Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 2:54am
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   trojan & worm problem, hjt log posted		 « Previous topic | Next topic »
Pages: 1 2 3  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: trojan & worm problem, hjt log posted  (Read 360 times)
jimmyfishcake
Newbie
*





   


Posts: 26
trojan & worm problem, hjt log posted
« on: Apr 22nd, 2008, 11:51pm »		 Quote Quote  Modify Modify
hi, i did a scan with avg & found the following:
 
worm.vb.fi  
trojan.vb.aqt  
 
i put them in quarantine & havent seen them since.
 
i also did a scan with trojanhunter & found the following:
 
Generic.LdPinch.A  
Riskware.PSKill.102
Trojandownloader.AutoIt.102
 
they havent been back either.
 
the problem is i am no longer in control of my internet, i am currently on a laptop as I cant use the internet on my pc.
 
i have run the program lspfix & nothing has changed.
 
here is my hjt log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:30, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\PKR\pkrpal.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\nwiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PKR\pkrpal_update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Digital Microscope
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/clien t/wuweb_site.cab?1204245306612
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
--
End of file - 9650 bytes
 
i noticed when i transfered this log file to my laptop via sd card, the laptop came up with a warning that it detected a trojan.vb, i think it means it was on the sd card. (i deleted it) does this mean the trojan is sneaking around ?
 
 
any help would be appreciated.
 
jf
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: trojan & worm problem, hjt log posted
« Reply #1 on: Apr 23rd, 2008, 12:25am »		 Quote Quote  Modify Modify
Welcome to the forum jimmyfishcake.
 
Nothing definitive is showing up in your HJT scan log.  Would you please try this:
 
Would you please download a copy of the latest free version of SuperAntiSpyware via your other computer and install it on the computer that is acting up.  
 
http://www.superantispyware.com/  
 
Hopefully it can connect to its update server and obtain the latest definitions and rules.  If it cannot, go to the manual download page (via your functioning computer) and download the core and trace definitions.  Then install them on the infected computer.  On the bottom of the manual update webpage, it explains how to manually install the definitions.  
 
http://www.superantispyware.com/definitions.html  
 
Then:  
 
1.  Reboot into SAFE MODE  
 
2.  Run a Full System scan using SuperAntiSpyware.  Let it fix what it finds.  
 
3.  Reboot back into Normal Mode.  
 
4.  In SuperAntispyware, go to Preferences> Repairs tab  
 
5.  Run the "Repair Broken Network Connection" tool.  
 
6.  Reboot and see if the Internet problem is corrected.    
 
7.  Post back here a copy of the SAS scan log  
 
8.  Post a new HJT log
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
jimmyfishcake
Newbie
*





   


Posts: 26
Re: trojan & worm problem, hjt log posted
« Reply #2 on: Apr 24th, 2008, 4:09pm »		 Quote Quote  Modify Modify
hi, thanks for your fast reply, unfortunately i have been unable to boot into safemode. i have tried over a hundred times using the f8 method & its not working, what i get everytime is a box with options on which drive i want to use to boot from. do i keep trying ?
i have also tried to access safemode using the msconfig method but nothing happens.
 
is there another way to reboot into safemode ?
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: trojan & worm problem, hjt log posted
« Reply #3 on: Apr 25th, 2008, 1:24am »		 Quote Quote  Modify Modify
Quote:
is there another way to reboot into safemode ?  

 
Hmmm...not that I am aware of.  
 
Try doing the SuperAntispyware instructions in Normal Mode.  It should work okay.  
 
Here is some guidance on how to fix your SAFE MODE problem.
 
Run SFC /scannow.  You need your Windows installation CD for this
 
-  Put your Windows installation CD in the CD drive
 
-  Go to START>RUN and type in    sfc /scannow
(Note that there is a space before /scannow)
 
-  Click on Ok
 
-  SFC will replace any corrupt Windows files on your system which should fix the inability to get into SAFE MODE
 
-  After SFC completes, reboot and see if you can get into SAFE MODE.
 
OR  
 
Use the freebie BootSafe from SuperAdBlocker
 
http://www.superadblocker.com/bootsafe.html
 
OR
 
Here is a fixer that works-  Safe Mode Fixer
 
http://www.moonvalleysoft.com/product_info.php?products_id=29&osCsid =4119524bac435622a3f06de48b5477dd
 
« Last Edit: Apr 25th, 2008, 1:42am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
jimmyfishcake
Newbie
*





   


Posts: 26
Re: trojan & worm problem, hjt log posted
« Reply #4 on: Apr 25th, 2008, 1:20pm »		 Quote Quote  Modify Modify
hi, i managed to reboot into safe mode using bootsafe.
 
i ran the "Repair Broken Network Connection" tool but it has not
fixed my connection problems.
 
i also have a black box appearing randomly on my screen now which says dl.exe.
 
the sas scan found nothing
 
hopefully things are better than they look to me.
 
here are the log files as requested:
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 04/26/2008 at 05:41 AM
 
Application Version : 4.0.1154
 
Core Rules Database Version : 3447
Trace Rules Database Version: 1439
 
Scan type  : Complete Scan
Total Scan Time : 00:25:41
 
Memory items scanned : 169
Memory threats detected   : 0
Registry items scanned    : 4230
Registry threats detected : 0
File items scanned   : 9546
File threats detected     : 0
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:14:48, on 26/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nwiz.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\PKR\pkrpal.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Digital Microscope
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/clien t/wuweb_site.cab?1204245306612
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
--
End of file - 9771 bytes
 
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: trojan & worm problem, hjt log posted
« Reply #5 on: Apr 26th, 2008, 2:05am »		 Quote Quote  Modify Modify
Would you clarify something, please.  Is it just IE7 that cannot reach websites?  Can your programs that have a LiveUpdate such as your security programs connect and download their updates?  I'm trying to determine if the internet socket is broken or it's just IE7.  
 
Your HJT log is not showing anything malicious.
 
But, the presence of dl.exe is not a good sign.  One version of this executable is a mass mailing worm.  Would you please:
 
1.  Download Dr. Web Cureit with your laptop and then put it on the desktop of the malfunctioning system.
 
http://www.freedrweb.com/
 
2.  Update the definitions of TrojanHunter.  If you need to this manually, please go to the link below to obtain the latest updates.  
 
http://www.misec.net/trojanhunter/updating/
 
3.  Reboot into SAFE MODE.
 
4.  Run a full system scan with TrojanHunter.  Let it quarantine what it finds.
 
5.  Run a full system scan with Cureit.  Let it quarantine what it finds.  
 
6.  Reboot back into Normal Mode.
 
7.  Post back here the scan log from Dr. Web and TrojanHunter
 
8.  Also, is dl.exe still popping up after these two scanners have done their work?
« Last Edit: Apr 26th, 2008, 4:36am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
jimmyfishcake
Newbie
*





   


Posts: 26
Re: trojan & worm problem, hjt log posted
« Reply #6 on: Apr 27th, 2008, 1:58pm »		 Quote Quote  Modify Modify
hi, no its not just IE7, its all programs that use internet.
 
sorry for slow reply, i have had a problem with the infected computer turning itself off whilst completing your instuctions. i would be in the middle of a scan & it would switch off suddenly & without warning. this happened numerous times during the cureit scan until finally earlier this evening i was able to complete a scan.
 
hopefully we are getting somewhere now, the trojanhunter scan returned nothing however drweb has found over 1200 items.  
here are the 2 scan logs as per your last advice:
 
TrojanHunter Scan Report - Saved 2008-04-27 05:50
 
Error: Directory not found: C:\Documents and Settings\Administrator\My Documents\NetXfer\icons\Blacks_pack__Tuxn_pack\Blacks_pack_+Tuxn_pack\?? Huh Huh??
Error: Directory not found: C:\Documents and Settings\Administrator\My Documents\NetXfer\icons\Blacks_pack__Tuxn_pack\Blacks_pack_+Tuxn_pack\?? Huh Huh??
Error: Directory not found: C:\Documents and Settings\Administrator\My Documents\NetXfer\icons\Grey__Brushed__pack\Grey_(Brushed)_pack\Icons Inside_Huh??
Error: Directory not found: C:\Documents and Settings\Administrator\My Documents\NetXfer\icons\Grey__Brushed__pack\Grey_(Brushed)_pack\Icons Inside_Huh??
Error: Directory not found: C:\Documents and Settings\Administrator\My Documents\NetXfer\icons\Jaguar_pack\Jaguar_pack\Huh?? Huh??
Error: Directory not found: C:\Documents and Settings\Administrator\My Documents\NetXfer\icons\Jaguar_pack\Jaguar_pack\Huh?? Huh??
 
cureit scan log:
 
rapimgr.exe;c:\program files\microsoft activesync;Win32.Gael.3666;Cured.;
ctfmon.exe;g:\recycled;Trojan.Recycle;Deleted.;
FlashGot.exe;C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g0m1z8r9.default;Win32.Gael.3666;Cured.;
BootSafe(2).exe;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
DriverDetective.exe;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
HiJackThis.exe;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
optioxp.exe;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
PartyPokerSetup.exe;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
Scarface.exe;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
SETUP.EXE;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
SuperAdBlocker.exe;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
TexasCalcSetup.exe;C:\Documents and Settings\Administrator\Desktop;Win32.Gael.3666;Cured.;
NXSetup_Vista(x86).exe;C:\Documents and Settings\Administrator\Desktop\NXSetup_Vista(x86);Win32.Gael.3666;Cured. ;
5.05.54.00_ntune_winxp_international.exe;C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts;Win32.Gael.3666;Cured.;
StreamPlug_installer.exe;C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts;Win32.Gael.3666;Cured.;
LSPFix.exe;C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts\LSPFIX;Win32.Gael.3666;Cured.;
Setup.exe;C:\Documents and Settings\Administrator\Desktop\USB2_link_and_network_drivers\Documents and Settings\SarJen Mobile\Desktop\USB2;Win32.Gael.3666;Cured.;
InstallUI.exe;C:\Documents and Settings\Administrator\Desktop\USB2_link_and_network_drivers\Documents and Settings\SarJen Mobile\Desktop\USB2;Win32.Gael.3666;Cured.;
SNETCFG.EXE;C:\Documents and Settings\Administrator\Desktop\USB2_link_and_network_drivers\Documents and Settings\SarJen Mobile\Desktop\USB2;Win32.Gael.3666;Cured.;
SuperLink.exe;C:\Documents and Settings\Administrator\Desktop\USB2_link_and_network_drivers\Documents and Settings\SarJen Mobile\Desktop\USB2;Win32.Gael.3666;Cured.;
Superlink.exe;C:\Documents and Settings\Administrator\Desktop\USB2_link_and_network_drivers\Documents and Settings\SarJen Mobile\Desktop\USB2;Win32.Gael.3666;Cured.;
BridgeSwitch.exe;C:\Documents and Settings\Administrator\Desktop\USB2_link_and_network_drivers\Documents and Settings\SarJen Mobile\Desktop\USB2;Win32.Gael.3666;Cured.;
SAUPDATE.EXE;C:\Documents and Settings\Administrator\Local Settings\Temp;Win32.Gael.3666;Cured.;
SSUPDATE.EXE;C:\Documents and Settings\Administrator\Local Settings\Temp;Win32.Gael.3666;Cured.;
InstallUI.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\install temp;Win32.Gael.3666;Cured.;
install.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\IS1A8.tmp;Win32.Gael.3666;Cured.;
setup.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0;Win32.Gael.3666;Cured.;
_start.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0;Win32.Gael.3666;Cured.;
setup.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX1;Win32.Gael.3666;Cured.;
_start.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX1;Win32.Gael.3666;Cured.;
setup.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX2;Win32.Gael.3666;Cured.;
_start.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX2;Win32.Gael.3666;Cured.;
setup.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX3;Win32.Gael.3666;Cured.;
_start.exe;C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX3;Win32.Gael.3666;Cured.;
SETUP.EXE;C:\Documents and Settings\Administrator\Local Settings\Temp\_PegEx~1;Win32.Gael.3666;Cured.;
Firefox Setup 2.0.0.12.exe;C:\Documents and Settings\Administrator\My Documents;Win32.Gael.3666;Cured.;
AA283FullInstaller.exe;C:\Documents and Settings\Administrator\My Documents\NetXfer;Win32.Gael.3666;Cured.;
AdbeRdr812_en_US.exe;C:\Documents and Settings\Administrator\My Documents\NetXfer;Win32.Gael.3666;Cured.;
klmcodec380.exe;C:\Documents and Settings\Administrator\My Documents\NetXfer;Win32.Gael.3666;Cured.;
SagaInstaller.exe;C:\Documents and Settings\Administrator\My Documents\NetXfer;Win32.Gael.3666;Cured.;
FullTiltPokerSetup.exe;C:\Documents and Settings\Administrator\My Documents\NetXfer\High Stakes Poker S03E13 Final ep XviD plus fulltilt bot\Free Poke;Win32.Gael.3666;Cured.;
HoldemIndicatorProSetup.exe;C:\Documents and Settings\Administrator\My Documents\NetXfer\High Stakes Poker S03E13 Final ep XviD plus fulltilt bot\Free Poke;Win32.Gael.3666;Cured.;
AveIcon.exe;C:\Documents and Settings\Administrator\My Documents\NetXfer\icons\Skull_Icons\Skull_Icons\aveicon (PNG 2 Ico converter);Win32.Gael.3666;Cured.;
RegUBP2b-Administrator.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
CarbonPokerInstaller.exe;C:\Program Files;Win32.Gael.3666;Cured.;
FullcakeSetup.1.0.94.exe;C:\Program Files;Win32.Gael.3666;Cured.;
7z.exe;C:\Program Files\7-Zip;Win32.Gael.3666;Cured.;
7zFM.exe;C:\Program Files\7-Zip;Win32.Gael.3666;Cured.;
7zG.exe;C:\Program Files\7-Zip;Win32.Gael.3666;Cured.;
Uninstall.exe;C:\Program Files\7-Zip;Win32.Gael.3666;Cured.;
a2cmd.exe;C:\Program Files\a-squared Anti-Malware;Win32.Gael.3666;Cured.;
a2guard.exe;C:\Program Files\a-squared Anti-Malware;Win32.Gael.3666;Cured.;
a2HiJackFree.exe;C:\Program Files\a-squared Anti-Malware;Win32.Gael.3666;Cured.;
a2scan.exe;C:\Program Files\a-squared Anti-Malware;Win32.Gael.3666;Cured.;
a2start.exe;C:\Program Files\a-squared Anti-Malware;Win32.Gael.3666;Cured.;
a2upd.exe;C:\Program Files\a-squared Anti-Malware;Win32.Gael.3666;Cured.;
a2wizard.exe;C:\Program Files\a-squared Anti-Malware;Win32.Gael.3666;Cured.;
unins000.exe;C:\Program Files\a-squared Anti-Malware;Win32.Gael.3666;Cured.;
AcroRd32.exe;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Gael.3666;Cured.;
AcroRd32Info.exe;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Gael.3666;Cured.;
AdobeCollabSync.exe;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Gael.3666;Cured.;
AdobeUpdateCheck.exe;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Gael.3666;Cured.;
PDFPrevHndlrShim.exe;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Gael.3666;Cured.;
Setup.exe;C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81200000003};Win32.Gael.3666;Cured.;
PnkBstrB.exe;C:\Program Files\America's Army\System\pb;Win32.Gael.3666;Cured.;
DeepBurner.exe;C:\Program Files\Astonsoft\DeepBurner;Win32.Gael.3666;Cured.;
Uninstall.exe;C:\Program Files\Astonsoft\DeepBurner;Win32.Gael.3666;Cured.;
cdrun.exe;C:\Program Files\Astonsoft\DeepBurner\Autorun;Win32.Gael.3666;Cured.;
spywarescanner.exe;C:\Program Files\Bazooka Scanner;Win32.Gael.3666;Cured.;
Uninstall.exe;C:\Program Files\Bazooka Scanner;Win32.Gael.3666;Cured.;
cake.exe;C:\Program Files\Cake Poker;Win32.Gael.3666;Cured.;
uninstall.exe;C:\Program Files\Cake Poker;Win32.Gael.3666;Cured.;
CCleaner.exe;C:\Program Files\CCleaner;Win32.Gael.3666;Cured.;
uninst.exe;C:\Program Files\CCleaner;Win32.Gael.3666;Cured.;
SP.exe;C:\Program Files\Cedelia\StreamPlug;Win32.Gael.3666;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Gael.3666;Cured.;
IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Gael.3666;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Gael.3666;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32;Win32.Gael.3666;Cured.;
IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32;Win32.Gael.3666;Cured.;
DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32;Win32.Gael.3666;C ured.;
IP Logged
jimmyfishcake
Newbie
*





   


Posts: 26
Re: trojan & worm problem, hjt log posted
« Reply #7 on: Apr 27th, 2008, 2:01pm »		 Quote Quote  Modify Modify
cureit scan log contd.
 
agent.exe;C:\Program Files\Common Files\InstallShield\UpdateService;Win32.Gael.3666;Cured.;
launcher.exe;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05;Win32.Gael.3666;Cured.;
patchjre.exe;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05;Win32.Gael.3666;Cured.;
zipper.exe;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05;Win32.Gael.3666;Cured.;
launcher.exe;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Gael.3666;Cured.;
patchjre.exe;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Gael.3666;Cured.;
zipper.exe;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Gael.3666;Cured.;
FltrInst.exe;C:\Program Files\Common Files\LogiShrd\KAudP;Win32.Gael.3666;Cured.;
COCIManager.exe;C:\Program Files\Common Files\LogiShrd\LQCVFX;Win32.Gael.3666;Cured.;
HWRendererTest.exe;C:\Program Files\Common Files\LogiShrd\LQCVFX;Win32.Gael.3666;Cured.;
ModelFileHandler.exe;C:\Program Files\Common Files\LogiShrd\LQCVFX;Win32.Gael.3666;Cured.;
VideoEffectsPerfMon.exe;C:\Program Files\Common Files\LogiShrd\LQCVFX;Win32.Gael.3666;Cured.;
fltrinst.exe;C:\Program Files\Common Files\LogiShrd\LVMVFM;Win32.Gael.3666;Cured.;
UMVPLChainUpdater.exe;C:\Program Files\Common Files\LogiShrd\LVMVFM;Win32.Gael.3666;Cured.;
fltrinst.exe;C:\Program Files\Common Files\LogiShrd\MV;Win32.Gael.3666;Cured.;
DW20.EXE;C:\Program Files\Common Files\Microsoft Shared\DW;Win32.Gael.3666;Cured.;
DWTRIG20.EXE;C:\Program Files\Common Files\Microsoft Shared\DW;Win32.Gael.3666;Cured.;
InkForm.exe;C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms;Win32.Gael.3666;Cured.;
VoiceFrm.exe;C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms;Win32.Gael.3666;Cured.;
sapisvr.exe;C:\Program Files\Common Files\Microsoft Shared\Speech;Win32.Gael.3666;Cured.;
CTAudSeu.exe;C:\Program Files\Creative\Audio Device Selection Unicode;Win32.Gael.3666;Cured.;
InetReg.exe;C:\Program Files\Creative\Product Registration\English;Win32.Gael.3666;Cured.;
RegFlash.exe;C:\Program Files\Creative\Product Registration\English;Win32.Gael.3666;Cured.;
CTRegSvr.exe;C:\Program Files\Creative\Shared Files;Win32.Gael.3666;Cured.;
CTRegSvu.exe;C:\Program Files\Creative\Shared Files;Win32.Gael.3666;Cured.;
CTSched.exe;C:\Program Files\Creative\Shared Files;Win32.Gael.3666;Cured.;
AutoUpdate.exe;C:\Program Files\Creative\Shared Files\Software Update;Win32.Gael.3666;Cured.;
CTSURun.exe;C:\Program Files\Creative\Shared Files\Software Update;Win32.Gael.3666;Cured.;
NotiMan.exe;C:\Program Files\Creative\ShareDLL\CADI;Win32.Gael.3666;Cured.;
XFXA_PCDRV_LB_1_04_0078.exe;C:\Program Files\Creative\Software Update\cache\Creative Sound Blaster X-Fi Xtreme Audio Pack 1.04.0078__;Win32.Gael.3666;Cured.;
CTAudCS.exe;C:\Program Files\Creative\Sound Blaster X-Fi\AudioCS;Win32.Gael.3666;Cured.;
ConsoLCu.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher;Win32.Gael.3666;Cured.;
CTAPR2.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher;Win32.Gael.3666;Cured.;
CTRegSvu.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher;Win32.Gael.3666;Cured.;
MdSwtchu.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher;Win32.Gael.3666;Cured.;
diagnos3.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Diagnostics;Win32.Gael.3666;Cured.;
GetPDVD.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Get PowerDVD;Win32.Gael.3666;Cured.;
PDVDupg.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Get PowerDVD;Win32.Gael.3666;Cured.;
Setup.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Program;Win32.Gael.3666;Cured.;
setup.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Program\support\amd64;Win32.Gael.3666;Cured.;
setup.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Program\support\i386;Win32.Gael.3666;Cured.;
OALInst.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Program\wdm\AddOn;Win32.Gael.3666;Cured.;
resdef.exe;C:\Program Files\Creative\Sound Blaster X-Fi\Program\wdm\Common;Win32.Gael.3666;Cured.;
sfbm.exe;C:\Program Files\Creative\Sound Blaster X-Fi\SFBM;Win32.Gael.3666;Cured.;
CTSI.exe;C:\Program Files\Creative\Support\System Information;Win32.Gael.3666;Cured.;
GsiInst.exe;C:\Program Files\D-Link\DSL-200;Win32.Gael.3666;Cured.;
uninstall.exe;C:\Program Files\D-Link\DSL-200;Win32.Gael.3666;Cured.;
setup.exe;C:\Program Files\demoxi\identity\0.8.1.694;Win32.Gael.3666;Cured.;
DivXBundleUninstall.exe;C:\Program Files\DivX;Win32.Gael.3666;Cured.;
DivXContentUploaderUninstall.exe;C:\Program Files\DivX;Win32.Gael.3666;Cured.;
DivXConverterUninstall.exe;C:\Program Files\DivX;Win32.Gael.3666;Cured.;
DivXPlayerUninstall.exe;C:\Program Files\DivX;Win32.Gael.3666;Cured.;
DivXWebPlayerUninstall.exe;C:\Program Files\DivX;Win32.Gael.3666;Cured.;
Converter.exe;C:\Program Files\DivX\DivX Converter;Win32.Gael.3666;Cured.;
DivX Player.exe;C:\Program Files\DivX\DivX Player;Win32.Gael.3666;Cured.;
freefixer.exe;C:\Program Files\FreeFixer;Win32.Gael.3666;Cured.;
Uninstall.exe;C:\Program Files\FreeFixer;Win32.Gael.3666;Cured.;
ffnd.exe;C:\Program Files\FreeFixer\tools\ffnd;Win32.Gael.3666;Cured.;
Uninstall.exe;C:\Program Files\Grisoft\AVG Anti-Spyware 7.5;Win32.Gael.3666;Cured.;
setup.exe;C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8};Win32.Gael.3666;Cured .;
setup.exe;C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16};Win32.Gael.3666;Cured .;
setup.exe;C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7};Win32.Gael.3666;Cured .;
setup.exe;C:\Program Files\InstallShield Installation Information\{822A8730-86A7-4CAA-BDE1-7337169BFF2B};Win32.Gael.3666;Cured .;
setup.exe;C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C};Win32.Gael.3666;Cured .;
iedw.exe;C:\Program Files\Internet Explorer;Win32.Gael.3666;Cured.;
iexplore.exe;C:\Program Files\Internet Explorer;Win32.Gael.3666;Cured.;
iv_uninstall.exe;C:\Program Files\IrfanView;Win32.Gael.3666;Cured.;
i_view32.exe;C:\Program Files\IrfanView;Win32.Gael.3666;Cured.;
Slideshow.exe;C:\Program Files\IrfanView\Plugins;Win32.Gael.3666;Cured.;
java-rmi.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
java.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
javacpl.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
javaw.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
javaws.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
jucheck.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
jureg.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
jusched.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
keytool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
kinit.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
klist.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
ktab.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
orbd.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
pack200.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
policytool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
rmid.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
rmiregistry.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
servertool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
tnameserv.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
unpack200.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Gael.3666;Cured.;
java-rmi.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
java.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
javacpl.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
javaw.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
javaws.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
jucheck.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
jureg.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
keytool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
kinit.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
klist.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
ktab.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
orbd.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
pack200.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
policytool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
rmid.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
rmiregistry.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
servertool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
tnameserv.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
unpack200.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Gael.3666;Cured.;
unins000.exe;C:\Program Files\K-Lite Codec Pack;Win32.Gael.3666;Cured.;
ac3config.exe;C:\Program Files\K-Lite Codec Pack\Filters;Win32.Gael.3666;Cured.;
divxconfig.exe;C:\Program Files\K-Lite Codec Pack\Filters;Win32.Gael.3666;Cured.;
DivXsm.exe;C:\Program Files\K-Lite Codec Pack\Filters;Win32.Gael.3666;Cured.;
gdsmux.exe;C:\Program Files\K-Lite Codec Pack\Filters\Haali;Win32.Gael.3666;Cured.;
mplayerc.exe;C:\Program Files\K-Lite Codec Pack\Media Player Classic;Win32.Gael.3666;Cured.;
mpclauncher.exe;C:\Program Files\K-Lite Codec Pack\Real;Win32.Gael.3666;Cured.;
settings.exe;C:\Program Files\K-Lite Codec Pack\Real;Win32.Gael.3666;Cured.;
upgrdhlp.exe;C:\Program Files\K-Lite Codec Pack\Real\Update_OB;Win32.Gael.3666;Cured.;
CodecTweakTool.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Gael.3666;Cured.;
graphedit.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Gael.3666;Cured.;
mediainforaw.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Gael.3666;Cured.;
StatsReader.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Gael.3666;Cured.;
VobSubStrip.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Gael.3666;Cured.;
gspot.exe;C:\Program Files\K-Lite Codec Pack\Tools\gspot;Win32.Gael.3666;Cured.;
ATWizard.exe;C:\Program Files\Logitech\QuickCam;Win32.Gael.3666;Cured.;
CHelper.exe;C:\Program Files\Logitech\QuickCam;Win32.Gael.3666;Cured.;
LogiMailApp.exe;C:\Program Files\Logitech\QuickCam;Win32.Gael.3666;Cured.;
LogitechUpdate.exe;C:\Program Files\Logitech\QuickCam\LU;Win32.Gael.3666;Cured.;
LogitechUpdate2.exe;C:\Program Files\Logitech\QuickCam\LU;Win32.Gael.3666;Cured.;
LULnchr.exe;C:\Program Files\Logitech\QuickCam\LU;Win32.Gael.3666;Cured.;
astu.exe;C:\Program Files\Microsoft ActiveSync;Win32.Gael.3666;Cured.;
CEAPPMGR.EXE;C:\Program Files\Microsoft ActiveSync;Win32.Gael.3666;Cured.;
dbexport.exe;C:\Program Files\Microsoft ActiveSync;Win32.Gael.3666;Cured.;
FormInst.exe;C:\Program Files\Microsoft ActiveSync;Win32.Gael.3666;Cured.;
WCESMgr.exe;C:\Program Files\Microsoft ActiveSync;Win32.Gael.3666;Cured.;
WMP10_Update.exe;C:\Program Files\Microsoft ActiveSync;Win32.Gael.3666;Cured.;
firefox.exe;C:\Program Files\Mozilla Firefox;Win32.Gael.3666;Cured.;
updater.exe;C:\Program Files\Mozilla Firefox;Win32.Gael.3666;Cured.;
xpicleanup.exe;C:\Program Files\Mozilla Firefox;Win32.Gael.3666;Cured.;
helper.exe;C:\Program Files\Mozilla Firefox\uninstall;Win32.Gael.3666;Cured.;
livecall.exe;C:\Program Files\MSN Messenger;Win32.Gael.3666;Cured.;
msnmsgr.exe;C:\Program Files\MSN Messenger;Win32.Gael.3666;Cured.;
msvs.exe;C:\Program Files\MSN Messenger;Win32.Gael.3666;Cured.;
dpinst.exe;C:\Program Files\MSN Messenger\Device Manager;Win32.Gael.3666;Cured.;
dpinst64.exe;C:\Program Files\MSN Messenger\Device Manager;Win32.Gael.3666;Cured.;
msgrdvmn.exe;C:\Program Files\MSN Messenger\Device Manager;Win32.Gael.3666;Cured.;
cb32.exe;C:\Program Files\NetMeeting;Win32.Gael.3666;Cured.;
conf.exe;C:\Program Files\NetMeeting;Win32.Gael.3666;Cured.;
wb32.exe;C:\Program Files\NetMeeting;Win32.Gael.3666;Cured.;
IP Logged
jimmyfishcake
Newbie
*





   


Posts: 26
Re: trojan & worm problem, hjt log posted
« Reply #8 on: Apr 27th, 2008, 2:03pm »		 Quote Quote  Modify Modify
cureit scan log contd
 
NVMonitor.exe;C:\Program Files\NVIDIA Corporation\nTune;Win32.Gael.3666;Cured.;
setup.exe;C:\Program Files\NVIDIA nTune Performance Application;Win32.Gael.3666;Cured.;
nvCplUI.exe;C:\Program Files\NVIDIA nTune Performance Application\Win64;Win32.Gael.3666;Cured.;
msimn.exe;C:\Program Files\Outlook Express;Win32.Gael.3666;Cured.;
oemig50.exe;C:\Program Files\Outlook Express;Win32.Gael.3666;Cured.;
wab.exe;C:\Program Files\Outlook Express;Win32.Gael.3666;Cured.;
wabmig.exe;C:\Program Files\Outlook Express;Win32.Gael.3666;Cured.;
Miro.exe;C:\Program Files\Participatory Culture Foundation\Miro;Win32.Gael.3666;Cured.;
Miro_MovieData.exe;C:\Program Files\Participatory Culture Foundation\Miro;Win32.Gael.3666;Cured.;
uninstall.exe;C:\Program Files\Participatory Culture Foundation\Miro;Win32.Gael.3666;Cured.;
convert.exe;C:\Program Files\Participatory Culture Foundation\Miro\imagemagick;Win32.Gael.3666;Cured.;
crashreporter.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
mangle.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
Miro.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
regxpcom.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
shlibsign.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
updater.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
xpcshell.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
xpicleanup.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
xpidl.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
xpt_dump.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
xpt_link.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner;Win32.Gael.3666;Cured.;
Miro_Downloader.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python;Win32.Gael.3666;Cured.;
w9xpopen.exe;C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python;Win32.Gael.3666;Cured.;
PartyGaming.exe;C:\Program Files\PartyGaming;Win32.Gael.3666;Cured.;
RunApp.exe;C:\Program Files\PartyGaming\PartyPoker;Win32.Gael.3666;Cured.;
Uninstall.exe;C:\Program Files\PartyGaming\PartyPoker;Win32.Gael.3666;Cured.;
DriversHQ.DriverDetective.Client.exe;C:\Program Files\PC Drivers HeadQuarters\Driver Detective;Win32.Gael.3666;Cured.;
DriversHQ.DriverDetective.Client.Updater.exe;C:\Program Files\PC Drivers HeadQuarters\Driver Detective;Win32.Gael.3666;Cured.;
crashreport.exe;C:\Program Files\PKR;Win32.Gael.3666;Cured.;
pkr-update.exe;C:\Program Files\PKR;Win32.Gael.3666;Cured.;
pkr.exe;C:\Program Files\PKR;Win32.Gael.3666;Cured.;
pkrpal_update.exe;C:\Program Files\PKR;Win32.Gael.3666;Cured.;
pokerapp.exe;C:\Program Files\PKR;Win32.Gael.3666;Cured.;
uninstall-pkr.exe;C:\Program Files\PKR;Win32.Gael.3666;Cured.;
blindman.exe;C:\Program Files\Spybot - Search & Destroy;Win32.Gael.3666;Cured.;
SDDelFile.exe;C:\Program Files\Spybot - Search & Destroy;Win32.Gael.3666;Cured.;
SDMain.exe;C:\Program Files\Spybot - Search & Destroy;Win32.Gael.3666;Cured.;
SDShred.exe;C:\Program Files\Spybot - Search & Destroy;Win32.Gael.3666;Cured.;
SDWinSec.exe;C:\Program Files\Spybot - Search & Destroy;Win32.Gael.3666;Cured.;
unins000.exe;C:\Program Files\Spybot - Search & Destroy;Win32.Gael.3666;Cured.;
Update.exe;C:\Program Files\Spybot - Search & Destroy;Win32.Gael.3666;Cured.;
BOOTSAFE.EXE;C:\Program Files\SUPERAntiSpyware;Win32.Gael.3666;Cured.;
SASINST.EXE;C:\Program Files\SUPERAntiSpyware;Win32.Gael.3666;Cured.;
SSUpdate.exe;C:\Program Files\SUPERAntiSpyware;Win32.Gael.3666;Cured.;
TexasCalc.exe;C:\Program Files\TexasCalculatem;Win32.Gael.3666;Cured.;
unins000.exe;C:\Program Files\TexasCalculatem;Win32.Gael.3666;Cured.;
InstallLicense.exe;C:\Program Files\TrojanHunter 5.0;Win32.Gael.3666;Cured.;
thcl.exe;C:\Program Files\TrojanHunter 5.0;Win32.Gael.3666;Cured.;
TrojanHunter.exe;C:\Program Files\TrojanHunter 5.0;Win32.Gael.3666;Cured.;
unins000.exe;C:\Program Files\TrojanHunter 5.0;Win32.Gael.3666;Cured.;
SubmitFiles.exe;C:\Program Files\TrojanHunter 5.0\SubmitFiles;Win32.Gael.3666;Cured.;
AutostartExplorer.exe;C:\Program Files\TrojanHunter 5.0\Tools\Autostart Explorer;Win32.Gael.3666;Cured.;
LiveUpdate.exe;C:\Program Files\TrojanHunter 5.0\Tools\LiveUpdate;Win32.Gael.3666;Cured.;
MemString.exe;C:\Program Files\TrojanHunter 5.0\Tools\MemString;Win32.Gael.3666;Cured.;
NetstatViewer.exe;C:\Program Files\TrojanHunter 5.0\Tools\Netstat Viewer;Win32.Gael.3666;Cured.;
ProcessViewer.exe;C:\Program Files\TrojanHunter 5.0\Tools\Process Viewer;Win32.Gael.3666;Cured.;
WindowList.exe;C:\Program Files\TrojanHunter 5.0\Tools\Window List;Win32.Gael.3666;Cured.;
uTorrent.exe;C:\Program Files\uTorrent;Win32.Gael.3666;Cured.;
uninstall.exe;C:\Program Files\VideoLAN\VLC;Win32.Gael.3666;Cured.;
vlc.exe;C:\Program Files\VideoLAN\VLC;Win32.Gael.3666;Cured.;
Setup.exe;C:\Program Files\VirtualNetwork;Win32.Gael.3666;Cured.;
InstallUI.exe;C:\Program Files\VirtualNetwork\Share;Win32.Gael.3666;Cured.;
SuperLink.exe;C:\Program Files\VirtualNetwork\SuperLink;Win32.Gael.3666;Cured.;
BridgeSwitch.exe;C:\Program Files\VirtualNetwork\VirtualNetwork;Win32.Gael.3666;Cured.;
UninstWA.exe;C:\Program Files\Winamp;Win32.Gael.3666;Cured.;
winamp.exe;C:\Program Files\Winamp;Win32.Gael.3666;Cured.;
wmccds.exe;C:\Program Files\Windows Media Connect 2;Win32.Gael.3666;Cured.;
wmccfg.exe;C:\Program Files\Windows Media Connect 2;Win32.Gael.3666;Cured.;
migrate.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
mplayer2.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
setup_wm.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
wmdbexport.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
wmlaunch.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
wmpenc.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
wmplayer.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
wmpnscfg.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
wmpshare.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
wmsetsdk.exe;C:\Program Files\Windows Media Player;Win32.Gael.3666;Cured.;
dialer.exe;C:\Program Files\Windows NT;Win32.Gael.3666;Cured.;
hypertrm.exe;C:\Program Files\Windows NT;Win32.Gael.3666;Cured.;
wordpad.exe;C:\Program Files\Windows NT\Accessories;Win32.Gael.3666;Cured.;
Rar.exe;C:\Program Files\WinRAR;Win32.Gael.3666;Cured.;
RarExtLoader.exe;C:\Program Files\WinRAR;Win32.Gael.3666;Cured.;
Uninstall.exe;C:\Program Files\WinRAR;Win32.Gael.3666;Cured.;
UnRAR.exe;C:\Program Files\WinRAR;Win32.Gael.3666;Cured.;
WinRAR.exe;C:\Program Files\WinRAR;Win32.Gael.3666;Cured.;
DelKeys.exe;C:\Program Files\Xi\NetXfer;Win32.Gael.3666;Cured.;
NetTransport.exe;C:\Program Files\Xi\NetXfer;Win32.Gael.3666;Cured.;
unins000.exe;C:\Program Files\Xi\NetXfer;Win32.Gael.3666;Cured.;
7za.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
add_path.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
cz2stub.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
msend.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
ncz2stub.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
profcheck.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
s_setup.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
unins000.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
zg.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
zgsetupfileass.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
zipgenius.exe;C:\Program Files\ZipGenius 6;Win32.Gael.3666;Cured.;
A0026639.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP73;Win32.Ga el.3666;Cured.;
A0026651.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP73;Win32.Ga el.3666;Cured.;
A0026652.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP73;Win32.Ga el.3666;Cured.;
A0026656.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP73;Win32.Ga el.3666;Cured.;
A0031274.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031275.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031276.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031277.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031278.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031279.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031280.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031281.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031282.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031283.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031284.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031285.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031286.EXE;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031287.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031288.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031289.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031290.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031291.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031292.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031293.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031294.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031295.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031296.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031297.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031298.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031299.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031300.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031301.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031302.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031303.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031304.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031305.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031306.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031307.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031308.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031309.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031310.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031311.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031312.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031313.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031314.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031315.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031316.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031317.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031318.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031319.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031320.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031321.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031322.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031323.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031324.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
IP Logged
jimmyfishcake
Newbie
*





   


Posts: 26
Re: trojan & worm problem, hjt log posted
« Reply #9 on: Apr 27th, 2008, 2:05pm »		 Quote Quote  Modify Modify
cureit scan log contd
 
A0031325.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031326.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031327.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031328.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031329.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031330.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031331.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031332.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031333.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031334.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031335.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031336.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031337.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031338.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031339.EXE;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031340.EXE;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031341.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031342.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031343.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031344.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031345.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031346.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031347.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031348.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031349.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031350.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031351.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031352.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031353.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031354.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031355.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031356.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031357.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031358.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031359.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031360.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031361.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031362.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031363.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031364.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031365.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031366.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031367.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031368.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031369.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031370.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031371.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031372.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031373.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031374.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031375.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031376.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031377.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031378.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031379.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031380.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
IP Logged
jimmyfishcake
Newbie
*





   


Posts: 26
Re: trojan & worm problem, hjt log posted
« Reply #10 on: Apr 27th, 2008, 2:09pm »		 Quote Quote  Modify Modify
cureit scan log contd
 
A0031381.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031382.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031383.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031384.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031385.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031386.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031387.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031388.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031389.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031390.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031391.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031392.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031393.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031394.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031395.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031396.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031397.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031398.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031399.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031400.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031401.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031402.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031403.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031404.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031405.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031406.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031407.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031408.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031409.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031410.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031411.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031412.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031413.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031414.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031415.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031416.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031417.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031418.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031419.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031420.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031421.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031422.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031423.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031424.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031425.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031426.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031427.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031428.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031429.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031430.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031431.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031432.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031433.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031434.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031435.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031436.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031437.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031438.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031439.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031440.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031441.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031442.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031443.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031444.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031445.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031446.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031447.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031448.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031449.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031450.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031451.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031452.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031453.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031454.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031455.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031456.EXE;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031457.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031458.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031459.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031460.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031461.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031462.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031463.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031464.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031465.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031466.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031467.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031468.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031469.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031470.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031471.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031472.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031473.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031474.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031475.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620ECF4}\RP77;Win32.Ga el.3666;Cured.;
A0031476.exe;C:\System Volume Information\_restore{35EA3F85-1E48-4513-8805-DC971620EC