Virus W32 Virut CF

This What I get when i Start up

globalroot\systemroot\system32\kbiwkmcfneqdri.dll

For every click on any application It comes on right from Loging in my pc

And then Norton Says:-
AUTO-PROTECT detect security risk W32.Virut.CF.

And does nothing what should I Do?

Please Help.

Hello.
While executing the script you'd better disconnect your internet connection and disable antivirus protection.
Execute the script: [code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
SetServiceStart('WinVd32', 4);
SetServiceStart('WinFLdrv', 4);
StopService('WinVd32');
StopService('WinFLdrv');
QuarantineFile('C:\Users\AMAN\AppData\Local\Temp\H.exe','');
QuarantineFile('C:\Windows\system32\WinVd32.sys','');
QuarantineFile('C:\Windows\system32\WinFLdrv.sys','');
DeleteFile('C:\Windows\system32\WinFLdrv.sys');
BC_DeleteFile('C:\Windows\system32\WinFLdrv.sys');
DeleteFile('C:\Windows\system32\WinVd32.sys');
BC_DeleteFile('C:\Windows\system32\WinVd32.sys');
DeleteFile('C:\Users\AMAN\AppData\Local\Temp\H.exe');
BC_DeleteFile('C:\Users\AMAN\AppData\Local\Temp\H.exe');
DeleteService('WinVd32');
DeleteService('WinFLdrv');
DeleteService('H');
BC_DeleteSvc('WinVd32');
BC_DeleteSvc('WinFLdrv');
BC_DeleteSvc('H');
BC_ImportquarantineList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.[/code] After restart, upload quarantine via the link [url]http://virusinfo.info/upload_virus_eng.php?tid=54984[/url] and make new logs.
You'd better make all the 3 logs as it's described in the [url=http://virusinfo.info/showthread.php?t=9184]rules of "Help me!" section[/url]

I have done as said

Three Files

Sorry I am new Learning the rules of the fourm

i have also uploaded the quaritine files

The logs you've made are not the quite logs I've expected to see. Anyway, it seems tht at least a part of the malware has been removed.
Please, make also [url=http://virusinfo.info/showthread.php?t=51878]this log[/url] and attach it to your post here.

Ok on my way to scan

Thanks for help till Now

I have attached the log

Just know I saw my Norton Detected New thing

Says

AUTO-PROTECT detect security risk BACKDOOR TISDERV

And did nothing

Thanks

I see the virus in my Registry How do u delete it from there?,

As you are the expert must me knowing I was just trying.

Will be waiting for the reply

Thanks once again

It been 12 days Still stuggling to Remove it

[QUOTE=Numb;470174]The logs you've made are not the quite logs I've expected to see. Anyway, it seems tht at least a part of the malware has been removed.
Please, make also [url=http://virusinfo.info/showthread.php?t=51878]this log[/url] and attach it to your post here.[/QUOTE]
[B]Numb[/B], BACKDOOR TISDERV

--------------------------------------------------------------------------------

Thanks for help till Now

I have attached the log

Just know I saw my Norton Detected New thing

Says

AUTO-PROTECT detect security risk BACKDOOR TISDERV

And did nothing

Thanks

I see the virus in my Registry How do u delete it from there?,

As you are the expert must me knowing I was just trying.

Will be waiting for the reply

Thanks once again

It been 12 days Still stuggling to Remove it

Hello and sorry for delay.
First of all, you should copy text in the frame below and save it as the gmer.bat file in the folder where gmer anti-rootkit (file ddsk3ngu.exe) has been saved.
[code]ddsk3ngu.exe -del service kbiwkmispmtixr
ddsk3ngu.exe -del file "C:\Windows\System32\drivers\kbiwkmqvjasdld.sys"
ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmxqrbylxk.dll"
ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmyqsxlupx.dat"
ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmvpbcxlev.dll"
ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmqedetqqn.dat"
ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmcfneqdri.dll"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmivpiiphaue.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmiwwkoscbxv.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmixtreoluxm.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmjwcaufdoyd.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmkfqfrbaqsp.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmknbtohjqxh.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmkroegcvgif.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmliftdjirpv.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmmtfhcnbpko.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmnbpxuvmtug.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmnlixkqdwxi.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmnspqytapke.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmohtofawqlo.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmpbbyiicpnv.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmpbfvystmqm.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmpeqkmpxscp.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmphiirwifrt.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmpiplweqcpc.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmptjnkrphqo.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqefyudqqhw.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqixttnsbym.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqjjkfnoykm.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqlmqxtwssw.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqvqmctixny.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmrljvmeoawu.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmrntuuhqail.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmawtmvdnvcn.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbjftwdtmxn.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbofyrxnpkw.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbrgefcivpp.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbrihdtpvvp.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmscelwscikw.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmsetyjeeiee.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmsewkpvddpb.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmtcysirrdic.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmtdmaplvrfb.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmthmmkqyfgy.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmtocmghtwsl.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmufpvbtqnpb.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmulevjxtpox.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmvufyekxwme.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmwlcysmaisa.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmwsghprveic.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmwxcihvnlcv.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxgbnipiuxu.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxgipkearrr.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmdveirwyqpq.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmeafjbnphir.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmegnrktexsy.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmeruhduifdx.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmerxmowbpxb.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmesanmhqvio.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmexmufliifu.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfciqtfcxsk.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmffjapagfti.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfkphnveujn.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfotxpplljp.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfpoichqjgj.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfsjeiuqbrs.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfyigrwuvtn.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmgjfgophtoa.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmgwryufbdib.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmhcdtccbees.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmicfoigftjf.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmidqudrddxp.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmiexmsbwqpn.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmifuwdeeous.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmiuiumupgyn.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbtttnorpxq.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmivittyayro.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmrspwivsxis.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxilpktdrfb.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxoaevrmcwn.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxxakqymbfv.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmyijbviinpl.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmyngijposkc.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmyuvpcmuedx.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmyvlsqotryc.tmp"
ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmywcpntxpco.tmp"
ddsk3ngu.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmispmtixr"
ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\kbiwkmispmtixr"
ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\kbiwkmispmtixr"
ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\kbiwkmispmtixr"
ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet005\Services\kbiwkmispmtixr"
ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet006\Services\kbiwkmispmtixr"
ddsk3ngu.exe -reboot[/code]
After that, run gmer.bat and, after reboot, make new logs.
[b]Attention[/b]: you should make 2 logs of AVZ tool, as it's described in the rules.
The first log: run avz - upper menu "file" - "standart scripts" - mark position 3 - press "execute selected scripts" button. [b]Do not try to close window and/or interrupt AVZ's work until you see "Scripts executed" message[/b]. When message appears, press "OK", press "Exit", close AVZ and restart your system. After restart, do all the same, but mark position 2 in "standart scripts" window. Results will be saved in "Log" folder as .zip archives: virusinfo_syscure.zip and virusinfo_syscheck.zip. You should attach them to your post here, as well as new logs of GMER and Hijackthis.

Done as said

Thanks For helping till now :--

Feeling good to see my laptop reviving

But norton is still detecting viruses

Like

Backdoor Tidserv

Trojan Horse

Last one log remaining underprocess will post shortly

Everytime there is something new in your logs.
Ok. run AVZ - you'd better right click on AVZ.exe and chose "Run as" option in the context menu - and [url=http://virusinfo.info/showthread.php?t=9207]Execute the script[/url]: [code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
SetServiceStart('SysProtDrv.sys', 4);
QuarantineFile('C:\Windows\System32\kbiwkmxgvovppt.dll','');
QuarantineFile('C:\Windows\System32\kbiwkmvdwpopfq.dll','');
QuarantineFile('C:\Windows\DOWNLO~1\SysInfo.dll','');
QuarantineFile('C:\Users\AMAN\Desktop\SysProtDrv.sys','');
QuarantineFile('\\?\globalroot\systemroot\system32\kbiwkmvdwpopfq.dll','');
DeleteFile('C:\Users\AMAN\Desktop\SysProtDrv.sys');
BC_DeleteFile('C:\Users\AMAN\Desktop\SysProtDrv.sys');
DeleteFile('C:\Windows\System32\kbiwkmxgvovppt.dll');
DeleteFile('C:\Windows\System32\kbiwkmvdwpopfq.dll');
BC_DeleteFile('C:\Windows\System32\kbiwkmxgvovppt.dll');
BC_DeleteFile('C:\Windows\System32\kbiwkmvdwpopfq.dll');
Deletefile('C:\Windows\System32\drivers\kbiwkmqvjasdld.sys');
Deletefile('C:\Windows\System32\kbiwkmxqrbylxk.dll');
Deletefile('C:\Windows\System32\kbiwkmyqsxlupx.dat');
Deletefile('C:\Windows\System32\kbiwkmvpbcxlev.dll');
Deletefile('C:\Windows\System32\kbiwkmqedetqqn.dat');
Deletefile('C:\Windows\System32\kbiwkmcfneqdri.dll');
BC_Deletefile('C:\Windows\System32\drivers\kbiwkmqvjasdld.sys');
BC_Deletefile('C:\Windows\System32\kbiwkmxqrbylxk.dll');
BC_Deletefile('C:\Windows\System32\kbiwkmyqsxlupx.dat');
BC_Deletefile('C:\Windows\System32\kbiwkmvpbcxlev.dll');
BC_Deletefile('C:\Windows\System32\kbiwkmqedetqqn.dat');
BC_Deletefile('C:\Windows\System32\kbiwkmcfneqdri.dll');
DeleteService('SysProtDrv.sys');
DeleteService('kbiwkmispmtixr');
BC_DeleteSvc('SysProtDrv.sys');
BC_DeleteSvc('kbiwkmispmtixr');
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.[/code] After restart, upload quarantine and make new logs. You should also make a new log with GMER

Thanks:-


I will do that and run the scan.

What could be the reason for new things in the logs.?

For GMER I was scanning

It takes long times to scan so I was waiting for it to complete.

Now I am stopping it in between and Gonna Run the script and start THe GMER and other scans again

Whats the Status?

Is the infection still in there?

How Will I know that My laptop Is healthy again.

And why is there new things coming in my logs as said by you.

These are all jjust for my knowledge as I am learning,.

Thanks

There are still traces in the log, though I hope that the malware itself has been removed. Please, execute the script: [code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
SysCleanAddFile('C:\Users\AMAN\AppData\Local\Temp\kxldrpog.sys');
ExecuteSysClean;
RebootWindows(true);
end.[/code] After restart, please, make again this log: [quote]start AVZ*. Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.[/quote] and [URL="http://virusinfo.info/showthread.php?t=51878"]GMER antirootkit's log[/URL]. Attach virusinfo_syscheck.zip and gmer.log to your post here. Making these two logs will not take a lot of your time, but we will be able to see if this malware has definitely been removed.
Your antivirus, does it still detect anything, or detect has been stopped?

Thanks

I have executed the script.

Running the scans now.

Last 2 days Norton 360 v3 has not detecgted any viruses or risks.

Thanks NIce.

Will get back ASAP

GMER log in under way thanks

HERES is the last one

Two with you.

I hope these are the final report

And waiting for a healthy pc back

I can see nothing harmful in your logs. Think that malware has been removed.

Thanks

Now can i resume my normal work.

As in Bank Accounts logging etc personal important sensitive.

Should I uninstall all software I installed for Virus removal

And maintian with my Norton 360 V3

One more suggestion

Whats the best Antivirus removal Software in the market to buy

[QUOTE=coldfire;471226]
Should I uninstall all software I installed for Virus removal
And maintian with my Norton 360 V3[/QUOTE]

Yes, you should do so. Several antiviruses in the same system could be a problem by itself. As for utilites such as AVZ tool and GMER - they weren't installed, so they don't require uninstall. You may delete them or keep them - at your choice.

[QUOTE=coldfire;471226]
Whats the best Antivirus removal Software in the market to buy[/QUOTE]
You mean "What is the best antivirus software"? We try not to give any advises about antivirus software to buy. I should say that your Norton is not the worst choice, and any antivirus could miss something. The perfect antivirus solution hasn't been invented yet. Besides your system protection depends more of your actions, of the security settings that are made by user. I suggest you to take a look at this how-to by Microsoft - [url]http://windowshelp.microsoft.com/Windows/en-US/security.mspx[/url] - there are only basics there, but they are enough to make your system safer.