created on: 11/7/2009 7:55:41 PM - Run 3
OTL by OldTimer - Version 3.1.3.3 Folder = E:\my stuff\my softwares
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.47% Memory free
3.84 Gb Paging File | 3.55 Gb Available in Paging File | 92.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 18.43 Gb Free Space | 62.91% Space Free | Partition Type: NTFS
Drive D: | 7.80 Gb Total Space | 6.00 Gb Free Space | 76.92% Space Free | Partition Type: FAT32
Drive E: | 96.52 Gb Total Space | 17.14 Gb Free Space | 17.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRIVE-239684D0C
Current User Name: UserXP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/05 03:17:02 | 00,528,384 | ---- | M] (OldTimer Tools) -- E:\my stuff\my softwares\OTL.exe
PRC - [2009/10/05 21:46:34 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009/10/05 21:46:34 | 00,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/10/02 21:57:08 | 02,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/09/29 17:33:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/29 17:32:52 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/02/27 20:40:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008/08/10 10:33:06 | 00,159,744 | ---- | M] (H.Shirouzu) -- C:\Program Files\IPMsg\ipmsg.exe
PRC - [2008/06/13 01:47:01 | 00,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008/03/03 23:43:16 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/03/03 23:42:38 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/03/03 23:42:34 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/03/03 23:40:44 | 00,072,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008/03/03 23:40:32 | 00,055,856 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\hqtray.exe
PRC - [2007/12/01 00:26:26 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 22:26:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007/08/24 14:31:12 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/08/24 14:31:12 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/08/24 14:30:46 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/08/24 14:30:38 | 00,245,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/05/31 17:07:40 | 12,310,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2007/03/23 13:32:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/02/06 18:44:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 18:32:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/01/05 21:06:48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/06/20 02:55:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/05 03:17:02 | 00,528,384 | ---- | M] (OldTimer Tools) -- E:\my stuff\my softwares\OTL.exe
MOD - [2007/12/01 00:27:12 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 00:25:46 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2007/11/30 22:25:38 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/02/06 18:49:44 | 00,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/05 21:46:34 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/09/29 17:41:10 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 17:33:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/03/03 23:43:16 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/03/03 23:42:38 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/03/03 23:42:34 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/11/30 22:25:52 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/11/30 20:53:02 | 00,186,928 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/03/23 13:32:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/02/06 18:32:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003/07/28 15:58:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 02:55:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.10.14:808

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/29 12:58:36 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\UserXP\LOCALS~1\Temp\herss.exe File not found
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O4 - Startup: C:\Documents and Settings\UserXP\Start Menu\Programs\Startup\IPMSG for Win32.lnk = C:\Program Files\IPMsg\ipmsg.exe (H.Shirouzu)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03 [binary data]
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/28 14:33:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{049d7fbf-ac1b-11de-896e-806d6172696f}\Shell\AutoRun\command - "" = U:\wubi.exe -- File not found
O33 - MountPoints2\{098cc350-bceb-11de-ab48-005056c00008}\Shell\AutoRun\command - "" = G:\t2hjo0.exe -- File not found
O33 - MountPoints2\{098cc350-bceb-11de-ab48-005056c00008}\Shell\open\Command - "" = G:\t2hjo0.exe -- File not found
O33 - MountPoints2\{7d9340a8-c9d1-11de-ab7b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7d9340a8-c9d1-11de-ab7b-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d9340a8-c9d1-11de-ab7b-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{92c083d2-b417-11de-ab36-005056c00008}\Shell\AutoRun\command - "" = G:\t2hjo0.exe -- File not found
O33 - MountPoints2\{92c083d2-b417-11de-ab36-005056c00008}\Shell\open\Command - "" = G:\t2hjo0.exe -- File not found
O33 - MountPoints2\{b0b99898-b18a-11de-ab30-005056c00008}\Shell\AutoRun\command - "" = G:\t2hjo0.exe -- File not found
O33 - MountPoints2\{b0b99898-b18a-11de-ab30-005056c00008}\Shell\open\Command - "" = G:\t2hjo0.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/06 13:26:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2009/11/06 13:26:11 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/11/01 20:24:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/10/29 14:20:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Identities
[2009/10/29 12:58:06 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/29 11:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Desktop\ppt

========== Files - Modified Within 14 Days ==========

[2009/11/07 19:53:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 19:53:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/07 19:52:29 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\UserXP\ntuser.ini
[2009/11/07 19:52:28 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\UserXP\NTUSER.DAT
[2009/11/07 19:49:23 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Step 2.doc
[2009/11/07 19:49:07 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\UserXP\Desktop\~$Step 2.doc
[2009/11/07 18:15:40 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/07 11:00:42 | 00,360,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/07 11:00:42 | 00,314,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/07 11:00:42 | 00,041,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/07 10:56:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/06 11:52:12 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Flash_Disinfector.exe
[2009/10/31 14:34:02 | 00,976,384 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\ppt for the seminar 2.ppt
[2009/10/31 01:49:09 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\UserXP\My Documents\Default.rdp
[2009/10/31 01:40:54 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\NetMeeting.lnk
[2009/10/30 16:25:57 | 00,085,410 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Notification_Examinations%20_Engg%20Faculty.pdf
[2009/10/28 18:43:42 | 00,090,112 | ---- | M] () -- C:\Documents and Settings\UserXP\My Documents\Genius.xls
[2009/10/26 17:01:08 | 01,006,080 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\project-be-ns.doc

========== Files Created - No Company Name ==========

[2009/11/07 19:49:07 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\UserXP\Desktop\~$Step 2.doc
[2009/11/07 19:48:17 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Step 2.doc
[2009/11/06 11:52:07 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Flash_Disinfector.exe
[2009/10/31 03:18:17 | 00,976,384 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\ppt for the seminar 2.ppt
[2009/10/31 01:49:09 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\UserXP\My Documents\Default.rdp
[2009/10/31 01:40:54 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\NetMeeting.lnk
[2009/10/30 16:30:38 | 00,085,410 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Notification_Examinations%20_Engg%20Faculty.pdf
[2009/10/28 18:43:42 | 00,090,112 | ---- | C] () -- C:\Documents and Settings\UserXP\My Documents\Genius.xls
[2009/10/19 18:38:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/10/05 19:43:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/05 14:09:37 | 00,000,133 | ---- | C] () -- C:\WINDOWS\BCW5.INI
[2009/10/04 09:44:17 | 00,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2009/10/03 14:30:35 | 00,000,023 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/10/03 14:30:34 | 00,000,155 | ---- | C] () -- C:\WINDOWS\IGREC.ini
[2009/10/03 14:30:31 | 00,000,665 | ---- | C] () -- C:\WINDOWS\TPR.INI
[2009/10/02 03:29:51 | 00,067,768 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/01 20:15:07 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/29 07:27:36 | 00,000,077 | ---- | C] () -- C:\WINDOWS\System32\richedhce.dll
[2009/09/29 07:26:25 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\msdlghce.dll
[2009/09/29 00:59:56 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/29 00:59:56 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/29 00:59:55 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/09/29 00:59:54 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/29 00:59:54 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/28 19:05:22 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 16:14:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/09/28 14:47:39 | 05,329,362 | -H-- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\IconCache.db
[2009/09/28 14:47:21 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/09/28 14:47:21 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2009/09/28 14:47:20 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/09/28 14:39:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\UserXP\Application Data\desktop.ini
[2009/09/07 11:03:47 | 00,000,594 | ---- | C] () -- C:\WINDOWS\win.ini
[2009/09/07 11:03:04 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/02/06 18:50:00 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 18:25:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 15:11:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 15:11:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 18:35:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 16:26:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/02 19:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/10/05 21:46:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/11/07 19:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/19 13:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Desktop Sidebar
[2009/10/01 20:07:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Foxit
[2009/10/04 16:42:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\WordWeb
[2001/08/23 21:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/07 19:53:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >

=======================================================================================================

then i did the TFC clean-up....no log there

and then the malwarebytes's antimalware log:

Malwarebytes' Anti-Malware 1.41
Database version: 3116
Windows 5.1.2600 Service Pack 3, v.3264

11/7/2009 8:06:00 PM
mbam-log-2009-11-07 (20-06-00).txt

Scan type: Quick Scan
Objects scanned: 93032
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
========================================================================================

i couldnt run the kaspersky scan cause the IE window kept on hanging every time i opened the link. once it started downloading but again got stuck.
  • 0

Advertisements

#17
azarl
Posted 07 November 2009 - 11:29 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi JS

Run this instead

AVP
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

  • 0

#18
jolene singh
Posted 07 November 2009 - 11:01 PM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
phew!!! :) that was a 9 hour scan with whopping 746 instances of the same trojan!!!

heres the log of the detected infection :

Scan
----
Scanned: 885298
Detected: 743
Untreated: 0
Start time: 11/8/2009 12:08:09 AM
Duration: 08:54:53
Finish time: 11/8/2009 9:03:02 AM


Detected
--------
Status Object
------ ------
disinfected: Trojan program Trojan.Win32.Patched.dj File: c:\documents and settings\userxp\local settings\application data\google\chrome\application\chrome.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: c:\oasis\triton.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\Application Data\Microsoft\Installer\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}\NewShortcut2_DF0CCA89BE294B7D9A229DB872E01239.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\Application Data\Microsoft\Installer\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}\NewShortcut8_DF0CCA89BE294B7D9A229DB872E01239.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\Application Data\Microsoft\Installer\{B0BA3B99-16C9-4027-BEAE-4444E266749E}\ARPPRODUCTICON.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\Application Data\Microsoft\Installer\{B0BA3B99-16C9-4027-BEAE-4444E266749E}\LPC210x_ISP.exe_B60B0D3157BA46A8AB5FD037240E063F.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\Desktop\OpenOffice.org 2.4 (en-US) Installation Files on 192.168.10.71\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\Desktop\OpenOffice.org 2.4 (en-US) Installation Files on 192.168.10.71\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\Desktop\OpenOffice.org 2.4 (en-US) Installation Files on 192.168.10.71\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\2.0.172.33\Installer\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Documents and Settings\UserXP\My Documents\GomPlayer\My DAP Downloads\Software Downloads\office2007sp2-kb953195-fullfile-en-us.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Oasis\uninstall.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Oasis\IDE\Triton.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Oasis\Tools\GNUARM\arm-elf\bin\ld.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Oasis\Tools\GNUARM\bin\arm-elf-cc.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Oasis\Tools\GNUARM\bin\KGen.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Oasis\Tools\GNUARM\bin\triton.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Oasis\Tools\GNUARM\bin\utility.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\MultiMODEMInstl\Agere\agrsmdel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\MultiMODEMInstl\Agere\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\MultiMODEMInstl\Conexant\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\MultiMODEMInstl\Conexant\UIU32m.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\NIC\Broadcom\BACS\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\NIC\Broadcom\DrvInst\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\NIC\Intel\APPS\SETUP\SETUPBD\Win32\SetupBD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\NIC\Intel\PRO1000\Win32\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP23101\LTMSG.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP23101\LTREMOVE.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP23101\SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP23101\LTmoh\LtMoh.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP23101\LTmoh\ltremove.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP23101\LTmoh\QuickLnk.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP23101\LTmoh\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP33867\Disk1\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Inst.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1028\KB818801_1028.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1028\Q816650_1028.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1030\KB818801_1030.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1030\Q816650_1030.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1031\KB818801_1031.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1031\Q816650_1031.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1033\KB818801_1033.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1033\Q816650_1033.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1034\KB818801_1034.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1034\Q816650_1034.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1035\KB818801_1035.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1035\Q816650_1035.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1036\KB818801_1036.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1036\Q816650_1036.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1040\KB818801_1040.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1040\Q816650_1040.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1041\KB818801_1041.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1041\Q816650_1041.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1042\KB818801_1042.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1042\Q816650_1042.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1043\KB818801_1043.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1043\Q816650_1043.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1044\KB818801_1044.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1044\Q816650_1044.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1045\KB818801_1045.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1045\Q816650_1045.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1046\KB818801_1046.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1046\Q816650_1046.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1049\KB818801_1049.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1049\Q816650_1049.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1053\KB818801_1053.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\1053\Q816650_1053.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\2052\KB818801_2052.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win32\Lang\2052\Q816650_2052.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win64\Inst.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win64\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP34842A\Win64\instmsiw.exe
deleted: Trojan program Trojan-Spy.Win32.Agent.eqi File: C:\SWSetup\SP34842A\Win64\Setup.exe//data0000
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP35882A\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP35882A\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP35882A\Broadcom\BACS\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP35882A\Broadcom\DrvInst\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP35882A\Intel\APPS\SETUP\SETUPBD\Win32\SetupBD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP35882A\Intel\PRO1000\Win32\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36004A\agrsmdel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36004A\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36004A\UIU32m.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36267\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36267\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36267\Broadcom\BACS\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36267\Broadcom\DrvInst\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36267\Intel\APPS\SETUP\SETUPBD\Win32\SetupBD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36267\Intel\PRO1000\Win32\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36414A\DPInst32.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36414A\iProdifx.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36684A\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36880\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36903\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36903\APPS\SETUP\SETUPBD\Win32\SetupBD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP36903\PRO1000\Win32\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36906\hpqRun.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36906\sp36906d.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36906\sp36906u.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36906u\HPQFlash.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36907\FirmwareUpdate.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36907\floppy.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36907\hpqRun.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36907\HPUSBFW.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36907\sp36907d.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\sp36907\sp36907u.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP37155\AEEnable.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP37155\DevSetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP37155\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP37155\SMAXWDM\W2K_XP\SMax4PNP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP37155\SM_Panel\Sys\SMax4.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP37155\Sys\CleanUp.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\SWSetup\SP37155\Sys\DSndUp.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\coregen.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\findmgsg.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\he.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\lmgrd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\lmtools.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\lmutil.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\wdreg.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\wincoregen.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\xilinxd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\xport.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\zip.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\_setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\bin\nt\_xinfo.exe
deleted: Trojan program Trojan-Spy.Win32.Agent.eqi File: C:\Xilinx91i\coregen\ip\xilinx\network\com\xilinx\ip\pciucfgen_v1_0\bin\nt64\pciucfgen.exe//data0000
deleted: Trojan program Trojan-Spy.Win32.Agent.eqi File: C:\Xilinx91i\coregen\ip\xilinx\network\com\xilinx\ip\pciucfgen_v1_0\bin\nt64\pciucfgen_test.exe//data0000
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\java-rmi.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\java.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\javaw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\javaws.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\jucheck.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\jusched.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\keytool.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\kinit.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\klist.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\ktab.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\orbd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\pack200.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\policytool.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\rmid.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\rmiregistry.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\servertool.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\data\XPower\nt\jre\bin\tnameserv.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\gnu\MinGW\2.0.0-3\nt\bin\gdb.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\java.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\javacpl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\javaw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\jucheck.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\jusched.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\keytool.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\kinit.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\klist.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\ktab.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\orbd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\pack200.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\policytool.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\rmid.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\rmiregistry.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\servertool.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\java\nt\jre\bin\tnameserv.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\smartmodel\nt\image\pcnt\sl_admin.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: C:\Xilinx91i\smartmodel\nt\image\pcnt\sl_unzip.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\essential software\Adobe Acrobat 7.0 Professional\Adobe Acrobat 7.0 Professional\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\essential software\Adobe Acrobat 7.0 Professional\Adobe Acrobat 7.0 Professional\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\essential software\flashget\fgf165.exe
deleted: Trojan program Trojan-Spy.Win32.Agent.eqi File: E:\dad's stuff\essential software\memclnr\memclnr.exe//data0000
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\essential software\Microsoft Office Pro Plus 2007 Incl SP1 And Serial\gburner24.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\Gurmeet Gujral\Adobe Acrobat 7.0 Professional\Adobe Acrobat 7.0 Professional\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\Gurmeet Gujral\Adobe Acrobat 7.0 Professional\Adobe Acrobat 7.0 Professional\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\Gurmeet Gujral\Microsoft Office Pro Plus 2007 Incl SP1 And Serial\gburner24.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\GoogleEarth.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\GoogleEarthPlus.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\install_flash_player.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\ms java virtual mach.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\adobe flash CS3 tutorials\VideoWorkshop.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Adobe Photoshop 7.0\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Adobe Photoshop 7.0\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\atcp2log\atcp2log-setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\autorun.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\hpbvspst.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\hpzglu09.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\uninstal.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\Applications\CUE\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\Applications\CUE\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\Applications\CUE\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\Applications\HPPrintScreen\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\Applications\HPPrintScreen\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\Applications\SystemCheck\setup\HPZchk01.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\Applications\SystemCheck\setup\usbready.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\temp\cfgtoip.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\temp\cfgtoipx.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\util\common\hpfpdi09.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\util\common\hpzghl09.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Driver for HP deskjet 5160_5100\util\common\hpzpin09.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Expert_Choice\demo32.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Expert_Choice\Mmedia\ACROREAD\AcroRd32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Expert_Choice\Mmedia\ACROREAD\acroread.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\flashget\fgf165.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\Microsoft Office Pro Plus 2007 Incl SP1 And Serial\gburner24.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Acrobat\ar40eng.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\MSSUP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\Program Files\Visio\Solutions\Visio Extras\_EDITOR.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\COMUpd\401comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\Dcom\dcom95.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\HHUpd\hhupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\IE\DCOM95.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\IE\IE5COMP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\IE\IE5SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\IE\VRML2C.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\MDAC\mdac_typ.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\MSI\Win9x\InstMsi.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\MSI\WinNT\InstMsi.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\VBA\CC\ccdist.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\VBA\Program Files\Common Files\Microsoft Shared\Vba\vba6\link.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\VBA\Windows\System32\msjavx86.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\VBA\Windows\System32\regsvr32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\VBA\Windows\System32\Vbrun60.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\sp\Vim\Program Files\Common Files\Visio Shared\6.0\IE\vim.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\Windows\KeyHH.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Install\bin\Windows\System32\comctl32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Tours\Interface\InterfaceTour.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MS VISIO 2000\Tours\Sampler\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\MSP 2003\SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\MSP 2003\FILES\OWC10\SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\MSP 2003\FILES\OWC11\SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\MSP 2003\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\MSP 2003\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\MSP 2003\FILES\SETUP\OSE.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\SP_1 MSP 2003\CDLAUNCH\SHELEXEC.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\SP_1 MSP 2003\SP1\FULLFILE\PROJECT2003-KB837240-FULLFILE-ENU.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\SP_1 MSP 2003\SP1\FULLFILE\PROJECTSERVER2003-KB837241-FULLFILE-ENU.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\SP_1 MSP 2003\SP1\FULLFILE\PROJECTSERVER2003-KB837241-SQLFILE-ENU.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\MSP 2003\SP_1 MSP 2003\SP1\FULLFILE\PROJECTSERVER2003-KB837241-WSSFILE-ENU.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\50comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Dscedt.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\multisim.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\ACROBAT\AR505ENU.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\BACKCOMP.MS\wewb32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Codemodl\SOURCES\MAKE_DLL\MAKE_DLL.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Codemodl\SOURCES\MAKE_INC\DEBUG\MAKE_INC.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Codemodl\USER\CAT.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Codemodl\USER\MAKE_DLL.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Codemodl\USER\RM.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Csminst\50comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Csminst\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Csminst\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\50comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\ACROBAT\AR505ENU.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\40comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\50comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\Axdist.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\Dcom95.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\Regsvr32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\DAO\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\DAO\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\Setup\System\MDAC_TYP\MDAC_TYP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\40comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\50comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\Axdist.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\Dcom95.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\Regsvr32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\DAO\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\DAO\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\multisim7\System\MDAC_TYP\MDAC_TYP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\QM4Win\Acrobat Reader\Reader\AcroRd32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\sj652 scanner update\hpupdate.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\sj652 scanner update\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\sj652 scanner update\English\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\sj652 scanner update\English\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\sj652 scanner update\English\ScanToWeb\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\imp software\sj652 scanner update\English\ScanToWeb\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\ADI SoundMAX HD Audio Driver for XP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Agere V.92 Modem Driver for Windows XP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Bluetooth wireless technology.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Broadcom Wireless LAN Driver.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Eithernet Driver for XP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Ethernet Drivers for XP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Intel 82562GT 10100 Drivers for Windows XP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Intel Chipset Installation Utility for ICH8 2K_XP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Intel PROWireless Drivers.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\Intel Video Driver and Control Panel for Windows XP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\ROMPaq for HP Notebook System BIOS - FreeDOS Bootable Media.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\SCM Microsystems driver.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\sp33867 UAA Bus Driver for HD Audio.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\sp36004 modem.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\sp36682 svrdio dound max HD au.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\sp36906 sys BIOS.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\laptop 6720s drivers\win2k_xp14311.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj\gre\PPGRE31.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj\gre\gre09\gretest.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj\ielts\ALL IELTS BOOKS\MAIN MATERIALS FOR IELTS\Prepare for IELTS\DJVUCNTL_601_EN.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj\toefl\templates\simplepara.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\bitcomet_setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Convertion of Units.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Daemon400.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DIRECTX_DEC2005_REDIST.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\GOMPLAYERENSETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\GuiStyle.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Java2RE50.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Java2SDKSE50.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\wordsearch_installer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\20_developers_tool\jap\japsetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\30_multimedia_software\flash_particle_studio\Flash Particle Studio.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\30_multimedia_software\intocartoon_pro\Intocartoon Pro.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\30_multimedia_software\muvaudio\MuvAudio.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\30_multimedia_software\mxplay\MXPlay.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\30_multimedia_software\oovoo\oovoo.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\30_multimedia_software\paintbuster\PaintBuster.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\acdsee_9_photo_manager\acdsee-9-0-108-en.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\ad-aware_se_personal_edition\aawsepersonal.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\enigma\Enigma.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\es_clipboard_monitor_engine\ES Clipboard Monitor Engin.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\greenprint\GreenPrint .exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\memeo_autobackup\Memeo AutoBackup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\memeo_autosync\Memeo AutoSync.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\myriad_3d_reader\Myriad 3D Reader.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\novabackup\NovaBACKUP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\o&k_print_watch\O&K Print Watch.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\pidgin\pidgin-2_1.0.0.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\pptminimizer\PPTminimizer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\r-excel\R-Excel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\r-studio\R-Studio.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\rbak_internet_backup\rBak Internet Backup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\registry_purify\Registry Purify.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\removeit_pro\RemoveIT Pro Enterprise.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\solid_converter\Solid Converter DWG 3 buil.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\spyware_killer\spywarekiller.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\spy_soap\spysoap.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\stumbleupon_toolbar_for_ie\StumbleUpon3-beta.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\stylet_file_manager\Stylet File Manager.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\those_buttons\Those Buttons.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\tonethis\toneThisPackage.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\trillian\trillian-v3.1.5.1.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\wixkill\Wixkill .exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\50_latest_utilities\ztreewin\ZTreeWin.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\8085\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\8085\lab\tasm\BIN\BRCC32.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\8085\lab\tasm\BIN\TD32.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\8085\lab\tasm\BIN\TD32INST.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\8085\lab\tasm\BIN\TLINK32.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\8085 Simulator\8085.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Adobe\Adobe Acrobat 6.0 Professional\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Adobe\Adobe Acrobat 6.0 Professional\crack\keygen.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Adobe\Adobe Photoshop 7.0\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Adobe\Adobe Photoshop 7.0\_isdel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Adobe\Adobe Photoshop 7.0\Kpt 6\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Adobe\Adobe Photoshop 7.0\Kpt 6\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\anti_mosquito\Anti Mosquito.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\bcc.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\bcc32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\brcc32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\cabarc.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\cpp.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\cpp32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\hcrtf.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\hcw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\ilink32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\regist32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\td32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\td32inst.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\tlink32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\BIN\ws32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\EXAMPLES\DLLMIX\bctobc.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\C & C++\BC5\EXAMPLES\DLLMIX\vctobc.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cambridge ALD on i wll survive (192.168.28.12)\rp505enu.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cambridge ALD on i wll survive (192.168.28.12)\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cambridge ALD on i wll survive (192.168.28.12)\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cambridge ALD on i wll survive (192.168.28.12)\directx\ddhelp.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cambridge ALD on i wll survive (192.168.28.12)\directx\dplaysvr.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cambridge ALD on i wll survive (192.168.28.12)\directx\dxinfo.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cambridge ALD on i wll survive (192.168.28.12)\directx\dxsetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cambridge ALD on i wll survive (192.168.28.12)\directx\dxtool.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cell Phone Stuff\Misc\OPM2(1)\OPM2\opm.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cell Phone Stuff\Misc\OPM2(1)\OPM2\UNWISE.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cell Phone Stuff\mobile thing\6600 software\IM_Plus_v2.14_(with_keygen)\keygen.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cell Phone Stuff\mobile thing\6600 software\Psiloc Screen Saver v1.52 (N6600)\Psiloc Screen Saver v1.52.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cell Phone Stuff\mobile thing\6600 software\psiloc_extended_profiles_pro_v1.95\Psiloc Extended Profiles Pro v1.95_Keygen.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cell Phone Stuff\mobile thing\6600 software\teletext 6600+keygen\keygen.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Cell Phone Stuff\mobile thing\6600 software\World Clock Pro 1.52\Psiloc World Clock Pro 1.52.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\codecs\Media Player codecs.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\codecs\WM9Codecs.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\converter\avi to mpg\AVI2MPG1.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\converter\avi to rmvb converter(save your drive space)\ermp_fullV1.81.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\converter\avi to vcd\AVI2VCD.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\converter\DVD to MP3\DVDtoMP318Trial.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\converter\DVD to VCD\auth_call.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\converter\DVD to VCD\DVD2SVCD-1.0.3-Build_5\auth_call.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\converter\MP3 To Wave Converter v1.16\mp3cinst_softseek.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DivX\DivX511Bundle.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DivX\DivX51Bundle.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DKU-5\Acrobat\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DKU-5\Acrobat\_ISDel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DKU-5\Acrobat\Reader\AcroRd32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DKU-5\Driver\DRemover98_2K.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DKU-5\Driver Setup\USB Cable Driver.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DKU-5\PC Suite\PC Suite 58.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\DKU-5\PC Suite\PC Suite 61.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Dr.Divx 1.0.6\DrDivX106.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\google products\GoogleEarth.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\google products\GoogleEarthPlus.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\google products\GoogleSketchUpWEN.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\google products\GOOGLESKETCHUPW_EN.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\google products\Google Earth Pro Map With CRACK\Google Earth Pro Map With CRACK\GoogleEarthPro.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\google products\google_earth\GoogleEarth.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet browsers\Internet Explorer 7.0 Build 5299 Beta 2\Internet Explorer 7.0 Build 5299 Beta 2\IE.7.Build.5299-JCXP\IE7-WindowsXP-x86-enu.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet browsers\Internet Explorer Tab Plugin\MereSurfer2005Pro\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet browsers\Mozilla\mozilla-win32-1.7.5-installer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet browsers\Opera\ow32enen754u2j.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet browsers\Opera\ow32enen800.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet browsers\Opera\ow32enen800b1.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet browsers\Opera\ow32enen801.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet controllers controllers\Azureus_2.3.0.6_Win32.setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet controllers controllers\Download Accelerator Plus 8.0.3.5 Premium\Download Accelerator Plus 8.0.3.5 Premium\Patch.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet controllers controllers\Internet Download Manager v5.01 on 192.168.28.51\idman501.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\internet controllers controllers\Limewire pro on RDX (192.168.30.145)\Limewire Lime Wire Pro 4.12.3.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\lan controllers\adv IP scanner\Advanced IP Scanner.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\lan controllers\adv IP scanner\uninstal.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\lan controllers\net send anyone\netsend\NETSEND.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\lan controllers\voice chat over lan on Edge (192.168.30.206)\voice chat over lan setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Make Your Copy of Windows 100% Genuine in 2 Seconds on 192.168.28.51\Verify if your copy is Genuine or not\Microsoft Genuine Advantage Diagnostic Tool.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\matlab 6.5\CD1\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\matlab 6.5\CD1\MSutils\401comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\matlab 6.5\CD1\MSutils\jmsjavx86.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\matlab 6.5\CD1\MSutils\msjavx86.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media controllers\Super DVD Ripper Version 1.90 Full + Cracked.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media controllers\MPEG-Corrector\MPEG-Corrector.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media controllers\Ulead Video Studio 7\UVS7TrialEng.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media controllers\vcdcutter\VCDCut.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media controllers\VCDCutter 4.04\VCDCut.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media controllers\video converter\3gp-video-converter.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media controllers\video converter\KeyGen.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media controllers\virtualdub\VirtualDub.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\GoogleVideoPlayerSetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\iTunes47.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\RealPlayer10-5GOLD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\vlc-0.8.5-test1-win32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\vlc-0.8.6-win32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\vlc-0.8.6a-win32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Windows Media Player 11 - Without Genuine Check By GreY FoX.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\WMP11_WINDOWSXP_X86_ENU.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\gom player\GOMPLAYERENSETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\mplayer\mencoder.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\mplayer\mplayer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\QuickTime\PictureViewer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\QuickTime\QTInfo.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\QuickTime\qttask.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\QuickTime\QuickTimePlayer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\QuickTime\QTSystem\QTPluginInstaller.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\QuickTime\QTSystem\QuickTimeUpdateHelper.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Real\RealPlayer10-5GOLD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Real\Real One Player 7\RealOnePlayer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Real\RealPlayer\realplay.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Real\RealPlayer\Setup\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\winamp5.20_full.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\winamp53_full_emusic-7plus.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\AWEamp_by_Yilard.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\EL-VIS8_PLASMA.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\MEXP_-_Music_Explorer_Plugin.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\The_Presets_v6.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\Winamp_Essentials.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\YMS_Status_Changer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\Visualizer her\Geiss_2.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\Visualizer her\Mandelbrot_Set_Vizualization_1_0.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\Visualizer her\MilkDrop.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\Visualizer her\Tripex3-12.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\Visualizer her\TwistedPixel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\Visualizer her\Visualizer_Her.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Winamp\Winamp Plugins\Visualizer her\Winamp_Goes_3D_v1_51.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\winamp 5.33...new!!!!\winamp533_full_emusic-7plus.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Windows Media Player 10\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Windows Media Player 11\umdf.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Windows Media Player 11\wmfdist11.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\Windows Media Player 11\wmp11.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\media players\windows media player updated on anshu (192.168.28.51)\wmp11-windowsxp-x86-enu.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\gaim-1.5.0.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\googletalk-setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\Install_Messenger.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\Install_MSN_Messenger.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\trillian-v3.1-beta.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\trillian-v3[1].1.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\gaim\gaim-1.0.1.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\gaim\gaim-1.4.0.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\gaim\gaim-1.5.0.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\gaim\gaim2.0.0beta3 on RAKESH (192.168.28.248)\gaim-2.0.0beta3.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\Orkutter\orkutter_installer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\messengers\PC Chat\PCchat.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2003Setup\SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2003Setup\FILES\OWC10\SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2003Setup\FILES\OWC11\SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2003Setup\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2003Setup\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2003Setup\FILES\SETUP\OSE.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2003Setup\MSDE2000\MSDE2KS3.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_2007\X12-30196.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\AutoCal2007.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\bpmTraverse.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\FileFormatConverters.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\LinkedInToolbarOLInstaller.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\Odf-AddInForWordSetup-en-1.0.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\OggSyncOutlookv3.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\pfx12demo.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\rhapzodesetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\MS Office\Office2007 trial\Office_Addins\zohoplugin.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Dsetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\InCD Reader\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\InCD Reader\sharedNT\InCD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\InCD Reader\sharedNT\InCDsrv.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\InCD_4\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\InCD_4\sharedNT\InCD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\InCD_4\w9x\InCD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Nero BurnRights\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Nero BurnRights\NeroBurnRights\NeroBurnRights.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Nero_OEM\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Nero_OEM\Nero\nero.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Nero_OEM\Redist\50comupd.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Nero_OEM\Redist\shfolder.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Nero_OEM\Redist\WMFADist.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nero 6.3\Nero_OEM\Redist\wmfdist.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\Nokia PC Suite 5\ContentCopier.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\Nokia PC Suite 5\DataLayer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\Nokia PC Suite 5\NokiaApplicationInstaller.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\Nokia PC Suite 5\NokiaImageConverter.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\Nokia PC Suite 5\NokiaPcWAPmanager.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\Nokia PC Suite 5\NokiaSoundConverter.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\Nokia PC Suite 5\NPE4.5.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\Nokia PC Suite 5\PcSync.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\nokia pc suite6\PC Suite 61.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Nokia\nokia pc suite6\USB Cable Driver.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\p2p\LimeWireWin.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\BTMagic\Rescueme\DOSYSTEM\FLOPPY.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\BTMagic\Rescueme\DOSYSTEM\PTEDIT32.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\BTMagic\Setup\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\BTMagic\Setup\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\BTMagic\Setup\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\DKeeper\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\DKeeper\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\DKeeper\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\RESCUEME\DOSYSTEM\FLOPPY.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\RESCUEME\DOSYSTEM\PTEDIT32.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\Setup\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\Setup\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PARTITION MAGIC 8\pm80(www.thevault.by.ru)\Setup\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PC.Alarm.Clock.Professional.v3.2.0.0.WinALL.Cracked-ARN on anshu (192.168.28.51)\asacpro.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\PC.Alarm.Clock.Professional.v3.2.0.0.WinALL.Cracked-ARN on anshu (192.168.28.51)\Crack\Patch.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\QM4Win\QM4Win\qmsetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\AdSpy.Eliminator.v1.0\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Adware.Safe.v2.0.0\Crack\AdwareSafe.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Adware.Safe.v2.0.0\Setup\adwaresafe-2.0.0.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Killersoftware_Adware_Agent_REPACK_v4.84-CNS\cns-patch.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Microsoft.Windows.AntiSpyware\MicrosoftAntiSpywareInstall.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Pop.up.Blocker.Pro.Rich-Media.Ads.Edition.v5.0f.Cracked-ACME\setup\PBpro_rmae.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Pop.up.Blocker.Pro.v7.0.5f.Cracked-ACME\setup\PBpro.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\PopUp.Nuker.2004.v2.00.30.WinALL.Cracked-DVT\Setup\PopUp Nuker 2004.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Real.Spy.Monitor.v2.28.WinALL.Incl.Keygen-HS\keygen\hs-key.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Smart.Popup.Stopper.Pro.v3.9\smartpopupstopperprosetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\Spyware.Doctor.v3.1.312\Crack\swdoctor.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Spyware\SpyWare.Nuker.2005.v3.3.17.2.WinALL.Cracked-DVT\Setup\SpyWareNuker.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\sql2ksp3\MSDE\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\sql2ksp3\MSDE\Msi\InstMsi.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\sql2ksp3\MSDE\Msi\InstMsi20.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\sql2ksp3\MSDE\Msi\InstMsiW.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\sql2ksp3\MSDE\Msi\InstMsiW20.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\System Improvement Tools\CPUCOOL9.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\System Improvement Tools\OODefrag8ProfessionalEnu.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\System Improvement Tools\SYSTOOL_INSTALLER.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Tally6.3\install.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Tally6.3\network\spnsrv9x.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Tally6.3\network\spnsrvnt.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\Tally6.3\network\tlsetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\3DwindowsXP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WindowsXP-KB884020-x86-enu.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\CD Label Maker\CDPrint.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\Common\Microsoft Shared\Speech\sapisvr.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\Games\HyperBowl\Hyperbowl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\Games\Russian Square\RussSqr.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\Games\The Labyrinth Plus! Edition\TheLabyrinth.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\MP3 Audio Converter\AudioConverter.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\Personal DJ\PersonDJ.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\microsoft xp plus\Voice Command\MpSpeak.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\StyleXPInstallFemale\StyleXPInstallFemale.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\faxpatch.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\netsetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\NTSD.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\regedit.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\SYSPARSE.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\telnet.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\winnt32.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\DRW\DWWIN.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\WIN9XMIG\FAX\AWDVSTUB.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\I386\WIN9XMIG\MAPI\DLL\MKNTFRMCACHE.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\SUPPORT\updates\dx90_redist.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\SUPPORT\updates\f-sasser.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\SUPPORT\updates\MPSetupXP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\WinXP_sp2\SUPPORT\updates\WM9Codecs.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\XP Themes\AERIS\Aeris Gainsborough.LogOnUI.Exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\XP Themes\hollyvalance\logonui.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\XP Themes\MATRIX\MatrixOnline\MatrixOnline.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\XP Themes\SEXY\sexytiacarrere.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\XP Themes\Unofficial\OCR.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\xp utilities\CmdHerePowertoySetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\xp utilities\ImageResizerPowertoySetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\xp utilities\MCPlaylistEditorSetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\windows Xp controllers\xp utilities\NapsterSetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\manraj software\winrar\wrar350.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\MultiMODEMInstl\Agere\agrsmdel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\MultiMODEMInstl\Agere\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\MultiMODEMInstl\Conexant\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\MultiMODEMInstl\Conexant\UIU32m.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\NIC\Broadcom\BACS\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\NIC\Broadcom\DrvInst\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\NIC\Intel\APPS\SETUP\SETUPBD\Win32\SetupBD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\NIC\Intel\PRO1000\Win32\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP23101\LTMSG.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP23101\LTREMOVE.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP23101\SETUP.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP23101\LTmoh\LtMoh.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP23101\LTmoh\ltremove.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP23101\LTmoh\QuickLnk.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP23101\LTmoh\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP32883A\Inst.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP32883A\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP32883A\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP33867\Disk1\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Inst.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\instmsiw.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1028\KB818801_1028.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1028\Q816650_1028.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1030\KB818801_1030.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1030\Q816650_1030.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1031\KB818801_1031.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1031\Q816650_1031.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1033\KB818801_1033.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1033\Q816650_1033.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1034\KB818801_1034.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1034\Q816650_1034.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1035\KB818801_1035.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1035\Q816650_1035.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1036\KB818801_1036.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1036\Q816650_1036.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1040\KB818801_1040.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1040\Q816650_1040.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1041\KB818801_1041.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1041\Q816650_1041.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1042\KB818801_1042.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1042\Q816650_1042.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1043\KB818801_1043.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1043\Q816650_1043.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1044\KB818801_1044.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1044\Q816650_1044.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1045\KB818801_1045.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1045\Q816650_1045.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1046\KB818801_1046.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1046\Q816650_1046.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1049\KB818801_1049.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1049\Q816650_1049.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1053\KB818801_1053.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\1053\Q816650_1053.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\2052\KB818801_2052.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win32\Lang\2052\Q816650_2052.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win64\Inst.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win64\instmsia.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP34842A\Win64\instmsiw.exe
deleted: Trojan program Trojan-Spy.Win32.Agent.eqi File: E:\dad's stuff\swsetup\SP34842A\Win64\Setup.exe//data0000
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP35882A\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP35882A\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP35882A\Broadcom\BACS\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP35882A\Broadcom\DrvInst\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP35882A\Intel\APPS\SETUP\SETUPBD\Win32\SetupBD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP35882A\Intel\PRO1000\Win32\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36004A\agrsmdel.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36004A\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36004A\UIU32m.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36267\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36267\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36267\Broadcom\BACS\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36267\Broadcom\DrvInst\IA32\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36267\Intel\APPS\SETUP\SETUPBD\Win32\SetupBD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36267\Intel\PRO1000\Win32\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36414A\DPInst32.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36414A\iProdifx.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36682\AEEnable.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36682\DevSetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36682\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36682\SMAXWDM\W2K_XP\SMax4PNP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36682\SM_Panel\Sys\SMax4.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36682\Sys\CleanUp.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36682\Sys\DSndUp.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36684A\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36880\Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36903\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36903\APPS\SETUP\SETUPBD\Win32\SetupBD.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP36903\PRO1000\Win32\PROUnstl.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36906\hpqRun.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36906\sp36906d.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36906\sp36906u.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36906u\HPQFlash.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36907\FirmwareUpdate.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36907\floppy.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36907\hpqRun.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36907\HPUSBFW.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36907\sp36907d.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\sp36907\sp36907u.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP37155\AEEnable.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP37155\DevSetup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP37155\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP37155\SMAXWDM\W2K_XP\SMax4PNP.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP37155\SM_Panel\Sys\SMax4.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP37155\Sys\CleanUp.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\dad's stuff\swsetup\SP37155\Sys\DSndUp.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\FileFormatConverters.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\install_flash_player.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\sidebarb116.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\Silverlight.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\Vista-ShutdownTimer.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\wordweb5.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\YouTubeDownloaderSetup251.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\IP MESSENGER\ipmsg206\setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\microwind\MW31_Lite_Setup.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\microwind\MW31 Lite Setup\UNSTUB.EXE
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\my stuff\my softwares\VmWare\vmware-workstation-6.0.3-80004.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\project 25.9.09\NS-2\TCL-Tutor2b4.exe
disinfected: Trojan program Trojan.Win32.Patched.dj File: E:\project 25.9.09\VmWare\vmware-workstation-6.0.3-80004.exe

=======================================================================================================

well thats the end. by the time the scan was gettin over, i was regretting not having connected all my USBs and external harddisks for the scan as well. I think ill do the scan again for all my USBs later. The software that i downloaded for this has the date of download as a part of the filename...does that mean i cant reuse it and hv to download a new version again or its ok to reuse it?

thank you. this has been perhaps one of the most thorough scans ive subjected my computer to. By the way, i noticed that my computer is running slower now.

Jolene
  • 0

#19
azarl
Posted 08 November 2009 - 07:34 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi JS

The scan has confirmed that the infection you have is of the most serious type - a file infector. It can and usually does damage so many executable files on the system that the system is rendered unusable. In this case, the infection looks like it came from drive E:. If this disk came from another source, it may be wise to inform them and suggest they check their PC.

It would be best to reformat drive E:. We'll have a go at recovering your C: drive, but it may be necessary to reformat that later.

Please read all of this through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

Step 1
I would recomend that you:
  • Backup all your documents and important items only, from all drives. If you use a USB device, esure you first "immunize" it as explained earlier
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
  • Reformat drive E:
    • Open WIndows Explorer
    • Right Click on drive E: and select Format
    • Ensure that the Quick Format box is not checked
    • Follow the prompts and allow to format
  • Be very careful to select the correct drive to format!
Step 2
System File Checker
  • Click Start > Run and type cmd {enter}
  • Type SFC /scannow (Note the space between the c and the /)
    • You may need your Windows XP CD so have it ready.
    • If you have Service Pack 2 (SP2) or SP3 installed, you will need the SP2 or SP3 version of the version of the CD.
  • Allow the scan to run and when completed, reboot the system.
Step 3
AVZ

Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#20
jolene singh
Posted 09 November 2009 - 02:03 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
hi
sorry for the delay in replying. there is one problem. I did the formatting with the e drive. but i dont hv the xp sp3 cd with me. i hv xp sp2 cd. the os installed rite now on the comp is sp3. so i thought ill wait and ask before proceeding with step 2 of your instructions.
Another thing is that my exams are going on these days, and i really cant afford to format my computer considering that it has all my project work too. so i would really like it if we can avoid that course of action at least till december.

jolene
  • 0

#21
jolene singh
Posted 09 November 2009 - 02:25 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
hi
sorry for the delay in replying. there is one problem. I did the formatting with the e drive. but i dont hv the xp sp3 cd with me. i hv xp sp2 cd. the os installed rite now on the comp is sp3. so i thought ill wait and ask before proceeding with step 2 of your instructions.
Another thing is that my exams are going on these days, and i really cant afford to format my computer considering that it has all my project work too. so i would really like it if we can avoid that course of action at least till december.

jolene
  • 0

#22
azarl
Posted 09 November 2009 - 02:43 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi JS,

You can still run step 2. It will only ask for a disk if it can't find a backup in the DLLCache on your pc. If it does ask for a disk just hit the ignore button (I think it's ignore, I can't remember exactly) and it will move to the next file. If you could let me know how you get on. Then run step 3

If we get a lot of SFC errors, I can talk you through building a SP3 boot disk if necessary, if you have a CD writer.
  • 0

#23
jolene singh
Posted 09 November 2009 - 06:12 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
:)
i started with the step 2. It was asking me every 2 seconds to insert a CD. when i told it to go on without the cd, it asked "if i want to skip this file, though a CD will have to be inserted later then". I clicked on "skip", and did so for a while each time till I realised that I may hv to click 200 times if it kept on asking me every 2 seconds for every file. :) So i cancelled the scan. Now what? step 3 directly? :)
  • 0

#24
azarl
Posted 09 November 2009 - 06:20 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi JS

Do step 3 and we'll see what that shows

Edited by azarl, 09 November 2009 - 06:20 AM.

  • 0

#25
jolene singh
Posted 09 November 2009 - 08:10 PM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
hi
i have attached the two files.
by the way, i noticed that my google chrome and other softwares can open now. though im still sticking to IE, just thought ill mention it.

thanks
jolene

Attached File  virusinfo_syscheck.zip   22.26KB   160 downloads
Attached File  virusinfo_syscure.zip   24.09KB   138 downloads
  • 0

Advertisements

#26
azarl
Posted 10 November 2009 - 03:07 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi Jolene

by the way, i noticed that my google chrome and other softwares can open now. though im still sticking to IE, just thought ill mention it.


We've killed quite a lot of stuff here so far. Does everything seem to be running OK? With file infectors, the big problem comes when they infect a necessary system file. Fingers crossed

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Xilinx91i\virtex2\bin\nt\libBsXv2_Bitstream.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
    Please repeat for

    • C:\WINDOWS\Installer\504a1db.msi
    • C:\WINDOWS\system32\MsSip1.dll

Edited by azarl, 10 November 2009 - 03:08 AM.

  • 0

#27
jolene singh
Posted 14 November 2009 - 06:51 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
sorry for the absence. U mite hav heard about the cyclone phyan that went over spam and 12 to 16 hr power cuts that follwed every day. anyways, nice to back on track.

log for file "C:\Xilinx91i\virtex2\bin\nt\libBsXv2_Bitstream.dll":

VirSCAN.org Scanned Report :
Scanned time : 2009/11/14 17:38:31 (IST)
Scanner results: Scanners did not find malware!
File Name : libBsXv2_Bitstream.dll
File Size : 69632 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 6f35b2ebd5adefc62f5d879a44fffa64
SHA1 : bd8d23c809b9a018cd14520b00c176886a7f3249
Online report : http://virscan.org/r...48fd3d3ab4.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091114000235 2009-11-14 5.42 -
AhnLab V3 2009.11.14.00 2009.11.14 2009-11-14 0.97 -
AntiVir 8.2.1.65 7.1.6.235 2009-11-13 0.17 -
Antiy 2.0.18 20091113.3257899 2009-11-13 0.12 -
Arcavir 2009 200911131819 2009-11-13 0.04 -
Authentium 5.1.1 200911132257 2009-11-13 1.22 -
AVAST! 4.7.4 091114-0 2009-11-14 0.01 -
AVG 8.5.288 270.14.65/2502 2009-11-14 0.33 -
BitDefender 7.81008.4545615 7.28920 2009-11-14 3.93 -
CA (VET) 35.1.0 7120 2009-11-13 12.76 -
ClamAV 0.95.2 10023 2009-11-14 0.02 -
Comodo 3.12 2952 2009-11-14 0.80 -
CP Secure 1.3.0.5 2009.11.14 2009-11-14 0.06 -
Dr.Web 4.44.0.9170 2009.11.14 2009-11-14 6.80 -
F-Prot 4.4.4.56 20091113 2009-11-13 1.19 -
F-Secure 7.02.73807 2009.11.14.03 2009-11-14 0.17 -
Fortinet 2.81-3.120 11.56 2009-11-13 0.21 -
GData 19.8828/19.557 20091114 2009-11-14 5.59 -
ViRobot 20091114 2009.11.14 2009-11-14 0.43 -
Ikarus T3.1.01.74 2009.11.14.74526 2009-11-14 4.45 -
JiangMin 11.0.800 2009.11.14 2009-11-14 4.66 -
Kaspersky 5.5.10 2009.11.14 2009-11-14 0.15 -
KingSoft 2009.2.5.15 2009.11.14.15 2009-11-14 0.52 -
McAfee 5.3.00 5801 2009-11-13 3.50 -
Microsoft 1.5202 2009.11.14 2009-11-14 6.22 -
Norman 6.01.09 6.01.00 2009-11-14 4.01 -
Panda 9.05.01 2009.11.12 2009-11-12 0.59 -
Trend Micro 9.000-1003 6.626.02 2009-11-13 0.03 -
Quick Heal 10.00 2009.11.13 2009-11-13 1.25 -
Rising 20.0 22.21.05.04 2009-11-14 1.04 -
Sophos 3.00.1 4.46 2009-11-14 3.06 -
Sunbelt 5505 5505 2009-11-12 1.78 -
Symantec 1.3.0.24 20091113.003 2009-11-13 0.05 -
nProtect 20091114.01 6215412 2009-11-14 3.53 -
The Hacker 6.5.0.2 v00069 2009-11-13 0.74 -
VBA32 3.12.10.11 20091113.1444 2009-11-13 2.02 -
VirusBuster 4.5.11.10 10.113.16/2013812 2009-11-13 2.38 -


log for file "C:\WINDOWS\Installer\504a1db.msi":

VirSCAN.org Scanned Report :
Scanned time : 2009/11/14 17:43:46 (IST)
Scanner results: Scanners did not find malware!
File Name : 504a1db.msi
File Size : 1183232 byte
File Type : Microsoft Office Document
MD5 : 30d52137a03e5a6157a12e409bd02952
SHA1 : 5b5fe9d188f3002aa65d266038932092fe021698
Online report : http://virscan.org/r...4562394603.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091114000235 2009-11-14 4.52 -
AhnLab V3 2009.11.14.00 2009.11.14 2009-11-14 1.54 -
AntiVir 8.2.1.65 7.1.6.235 2009-11-13 1.22 -
Antiy 2.0.18 20091113.3257899 2009-11-13 0.12 -
Arcavir 2009 200911131819 2009-11-13 1.38 -
Authentium 5.1.1 200911132257 2009-11-13 1.22 -
AVAST! 4.7.4 091114-0 2009-11-14 0.19 -
AVG 8.5.288 270.14.65/2502 2009-11-14 0.72 -
BitDefender 7.81008.4545615 7.28920 2009-11-14 4.04 -
CA (VET) 35.1.0 7120 2009-11-13 6.17 -
ClamAV 0.95.2 10023 2009-11-14 0.49 -
Comodo 3.12 2952 2009-11-14 0.81 -
CP Secure 1.3.0.5 2009.11.14 2009-11-14 0.36 -
Dr.Web 4.44.0.9170 2009.11.14 2009-11-14 6.86 -
F-Prot 4.4.4.56 20091113 2009-11-13 1.20 -
F-Secure 7.02.73807 2009.11.14.03 2009-11-14 10.71 -
Fortinet 2.81-3.120 11.56 2009-11-13 0.21 -
GData 19.8828/19.557 20091114 2009-11-14 6.23 -
ViRobot 20091114 2009.11.14 2009-11-14 0.41 -
Ikarus T3.1.01.74 2009.11.14.74526 2009-11-14 4.15 -
JiangMin 11.0.800 2009.11.14 2009-11-14 4.38 -
Kaspersky 5.5.10 2009.11.14 2009-11-14 0.44 -
KingSoft 2009.2.5.15 2009.11.14.15 2009-11-14 0.59 -
McAfee 5.3.00 5801 2009-11-13 3.46 -
Microsoft 1.5202 2009.11.14 2009-11-14 6.98 -
Norman 6.01.09 6.01.00 2009-11-14 4.01 -
Panda 9.05.01 2009.11.12 2009-11-12 1.18 -
Trend Micro 9.000-1003 6.626.02 2009-11-13 0.14 -
Quick Heal 10.00 2009.11.13 2009-11-13 1.37 -
Rising 20.0 22.21.05.04 2009-11-14 1.27 -
Sophos 3.00.1 4.46 2009-11-14 3.06 -
Sunbelt 5505 5505 2009-11-12 2.04 -
Symantec 1.3.0.24 20091113.003 2009-11-13 0.07 -
nProtect 20091114.01 6215412 2009-11-14 4.12 -
The Hacker 6.5.0.2 v00069 2009-11-13 0.70 -
VBA32 3.12.10.11 20091113.1444 2009-11-13 2.25 -
VirusBuster 4.5.11.10 10.113.16/2013812 2009-11-13 2.41 -

log for file "C:\WINDOWS\system32\MsSip1.dll":

couldnt get this. got an "ERROR: Can't upload file".
  • 0

#28
azarl
Posted 14 November 2009 - 10:08 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi JS

Hope you got through the Typhoon with the minimum of disruption.

ComboFix
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#29
jolene singh
Posted 15 November 2009 - 06:34 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
hi :)

when i tried running combofix, it did mention that i didnt have recovery console installed but upon being directed to download and install it, it couldnt connect to the internet. So i let it continue with the scan. A log was created then.
Afterwards, I realised that I myself couldnt access the net. After much head-scratching i decided to check my settings and realised that combofix had turned off my LAN proxy.
So, I took my laptop to the server room and connected it to the net directly and reran the scan. This time, it first updated itself, downloaded and installed the windows recovery console. I'll send you both the log files.

Log 1:

ComboFix 09-11-14.03 - UserXP 11/14/2009 21:57..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1483 [GMT 5.5:30]
Running from: c:\documents and settings\UserXP\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-4982168452-3067718245-273071168-5103
c:\windows\qrt2.reg
c:\windows\system32\msdlghce.dll
c:\windows\system32\richedhce.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-11 08:31 . 2009-11-14 16:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\MathWorks
2009-11-11 05:12 . 2009-11-14 16:15 -------- d-----w- c:\documents and settings\UserXP\Application Data\MathWorks
2009-11-10 02:28 . 2009-11-10 02:29 -------- d-----w- c:\documents and settings\UserXP\tmpfcman
2009-11-08 14:20 . 2009-11-08 14:38 -------- d-----w- C:\Triton
2009-11-08 13:28 . 2009-11-08 13:28 0 ---ha-w- c:\windows\msds.dat
2009-11-08 13:26 . 2009-11-08 13:28 -------- d-----w- C:\RIDE
2009-11-08 13:26 . 2009-11-08 13:26 36352 ----a-w- c:\windows\system32\SX32W.DLL
2009-11-08 13:26 . 2009-11-08 13:26 211488 ----a-w- c:\windows\system32\bwcc32.dll
2009-11-08 13:26 . 2009-11-08 13:26 135680 ----a-w- c:\windows\system32\crypto32.dll
2009-11-07 15:12 . 2009-11-07 15:12 -------- d-----w- c:\windows\Sun
2009-11-07 15:10 . 2009-11-07 15:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-07 15:10 . 2009-11-07 15:10 -------- d-----w- c:\program files\Java
2009-11-06 07:56 . 2009-11-06 07:56 -------- d-----w- c:\windows\system32\Logfiles
2009-11-06 07:56 . 2009-11-06 07:56 -------- d-----w- C:\Inetpub
2009-11-01 14:54 . 2009-11-01 14:54 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-29 08:50 . 2009-10-29 08:50 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Application Data\Identities
2009-10-29 07:28 . 2009-10-29 07:28 -------- d-----w- c:\program files\ESET
2009-10-22 16:27 . 2009-10-22 16:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-21 16:22 . 2009-10-21 16:22 -------- d-----w- c:\program files\Rhymesaurus
2009-10-19 13:08 . 2009-10-19 13:08 -------- d-----w- c:\program files\MICROWIND Lite
2009-10-19 13:07 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe
2009-10-19 07:56 . 2009-10-19 08:02 -------- d-----w- c:\documents and settings\UserXP\Application Data\Desktop Sidebar
2009-10-19 07:55 . 2009-10-19 07:55 -------- d-----w- c:\program files\Desktop Sidebar
2009-10-18 21:14 . 2001-08-17 11:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-10-18 21:14 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 16:25 . 2009-10-02 16:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-14 15:16 . 2009-09-28 09:39 -------- d-----w- c:\documents and settings\UserXP\Application Data\VMware
2009-11-14 15:16 . 2009-09-28 09:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-11-14 15:16 . 2009-09-28 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-11-10 02:17 . 2009-11-10 02:17 -------- d-----w- c:\program files\Trial123PDFConverter
2009-11-08 01:56 . 2009-10-08 06:50 40960 ----a-r- c:\documents and settings\UserXP\Application Data\Microsoft\Installer\{B0BA3B99-16C9-4027-BEAE-4444E266749E}\LPC210x_ISP.exe_B60B0D3157BA46A8AB5FD037240E063F.exe
2009-11-08 01:56 . 2009-10-08 06:50 151552 ----a-r- c:\documents and settings\UserXP\Application Data\Microsoft\Installer\{B0BA3B99-16C9-4027-BEAE-4444E266749E}\ARPPRODUCTICON.exe
2009-11-08 01:56 . 2009-09-28 09:26 45056 ----a-r- c:\documents and settings\UserXP\Application Data\Microsoft\Installer\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}\NewShortcut2_DF0CCA89BE294B7D9A229DB872E01239.exe
2009-11-08 01:56 . 2009-09-28 09:26 40960 ----a-r- c:\documents and settings\UserXP\Application Data\Microsoft\Installer\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}\NewShortcut8_DF0CCA89BE294B7D9A229DB872E01239.exe
2009-10-20 06:38 . 2009-09-28 11:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 13:07 . 2009-10-12 13:07 -------- d-----w- c:\documents and settings\UserXP\Application Data\Malwarebytes
2009-10-12 13:07 . 2009-10-12 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 13:06 . 2009-10-12 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-08 17:48 . 2009-10-08 17:48 -------- d-----w- c:\program files\gBurner
2009-10-08 06:52 . 2009-09-28 09:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 06:50 . 2009-10-08 06:50 -------- d-----w- c:\program files\Philips Semiconductors
2009-10-05 16:26 . 2009-10-05 16:26 -------- d-----w- c:\program files\YouTube Downloader
2009-10-05 16:16 . 2009-10-05 16:16 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-10-05 16:16 . 2009-10-02 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-05 15:30 . 2009-10-01 21:59 67768 ----a-w- c:\documents and settings\UserXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 15:25 . 2009-10-05 14:12 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 14:12 . 2009-10-05 14:12 -------- d-----w- c:\program files\Common Files\L&H
2009-10-05 14:12 . 2009-10-05 14:12 -------- d-----w- c:\program files\Microsoft.NET
2009-10-05 14:12 . 2009-10-05 14:12 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-05 14:07 . 2009-10-05 10:04 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-05 14:07 . 2009-10-05 10:05 -------- d-----w- c:\documents and settings\UserXP\Application Data\OpenOffice.org2
2009-10-05 10:06 . 2009-10-05 10:06 1 ----a-w- c:\documents and settings\UserXP\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-10-04 14:28 . 2009-10-04 14:28 -------- d-----w- c:\program files\Alarm Clock
2009-10-04 11:12 . 2009-10-04 11:12 -------- d-----w- c:\documents and settings\UserXP\Application Data\WordWeb
2009-10-04 10:43 . 2009-10-04 10:43 -------- d-----w- c:\program files\WordWeb
2009-10-04 04:14 . 2009-10-04 04:14 -------- d-----w- c:\program files\ETS
2009-10-03 18:14 . 2009-10-03 18:14 -------- d-----w- c:\documents and settings\UserXP\Application Data\vlc
2009-10-03 17:02 . 2009-10-03 17:02 -------- d-----w- c:\program files\VideoLAN
2009-10-03 15:54 . 2009-10-03 13:08 -------- d-----w- c:\documents and settings\UserXP\Application Data\Download Manager
2009-10-03 09:00 . 2009-10-03 09:00 -------- d-----w- c:\program files\Review
2009-10-03 08:50 . 2009-10-03 08:44 -------- d-----w- c:\program files\Kap.GRE
2009-10-02 19:31 . 2009-10-02 19:31 -------- d-----w- c:\program files\Google
2009-10-02 16:51 . 2009-10-02 16:50 83456 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-10-02 16:30 . 2009-10-02 16:27 -------- d-----w- c:\program files\DAP
2009-10-02 13:34 . 2009-10-02 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-02 13:29 . 2009-10-01 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-01 21:59 . 2009-10-01 21:59 -------- d-----w- c:\program files\IPMsg
2009-10-01 14:37 . 2009-10-01 14:37 -------- d-----w- c:\documents and settings\UserXP\Application Data\Foxit
2009-10-01 14:37 . 2009-10-01 14:37 -------- d-----w- c:\program files\Foxit Software
2009-09-30 17:54 . 2009-09-28 09:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-30 01:00 . 2009-09-29 01:56 -------- d-----w- c:\program files\LanSurfer
2009-09-30 00:57 . 2009-09-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-09-30 00:57 . 2009-09-30 00:57 -------- d-----w- c:\documents and settings\UserXP\Application Data\GRETECH
2009-09-30 00:57 . 2009-09-30 00:57 -------- d-----w- c:\program files\GRETECH
2009-09-29 12:05 . 2009-09-29 12:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 12:02 . 2009-09-29 12:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 11:56 . 2009-09-29 11:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-28 19:30 . 2009-09-28 19:30 -------- d-----w- c:\documents and settings\UserXP\Application Data\Media Player Classic
2009-09-28 19:30 . 2009-09-28 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-28 19:29 . 2009-09-28 19:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-28 09:35 . 2009-09-28 09:35 -------- d-----w- c:\program files\VMware
2009-09-28 09:35 . 2009-09-28 09:35 -------- d-----w- c:\program files\Common Files\VMware
2009-09-28 09:29 . 2009-09-28 09:29 -------- d-----w- c:\program files\WIDCOMM
2009-09-28 09:26 . 2009-09-28 09:26 -------- d-----w- c:\program files\HP PCMCIA Smart Card Reader
2009-09-28 09:26 . 2009-09-28 09:26 -------- d-----w- c:\program files\SCM Microsystems driver
2009-09-28 09:22 . 2009-09-28 09:22 -------- d-----w- c:\program files\Intel
2009-09-28 09:20 . 2009-09-28 09:20 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-28 09:20 . 2009-09-28 09:20 -------- d-----w- c:\program files\Broadcom
2009-09-28 09:20 . 2009-09-28 09:20 -------- d-----w- c:\documents and settings\UserXP\Application Data\InstallShield
2009-09-28 09:14 . 2009-09-28 09:14 -------- d-----w- c:\program files\Analog Devices
2009-09-28 09:13 . 2009-09-28 09:13 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-28 09:05 . 2009-09-28 09:05 -------- d-----w- c:\program files\microsoft frontpage
2009-09-28 09:00 . 2009-09-28 09:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-10 12:54 . 2009-10-12 13:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-10-12 13:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-10-02 2803200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 149280]

c:\documents and settings\UserXP\Start Menu\Programs\Startup\
IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2009-10-2 159744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-20 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-10-4 42168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IPMsg\\ipmsg.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Xilinx91i\\bin\\nt\\_fpga_editor.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/29/2009 5:32 PM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/29/2009 5:35 PM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/29/2009 5:33 PM 735960]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/28/2009 2:56 PM 33024]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyServer = 192.168.10.14:808
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 22:02
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-11-14 22:04
ComboFix-quarantined-files.txt 2009-11-14 16:33

Pre-Run: 17,707,671,552 bytes free
Post-Run: 17,886,167,040 bytes free

- - End Of File - - 7B9F06492C737976BA1AF56DA8FAD887



Log 2:

ComboFix 09-11-15.01 - UserXP 11/15/2009 9:19..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1345 [GMT 5.5:30]
Running from: c:\documents and settings\UserXP\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-11 08:31 . 2009-11-14 16:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\MathWorks
2009-11-11 05:12 . 2009-11-14 16:15 -------- d-----w- c:\documents and settings\UserXP\Application Data\MathWorks
2009-11-10 02:28 . 2009-11-10 02:29 -------- d-----w- c:\documents and settings\UserXP\tmpfcman
2009-11-08 14:20 . 2009-11-08 14:38 -------- d-----w- C:\Triton
2009-11-08 13:28 . 2009-11-08 13:28 0 ---ha-w- c:\windows\msds.dat
2009-11-08 13:26 . 2009-11-08 13:28 -------- d-----w- C:\RIDE
2009-11-08 13:26 . 2009-11-08 13:26 36352 ----a-w- c:\windows\system32\SX32W.DLL
2009-11-08 13:26 . 2009-11-08 13:26 211488 ----a-w- c:\windows\system32\bwcc32.dll
2009-11-08 13:26 . 2009-11-08 13:26 135680 ----a-w- c:\windows\system32\crypto32.dll
2009-11-07 15:12 . 2009-11-07 15:12 -------- d-----w- c:\windows\Sun
2009-11-07 15:10 . 2009-11-07 15:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-07 15:10 . 2009-11-07 15:10 -------- d-----w- c:\program files\Java
2009-11-06 07:56 . 2009-11-06 07:56 -------- d-----w- c:\windows\system32\Logfiles
2009-11-06 07:56 . 2009-11-06 07:56 -------- d-----w- C:\Inetpub
2009-11-01 14:54 . 2009-11-01 14:54 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-29 08:50 . 2009-10-29 08:50 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Application Data\Identities
2009-10-29 07:28 . 2009-10-29 07:28 -------- d-----w- c:\program files\ESET
2009-10-22 16:27 . 2009-10-22 16:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-21 16:22 . 2009-10-21 16:22 -------- d-----w- c:\program files\Rhymesaurus
2009-10-19 13:08 . 2009-10-19 13:08 -------- d-----w- c:\program files\MICROWIND Lite
2009-10-19 13:07 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe
2009-10-19 07:56 . 2009-10-19 08:02 -------- d-----w- c:\documents and settings\UserXP\Application Data\Desktop Sidebar
2009-10-19 07:55 . 2009-10-19 07:55 -------- d-----w- c:\program files\Desktop Sidebar
2009-10-18 21:14 . 2001-08-17 11:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-10-18 21:14 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 16:25 . 2009-10-02 16:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-14 15:16 . 2009-09-28 09:39 -------- d-----w- c:\documents and settings\UserXP\Application Data\VMware
2009-11-14 15:16 . 2009-09-28 09:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-11-14 15:16 . 2009-09-28 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-11-10 02:17 . 2009-11-10 02:17 -------- d-----w- c:\program files\Trial123PDFConverter
2009-11-08 01:56 . 2009-10-08 06:50 40960 ----a-r- c:\documents and settings\UserXP\Application Data\Microsoft\Installer\{B0BA3B99-16C9-4027-BEAE-4444E266749E}\LPC210x_ISP.exe_B60B0D3157BA46A8AB5FD037240E063F.exe
2009-11-08 01:56 . 2009-10-08 06:50 151552 ----a-r- c:\documents and settings\UserXP\Application Data\Microsoft\Installer\{B0BA3B99-16C9-4027-BEAE-4444E266749E}\ARPPRODUCTICON.exe
2009-11-08 01:56 . 2009-09-28 09:26 45056 ----a-r- c:\documents and settings\UserXP\Application Data\Microsoft\Installer\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}\NewShortcut2_DF0CCA89BE294B7D9A229DB872E01239.exe
2009-11-08 01:56 . 2009-09-28 09:26 40960 ----a-r- c:\documents and settings\UserXP\Application Data\Microsoft\Installer\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}\NewShortcut8_DF0CCA89BE294B7D9A229DB872E01239.exe
2009-10-20 06:38 . 2009-09-28 11:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 13:07 . 2009-10-12 13:07 -------- d-----w- c:\documents and settings\UserXP\Application Data\Malwarebytes
2009-10-12 13:07 . 2009-10-12 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 13:06 . 2009-10-12 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-08 17:48 . 2009-10-08 17:48 -------- d-----w- c:\program files\gBurner
2009-10-08 06:52 . 2009-09-28 09:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 06:50 . 2009-10-08 06:50 -------- d-----w- c:\program files\Philips Semiconductors
2009-10-05 16:26 . 2009-10-05 16:26 -------- d-----w- c:\program files\YouTube Downloader
2009-10-05 16:16 . 2009-10-05 16:16 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-10-05 16:16 . 2009-10-02 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-05 15:30 . 2009-10-01 21:59 67768 ----a-w- c:\documents and settings\UserXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 15:25 . 2009-10-05 14:12 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 14:12 . 2009-10-05 14:12 -------- d-----w- c:\program files\Common Files\L&H
2009-10-05 14:12 . 2009-10-05 14:12 -------- d-----w- c:\program files\Microsoft.NET
2009-10-05 14:12 . 2009-10-05 14:12 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-05 14:07 . 2009-10-05 10:04 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-05 14:07 . 2009-10-05 10:05 -------- d-----w- c:\documents and settings\UserXP\Application Data\OpenOffice.org2
2009-10-05 10:06 . 2009-10-05 10:06 1 ----a-w- c:\documents and settings\UserXP\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-10-04 14:28 . 2009-10-04 14:28 -------- d-----w- c:\program files\Alarm Clock
2009-10-04 11:12 . 2009-10-04 11:12 -------- d-----w- c:\documents and settings\UserXP\Application Data\WordWeb
2009-10-04 10:43 . 2009-10-04 10:43 -------- d-----w- c:\program files\WordWeb
2009-10-04 04:14 . 2009-10-04 04:14 -------- d-----w- c:\program files\ETS
2009-10-03 18:14 . 2009-10-03 18:14 -------- d-----w- c:\documents and settings\UserXP\Application Data\vlc
2009-10-03 17:02 . 2009-10-03 17:02 -------- d-----w- c:\program files\VideoLAN
2009-10-03 15:54 . 2009-10-03 13:08 -------- d-----w- c:\documents and settings\UserXP\Application Data\Download Manager
2009-10-03 09:00 . 2009-10-03 09:00 -------- d-----w- c:\program files\Review
2009-10-03 08:50 . 2009-10-03 08:44 -------- d-----w- c:\program files\Kap.GRE
2009-10-02 19:31 . 2009-10-02 19:31 -------- d-----w- c:\program files\Google
2009-10-02 16:51 . 2009-10-02 16:50 83456 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-10-02 16:30 . 2009-10-02 16:27 -------- d-----w- c:\program files\DAP
2009-10-02 13:34 . 2009-10-02 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-02 13:29 . 2009-10-01 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-01 21:59 . 2009-10-01 21:59 -------- d-----w- c:\program files\IPMsg
2009-10-01 14:37 . 2009-10-01 14:37 -------- d-----w- c:\documents and settings\UserXP\Application Data\Foxit
2009-10-01 14:37 . 2009-10-01 14:37 -------- d-----w- c:\program files\Foxit Software
2009-09-30 17:54 . 2009-09-28 09:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-30 01:00 . 2009-09-29 01:56 -------- d-----w- c:\program files\LanSurfer
2009-09-30 00:57 . 2009-09-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-09-30 00:57 . 2009-09-30 00:57 -------- d-----w- c:\documents and settings\UserXP\Application Data\GRETECH
2009-09-30 00:57 . 2009-09-30 00:57 -------- d-----w- c:\program files\GRETECH
2009-09-29 12:05 . 2009-09-29 12:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 12:02 . 2009-09-29 12:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 11:56 . 2009-09-29 11:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-28 19:30 . 2009-09-28 19:30 -------- d-----w- c:\documents and settings\UserXP\Application Data\Media Player Classic
2009-09-28 19:30 . 2009-09-28 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-28 19:29 . 2009-09-28 19:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-28 09:35 . 2009-09-28 09:35 -------- d-----w- c:\program files\VMware
2009-09-28 09:35 . 2009-09-28 09:35 -------- d-----w- c:\program files\Common Files\VMware
2009-09-28 09:29 . 2009-09-28 09:29 -------- d-----w- c:\program files\WIDCOMM
2009-09-28 09:26 . 2009-09-28 09:26 -------- d-----w- c:\program files\HP PCMCIA Smart Card Reader
2009-09-28 09:26 . 2009-09-28 09:26 -------- d-----w- c:\program files\SCM Microsystems driver
2009-09-28 09:22 . 2009-09-28 09:22 -------- d-----w- c:\program files\Intel
2009-09-28 09:20 . 2009-09-28 09:20 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-28 09:20 . 2009-09-28 09:20 -------- d-----w- c:\program files\Broadcom
2009-09-28 09:20 . 2009-09-28 09:20 -------- d-----w- c:\documents and settings\UserXP\Application Data\InstallShield
2009-09-28 09:14 . 2009-09-28 09:14 -------- d-----w- c:\program files\Analog Devices
2009-09-28 09:13 . 2009-09-28 09:13 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-28 09:05 . 2009-09-28 09:05 -------- d-----w- c:\program files\microsoft frontpage
2009-09-28 09:00 . 2009-09-28 09:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-10 12:54 . 2009-10-12 13:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-10-12 13:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-10-02 2803200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 149280]

c:\documents and settings\UserXP\Start Menu\Programs\Startup\
IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2009-10-2 159744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-20 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-10-4 42168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IPMsg\\ipmsg.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Xilinx91i\\bin\\nt\\_fpga_editor.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/29/2009 5:32 PM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/29/2009 5:35 PM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/29/2009 5:33 PM 735960]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/28/2009 2:56 PM 33024]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyServer = 192.168.10.14:808
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-15 09:25
ComboFix-quarantined-files.txt 2009-11-15 03:54
ComboFix2.txt 2009-11-14 16:34

Pre-Run: 17,896,464,384 bytes free
Post-Run: 17,866,579,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="USB Repair NOT to Start Microsoft Windows XP Professional" /noexecute=optin /fastdetect /debug = optin

- - End Of File - - 7C5DD6E5782A63930C9917AA931CC0CF

thanks
jolene :)
  • 0

#30
azarl
Posted 15 November 2009 - 06:44 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Thanks for that

I'll go through the log - back later
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP