View Full Version : a really bad one! boy do i need help!
somehow i picked up something nasty. it appears to have erased stuff,added stuff and generally screwed things up. it started off by putting up warning windows of an infection from a program i don't have (sounds like smitfraud)
then opening command windows quickly etc. I have tried the following scans and programs to weed it out:
Spybot
AVG
smitfraudfix
malwarebytes
vundofix
combofix
even though i've runspybot many times to the point where it says i'm clean
the stuff is still in there somewhere.
currently when i boot it will sometimes seem to boot normally with the exception of the blue windows screen comes up with a capital E with an accent above it 2 lines beneath the s in windows!!! very weird!
other times it will hang on a blank blue screen. also occasionally getting the smitfraud/virus warning before completing to boot normally.
i also am getting windows notices that it has to shut down programs to protect my computer- explorer(.which i don't use) and other things.
my publisher program no longer has any printers installed and i get a notice that the print spooler is not active or installed!
Here is a current Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 10:05:03, on 9/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wlansta.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\F.tmp
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE"
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Ponheg] "C:\Documents and Settings\Administrator\My Documents\?icrosoft\w?crtupd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WLAN network adaptor Wireless LAN Configuration.lnk = ?
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} (JMWiseCam Control) - http://192.168.1.199/JMWiseCam.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cryptographic Services CryptSvcSwPrv (CryptSvcSwPrv) - Unknown owner - C:\WINDOWS\system32\3.tmp.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: MS Software Shadow Copy Provider SwPrvWebClient (SwPrvWebClient) - Unknown owner - C:\WINDOWS\system32\60ws.exe
Thanks to any expert who might want to tackle this one!!!
RTV
Hi
Guess you missed Do NOT run 'fixes' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806) (ran ComboFix though it shouldn't be used without supervision) sticky.
Navigate into C:\Program Files\HijackThis folder and rename HijackThis.exe file -> whatever.exe. Post a fresh hjt log after renaming is done.
thanks Blade! no...like a idiot i did that stuff before i remembered
here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 13:56:42, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\lphc74sj0e34c.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wlansta.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\hij.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE"
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [lphc74sj0e34c] C:\WINDOWS\system32\lphc74sj0e34c.exe
O4 - HKCU\..\Run: [Ponheg] "C:\Documents and Settings\Administrator\My Documents\?icrosoft\w?crtupd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WLAN network adaptor Wireless LAN Configuration.lnk = ?
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} (JMWiseCam Control) - http://192.168.1.199/JMWiseCam.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cryptographic Services CryptSvcSwPrv (CryptSvcSwPrv) - Unknown owner - C:\WINDOWS\system32\3.tmp.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: MS Software Shadow Copy Provider SwPrvWebClient (SwPrvWebClient) - Unknown owner - C:\WINDOWS\system32\60ws.exe
also..i'm getting warnings that my computer is sending out emails!
Hi
I've got some bad news for you :sad:
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
Blade...Thanks a million for the info!! i immediately shut down from the net.
and my router started not to work! so i have been delayed in answering.
its back now and i'm on another computer. i'd like to try and clean it if you wouldn't mind. but ...i'll be on the road for a bit. could we pick this up in a few days? one other question...is it likely to migrate through a wireless router
to other computers on the router?? or through email?
Thanks again!!!
RTV55
Hi
It's one of these (http://www.symantec.com/security_response/writeup.jsp?docid=2007-040208-5335-99&tabid=1) Infostealer.Banker trojans. We can continue cleaning when you arrive. However, if it'll be more than five days let me know beforehand. We archive topics that have been inactive five days.
Blade,
I'm back! are you still willing to give this problem a try?
rtv
Of course I am :)
Could you post a fresh hjt log? It may be quite similar like the one you posted but since it's been a few days it's better to get the latest one to begin with.
Thanks blade!
let me bring you up to date...since i was out on the road for those days and needed my laptop (which was almost unuseable) i figured what have i got to loose? so i ran the malwarebytes a few times and read the problem files it couldn't remove. then booting in safe mode with the command console i deleted them as best i could. it seems they are rewritten after they are deleted! but the good news is that the computer is seemingly usuable as long as i don't go on line. i know that if i go online it will just download all the bad stuff and screw up the computer again. it seems that most of the stuff showed up on the 20th of last month. it wrote gobs of tmp files in the system32 folder and god knows where else! i'll post an HJT file after this but i have to get it to this computer to sent it!!
Thanks for sticking with me!!!
rtv
Logfile of HijackThis v1.99.1
Scan saved at 20:49:41, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wlansta.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\hij.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE"
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Ponheg] "C:\Documents and Settings\Administrator\My Documents\?icrosoft\w?crtupd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WLAN network adaptor Wireless LAN Configuration.lnk = ?
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} (JMWiseCam Control) - http://192.168.1.199/JMWiseCam.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cryptographic Services CryptSvcSwPrv (CryptSvcSwPrv) - Unknown owner - C:\WINDOWS\system32\3.tmp.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: MS Software Shadow Copy Provider SwPrvWebClient (SwPrvWebClient) - Unknown owner - C:\WINDOWS\system32\60ws.exe
Hi
Disable Spybot's TeaTimer
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
ComboFix 08-09-20.05 - Administrator 2008-10-04 21:24:10.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.940 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\ssembl~1
C:\WINDOWS\ssembl~1\?ssembly\
C:\WINDOWS\system32\k86.bin
C:\WINDOWS\system32\netprp.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-10-01 17:52 . 2008-09-26 08:43 8,512 --a------ C:\WINDOWS\system32\drivers\ati1ttxxx.sys
2008-09-29 10:46 . 2008-09-29 10:46 18 --a------ C:\WINDOWS\system32\6A.tmp
2008-09-28 16:05 . 2008-09-28 16:05 18 --a------ C:\WINDOWS\system32\69.tmp
2008-09-28 16:04 . 2008-09-28 16:05 185,856 --a------ C:\WINDOWS\system32\68.tmp
2008-09-28 16:04 . 2008-09-28 16:04 48 --a------ C:\WINDOWS\system32\67.tmp
2008-09-28 09:03 . 2008-09-28 09:03 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-28 08:53 . 2008-09-28 08:53 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-09-26 21:30 . 2008-09-26 21:30 18 --a------ C:\WINDOWS\system32\66.tmp
2008-09-26 21:08 . 2008-09-26 21:08 186,368 --a------ C:\WINDOWS\system32\52.tmp
2008-09-26 21:08 . 2008-09-26 21:08 78,848 --a------ C:\WINDOWS\system32\51.tmp
2008-09-26 21:08 . 2008-09-26 21:08 41,984 --a------ C:\WINDOWS\system32\4F.tmp
2008-09-26 21:08 . 2008-09-26 21:08 37,032 --a------ C:\WINDOWS\system32\50.tmp
2008-09-26 21:08 . 2008-09-26 21:08 176 --a------ C:\WINDOWS\system32\4E.tmp
2008-09-26 21:08 . 2008-09-26 21:08 0 --a------ C:\WINDOWS\system32\53.tmp
2008-09-26 20:02 . 2008-09-26 20:02 186,368 --a------ C:\WINDOWS\system32\4C.tmp
2008-09-26 20:02 . 2008-09-26 20:02 78,848 --a------ C:\WINDOWS\system32\4B.tmp
2008-09-26 20:02 . 2008-09-26 20:02 41,984 --a------ C:\WINDOWS\system32\47.tmp
2008-09-26 20:02 . 2008-09-26 20:02 37,032 --a------ C:\WINDOWS\system32\4A.tmp
2008-09-26 20:02 . 2008-09-26 20:02 176 --a------ C:\WINDOWS\system32\36.tmp
2008-09-26 20:02 . 2008-09-26 20:02 18 --a------ C:\WINDOWS\system32\4D.tmp
2008-09-26 18:09 . 2008-09-26 18:09 186,368 --a------ C:\WINDOWS\system32\44.tmp
2008-09-26 18:09 . 2008-09-26 18:09 78,848 --a------ C:\WINDOWS\system32\43.tmp
2008-09-26 18:09 . 2008-09-26 18:09 41,984 --a------ C:\WINDOWS\system32\41.tmp
2008-09-26 18:09 . 2008-09-26 18:09 37,032 --a------ C:\WINDOWS\system32\42.tmp
2008-09-26 18:09 . 2008-09-26 18:09 18 --a------ C:\WINDOWS\system32\45.tmp
2008-09-26 18:08 . 2008-09-26 18:08 186,368 --a------ C:\WINDOWS\system32\34.tmp
2008-09-26 18:08 . 2008-09-26 18:08 78,848 --a------ C:\WINDOWS\system32\33.tmp
2008-09-26 18:08 . 2008-09-26 18:08 41,984 --a------ C:\WINDOWS\system32\31.tmp
2008-09-26 18:08 . 2008-09-26 18:08 37,032 --a------ C:\WINDOWS\system32\32.tmp
2008-09-26 18:08 . 2008-09-26 18:09 176 --a------ C:\WINDOWS\system32\37.tmp
2008-09-26 18:08 . 2008-09-26 18:08 176 --a------ C:\WINDOWS\system32\30.tmp
2008-09-26 18:08 . 2008-09-26 18:08 18 --a------ C:\WINDOWS\system32\35.tmp
2008-09-26 17:06 . 2008-09-26 17:06 186,368 --a------ C:\WINDOWS\system32\3F.tmp
2008-09-26 17:06 . 2008-09-26 17:06 78,848 --a------ C:\WINDOWS\system32\3E.tmp
2008-09-26 17:06 . 2008-09-26 17:06 41,984 --a------ C:\WINDOWS\system32\3C.tmp
2008-09-26 17:06 . 2008-09-26 17:06 37,032 --a------ C:\WINDOWS\system32\3D.tmp
2008-09-26 17:06 . 2008-09-26 17:06 176 --a------ C:\WINDOWS\system32\3B.tmp
2008-09-26 17:06 . 2008-09-26 17:06 18 --a------ C:\WINDOWS\system32\40.tmp
2008-09-26 15:54 . 2008-09-26 15:54 186,368 --a------ C:\WINDOWS\system32\2B.tmp
2008-09-26 15:54 . 2008-09-26 15:54 78,848 --a------ C:\WINDOWS\system32\2A.tmp
2008-09-26 15:54 . 2008-09-26 15:54 41,984 --a------ C:\WINDOWS\system32\28.tmp
2008-09-26 15:54 . 2008-09-26 15:54 37,032 --a------ C:\WINDOWS\system32\29.tmp
2008-09-26 15:54 . 2008-09-26 15:54 176 --a------ C:\WINDOWS\system32\27.tmp
2008-09-26 15:54 . 2008-09-26 15:54 18 --a------ C:\WINDOWS\system32\2F.tmp
2008-09-26 15:46 . 2008-09-26 15:46 186,368 --a------ C:\WINDOWS\system32\25.tmp
2008-09-26 15:46 . 2008-09-26 15:46 78,848 --a------ C:\WINDOWS\system32\21.tmp
2008-09-26 15:46 . 2008-09-26 15:46 41,984 --a------ C:\WINDOWS\system32\1F.tmp
2008-09-26 15:46 . 2008-09-26 15:46 37,032 --a------ C:\WINDOWS\system32\20.tmp
2008-09-26 15:46 . 2008-09-26 15:46 176 --a------ C:\WINDOWS\system32\1A.tmp
2008-09-26 15:46 . 2008-09-26 15:46 18 --a------ C:\WINDOWS\system32\26.tmp
2008-09-26 15:28 . 2008-09-26 15:28 29 --a------ C:\WINDOWS\system32\dswiuwsf.tmp
2008-09-26 15:27 . 2008-09-26 15:27 18 --a------ C:\WINDOWS\system32\24.tmp
2008-09-26 15:27 . 2008-09-26 15:27 18 --a------ C:\WINDOWS\system32\23.tmp
2008-09-26 15:26 . 2008-09-26 15:27 163,840 --a------ C:\WINDOWS\system32\22.tmp
2008-09-26 15:14 . 2008-09-26 15:26 52 --a------ C:\WINDOWS\system32\1B.tmp
2008-09-26 15:08 . 2008-09-26 15:26 52 --a------ C:\WINDOWS\system32\19.tmp
2008-09-26 15:04 . 2008-09-26 15:04 186,368 --a------ C:\WINDOWS\system32\17.tmp
2008-09-26 15:04 . 2008-09-26 15:04 78,848 --a------ C:\WINDOWS\system32\14.tmp
2008-09-26 15:04 . 2008-09-26 15:04 41,984 --a------ C:\WINDOWS\system32\15.tmp
2008-09-26 15:04 . 2008-09-26 15:04 37,032 --a------ C:\WINDOWS\system32\16.tmp
2008-09-26 15:04 . 2008-09-26 15:04 176 --a------ C:\WINDOWS\system32\13.tmp
2008-09-26 15:04 . 2008-09-26 15:04 18 --a------ C:\WINDOWS\system32\18.tmp
2008-09-26 13:19 . 2008-09-26 13:19 186,368 --a------ C:\WINDOWS\system32\C7.tmp
2008-09-26 13:19 . 2008-09-26 13:19 78,848 --a------ C:\WINDOWS\system32\C4.tmp
2008-09-26 13:19 . 2008-09-26 13:19 41,984 --a------ C:\WINDOWS\system32\C5.tmp
2008-09-26 13:19 . 2008-09-26 13:19 37,032 --a------ C:\WINDOWS\system32\C6.tmp
2008-09-26 13:19 . 2008-09-26 13:19 176 --a------ C:\WINDOWS\system32\C3.tmp
2008-09-26 13:19 . 2008-09-26 13:19 18 --a------ C:\WINDOWS\system32\C8.tmp
2008-09-26 12:13 . 2008-09-26 12:13 186,368 --a------ C:\WINDOWS\system32\B2.tmp
2008-09-26 12:13 . 2008-09-26 12:13 41,984 --a------ C:\WINDOWS\system32\B0.tmp
2008-09-26 12:13 . 2008-09-26 12:13 37,032 --a------ C:\WINDOWS\system32\B1.tmp
2008-09-26 12:13 . 2008-09-26 12:13 18 --a------ C:\WINDOWS\system32\B3.tmp
2008-09-26 12:12 . 2008-09-26 12:13 136 --a------ C:\WINDOWS\system32\AF.tmp
2008-09-26 11:15 . 2008-09-26 11:15 186,368 --a------ C:\WINDOWS\system32\7E.tmp
2008-09-26 11:15 . 2008-09-26 11:15 41,984 --a------ C:\WINDOWS\system32\7C.tmp
2008-09-26 11:15 . 2008-09-26 11:15 37,032 --a------ C:\WINDOWS\system32\7D.tmp
2008-09-26 11:15 . 2008-09-26 11:15 136 --a------ C:\WINDOWS\system32\7B.tmp
2008-09-26 11:15 . 2008-09-26 11:15 0 --a------ C:\WINDOWS\system32\7F.tmp
2008-09-26 10:38 . 2008-09-26 10:38 <DIR> d-------- C:\WINDOWS\Sun
2008-09-26 10:33 . 2008-09-26 10:33 41,984 --a------ C:\WINDOWS\system32\A.tmp
2008-09-26 10:33 . 2008-09-26 10:33 37,032 --a------ C:\WINDOWS\system32\B.tmp
2008-09-26 10:33 . 2008-09-26 10:33 0 --a------ C:\WINDOWS\system32\12.tmp
2008-09-26 10:32 . 2008-09-26 10:33 136 --a------ C:\WINDOWS\system32\3.tmp
2008-09-26 10:28 . 2008-09-26 10:28 <DIR> d-------- C:\Program Files\Sun
2008-09-26 10:28 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-26 10:27 . 2008-09-26 10:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-26 08:57 . 2008-09-26 08:57 20,480 --ahs---- C:\WINDOWS\system32\1Dr.dll
2008-09-26 08:56 . 2008-09-26 08:55 49,664 -r-hs---- C:\WINDOWS\system32\60ws.exe
2008-09-26 08:43 . 2008-09-26 08:43 186,368 --a------ C:\WINDOWS\system32\F.tmp
2008-09-26 08:43 . 2008-09-26 08:43 41,984 --a------ C:\WINDOWS\system32\C.tmp
2008-09-26 08:43 . 2008-09-26 08:43 8,512 --a------ C:\WINDOWS\system32\netrp.sys
2008-09-26 08:43 . 2008-09-26 08:43 0 --a------ C:\WINDOWS\system32\11.tmp
2008-09-26 08:42 . 2008-09-26 08:43 136 --a------ C:\WINDOWS\system32\9.tmp
2008-09-25 22:08 . 2008-09-25 22:08 16,384 --ahs---- C:\WINDOWS\system32\58c.dll
2008-09-25 21:55 . 2008-09-25 21:55 186,368 --a------ C:\WINDOWS\system32\7.tmp
2008-09-25 21:55 . 2008-09-25 21:55 37,888 --a------ C:\WINDOWS\system32\6.tmp
2008-09-25 21:55 . 2008-09-25 21:55 92 --a------ C:\WINDOWS\system32\4.tmp
2008-09-25 21:55 . 2008-09-25 21:55 18 --a------ C:\WINDOWS\system32\8.tmp
2008-09-25 18:41 . 2008-09-25 18:41 92 --a------ C:\WINDOWS\system32\2.tmp
2008-09-25 18:41 . 2008-09-26 08:57 82 --a-s---- C:\WINDOWS\system32\598619786.dat
2008-09-25 18:41 . 2008-09-25 18:41 18 --a------ C:\WINDOWS\system32\5.tmp
2008-09-21 21:05 . 2008-09-30 18:24 2,296 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-21 17:50 . 2008-09-21 17:50 <DIR> d-------- C:\VundoFix Backups
2008-09-20 17:04 . 2008-09-20 17:04 199,168 --a------ C:\WINDOWS\system32\60.tmp
2008-09-20 17:04 . 2008-09-20 17:04 48 --a------ C:\WINDOWS\system32\5F.tmp
2008-09-20 17:04 . 2008-09-20 17:04 18 --a------ C:\WINDOWS\system32\61.tmp
2008-09-20 16:47 . 2008-09-20 16:47 199,168 --a------ C:\WINDOWS\system32\57.tmp
2008-09-20 16:47 . 2008-09-20 16:47 48 --a------ C:\WINDOWS\system32\55.tmp
2008-09-20 16:47 . 2008-09-20 16:47 18 --a------ C:\WINDOWS\system32\58.tmp
2008-09-20 15:00 . 2008-09-20 15:00 199,168 --a------ C:\WINDOWS\system32\48.tmp
2008-09-20 15:00 . 2008-09-20 15:00 48 --a------ C:\WINDOWS\system32\46.tmp
2008-09-20 15:00 . 2008-09-20 15:00 18 --a------ C:\WINDOWS\system32\49.tmp
2008-09-20 14:17 . 2008-09-20 14:17 199,168 --a------ C:\WINDOWS\system32\39.tmp
2008-09-20 14:17 . 2008-09-20 14:17 18 --a------ C:\WINDOWS\system32\3A.tmp
2008-09-20 14:16 . 2008-09-20 14:17 48 --a------ C:\WINDOWS\system32\38.tmp
2008-09-20 14:02 . 2008-09-20 14:02 199,168 --a------ C:\WINDOWS\system32\2D.tmp
2008-09-20 14:02 . 2008-09-20 14:02 48 --a------ C:\WINDOWS\system32\2C.tmp
2008-09-20 14:02 . 2008-09-20 14:02 18 --a------ C:\WINDOWS\system32\2E.tmp
2008-09-20 13:39 . 2008-09-20 13:39 199,168 --a------ C:\WINDOWS\system32\1D.tmp
2008-09-20 13:39 . 2008-09-20 13:39 48 --a------ C:\WINDOWS\system32\1C.tmp
2008-09-20 13:39 . 2008-09-20 13:39 18 --a------ C:\WINDOWS\system32\1E.tmp
2008-09-20 13:35 . 2008-09-20 13:35 48 --a------ C:\WINDOWS\system32\D.tmp
2008-09-20 13:35 . 2008-09-20 13:35 18 --a------ C:\WINDOWS\system32\10.tmp
2008-09-20 03:40 . 2008-09-20 03:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 03:40 . 2008-09-20 03:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 01:28 90,112 ----a-w C:\WINDOWS\DUMP9078.tmp
2008-09-26 19:53 90,112 ----a-w C:\WINDOWS\DUMP9c6e.tmp
2008-09-26 19:03 90,112 ----a-w C:\WINDOWS\DUMP82eb.tmp
2008-09-26 14:28 --------- d-----w C:\Program Files\Java
2008-09-25 22:09 --------- d-----w C:\Program Files\TalkPCR
2008-09-20 07:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 23:33 --------- d-----w C:\Program Files\LandAirSea Systems
2008-07-06 15:10 348,160 ----a-w C:\WINDOWS\MSVCR71.DLL
2008-07-06 15:10 1,060,864 ----a-w C:\WINDOWS\MFC71.DLL
2008-07-06 15:09 40,960 ----a-w C:\WINDOWS\SimTestDll.dll
.
------- Sigcheck -------
2005-03-13 21:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 06:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 17:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-03-13 20:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 15:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 07:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 20:12 1041408 b0d52f609df94a72b4af3edf477c7c2e C:\WINDOWS\explorer.exe
2007-06-13 07:26 1040896 4580e16e92bb88da525a51e1b03b42e2 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 1040896 3225f4663de4cb04858403af116aef98 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 17:00 1039872 8fe830fbff9363952ed533a4022f5291 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 1041408 c074c20ff2cd9560706244ff3aad5724 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 17:00 23040 8cbacd9f0d3d6942fe10d134ed7ed764 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 20:12 23040 1f00a2901ffc1ba48321c06b5f2195f9 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 20:12 23040 d6cdc4fa4980a746a548be5d456ae7e4 C:\WINDOWS\system32\ctfmon.exe
2005-06-10 20:17 65536 ce3605a5b02be13080ad6fc62b00327a C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 19:53 65536 292419cc59317cc6ced2666a9ffcdde3 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 17:00 65536 53832404a4ae49aea8ad515644b979bc C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 20:12 65536 30721bc166cf511848d7340e167170f3 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 20:12 65536 c09cccb28b2a6307ef7e76e9c97b0e78 C:\WINDOWS\system32\spoolsv.exe
2004-08-04 17:00 32256 37bcdc79f48a0c7a83b48f31d6423247 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 33792 cdb8fe37d770759da584fa4a3c585666 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 20:12 33792 0d931ad3b3aa2bae592d3ed2d6392aea C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ponheg"="C:\Documents and Settings\Administrator\My Documents\?icrosoft\w?crtupd.exe" [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRunOnce"="C:\util\prunonce\PRunOnce.exe" [2004-08-06 118784]
"Panasonic HotKey Manager"="C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-06-13 983040]
"PCinfo"="C:\Program Files\Panasonic\PCINFO\SetDiag.exe" [2005-06-14 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 393216]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 C:\WINDOWS\AGRSMMSG.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WLAN network adaptor Wireless LAN Configuration.lnk - C:\WINDOWS\system32\wlansta.exe [2006-05-10 155719]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 14:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= nuvision.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ttxxx.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Panasonic Hand Writing.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Panasonic Hand Writing.lnk
backup=C:\WINDOWS\pss\Panasonic Hand Writing.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1702912 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2006-05-20 11:49 290816 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-06-13 09:16 536576 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--------- 2002-04-26 13:53 19968 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scroller]
--a------ 2005-04-18 15:18 90112 C:\WINDOWS\system32\FPapli.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\FreeFTP\\FreeFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 GPSFilter;Panasonic GPS Filter Service;C:\WINDOWS\system32\DRIVERS\gpsfilter.sys [2005-09-26 10112]
R1 ati1ttxxx;ati1ttxxx;C:\WINDOWS\system32\drivers\ati1ttxxx.sys [2008-09-26 8512]
R2 brecal;Panasonic Battery Recalibration Driver;C:\Program Files\Panasonic\BRECAL\Brecal.sys [2004-11-15 7168]
R2 pcinfo;Panasonic PC Info. Viewer Driver;C:\Program Files\Panasonic\PCINFO\pcinfo.sys [2004-11-04 7168]
R2 SDKEY;Panasonic SD Misc. Function Driver;C:\Program Files\Panasonic\SDKEY\SDKEY.SYS [2005-04-21 8192]
R3 FIDMOU;Fujitsu touchpad;C:\WINDOWS\system32\DRIVERS\Fidmou.sys [2005-04-18 23463]
R3 HOTKEY;Panasonic Hotkey Driver;C:\WINDOWS\system32\DRIVERS\HOTKEY.SYS [2003-03-17 9216]
R3 vidcap;vidcap;C:\WINDOWS\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
S0 fvac;fvac;C:\WINDOWS\system32\drivers\xlrp.sys [ ]
S0 hwqud;hwqud;C:\WINDOWS\system32\drivers\cjvwgp.sys [ ]
S0 xeljap;xeljap;C:\WINDOWS\system32\drivers\uhktyh.sys [ ]
S2 CryptSvcSwPrv;Cryptographic Services CryptSvcSwPrv;C:\WINDOWS\system32\3.tmp [2008-09-26 136]
S2 NUWNNTWO;NUWNNTWO;C:\WINDOWS\system32\drivers\NUWNNTWO.sys [ ]
S2 SwPrvWebClient;MS Software Shadow Copy Provider SwPrvWebClient;C:\WINDOWS\system32\60ws.exe [2008-09-26 49664]
S2 USBHSB;GeneLink File Transfer Driver;C:\WINDOWS\system32\Drivers\usbhsb.sys [2001-12-17 18690]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];C:\WINDOWS\system32\Drivers\VRDVC20X.SYS [2004-11-09 04:02 31104]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 NuVision;Hauppauge WinTV USB Pro (NTSC);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 260144]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 WLAN;IEEE 802.11b WLAN network adaptor Driver;C:\WINDOWS\system32\DRIVERS\WLANNDS.sys [2003-10-17 651776]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-SfKg6wIP - C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\qiwxws.exe
HKU-Default-Run-GetPack21 - C:\Program Files\GetPack\GetPack21.exe
Notify-Identified as: - (no file)
Notify-netprp - netprp.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\264zyfxi.default\
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 21:26:06
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CryptSvcSwPrv]
"ImagePath"="C:\WINDOWS\system32\3.tmp srv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-04 21:31:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 01:31:09
ComboFix2.txt 2008-09-22 00:53:25
ComboFix3.txt 2008-02-03 17:59:13
Pre-Run: 30,844,716,032 bytes free
Post-Run: 30,761,984,512 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
317 --- E O F --- 2008-09-11 03:34:02
Logfile of HijackThis v1.99.1
Scan saved at 21:34:49, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wlansta.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\hij.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE"
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Ponheg] "C:\Documents and Settings\Administrator\My Documents\?icrosoft\w?crtupd.exe"
O4 - Global Startup: WLAN network adaptor Wireless LAN Configuration.lnk = ?
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} (JMWiseCam Control) - http://192.168.1.199/JMWiseCam.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cryptographic Services CryptSvcSwPrv (CryptSvcSwPrv) - Unknown owner - C:\WINDOWS\system32\3.tmp.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: MS Software Shadow Copy Provider SwPrvWebClient (SwPrvWebClient) - Unknown owner - C:\WINDOWS\system32\60ws.exe
blade.
you will notice the combo fix said it ran in reduced functionality mode because it said it (the program) had an expired date but it installed the recovery consolen is this an issue?
rtv
Hi
Better get a fresh copy and run it. Recovery console got installed ok so you don't have to install it again.
Delete old ComboFix.exe and download a fresh copy from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Run it and post back its log & a fresh hjt log.
ComboFix 08-10-04.07 - Administrator 2008-10-05 11:04:15.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.914 [GMT -4:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Administrator\My Documents\SMBOLS~1
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\60ws.exe
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\F.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CRYPTSVCSWPRV
-------\Legacy_MCHINJDRV
-------\Legacy_SWPRVWEBCLIENT
-------\Service_CryptSvcSwPrv
-------\Service_SwPrvWebClient
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-10-01 17:52 . 2008-09-26 08:43 8,512 --a------ C:\WINDOWS\system32\drivers\ati1ttxxx.sys
2008-09-29 10:46 . 2008-09-29 10:46 18 --a------ C:\WINDOWS\system32\6A.tmp
2008-09-28 16:05 . 2008-09-28 16:05 18 --a------ C:\WINDOWS\system32\69.tmp
2008-09-28 16:04 . 2008-09-28 16:05 185,856 --a------ C:\WINDOWS\system32\68.tmp
2008-09-28 16:04 . 2008-09-28 16:04 48 --a------ C:\WINDOWS\system32\67.tmp
2008-09-28 09:03 . 2008-09-28 09:03 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-28 08:53 . 2008-09-28 08:53 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-09-26 21:30 . 2008-09-26 21:30 18 --a------ C:\WINDOWS\system32\66.tmp
2008-09-26 21:08 . 2008-09-26 21:08 186,368 --a------ C:\WINDOWS\system32\52.tmp
2008-09-26 21:08 . 2008-09-26 21:08 78,848 --a------ C:\WINDOWS\system32\51.tmp
2008-09-26 21:08 . 2008-09-26 21:08 41,984 --a------ C:\WINDOWS\system32\4F.tmp
2008-09-26 21:08 . 2008-09-26 21:08 37,032 --a------ C:\WINDOWS\system32\50.tmp
2008-09-26 21:08 . 2008-09-26 21:08 176 --a------ C:\WINDOWS\system32\4E.tmp
2008-09-26 21:08 . 2008-09-26 21:08 0 --a------ C:\WINDOWS\system32\53.tmp
2008-09-26 20:02 . 2008-09-26 20:02 186,368 --a------ C:\WINDOWS\system32\4C.tmp
2008-09-26 20:02 . 2008-09-26 20:02 78,848 --a------ C:\WINDOWS\system32\4B.tmp
2008-09-26 20:02 . 2008-09-26 20:02 41,984 --a------ C:\WINDOWS\system32\47.tmp
2008-09-26 20:02 . 2008-09-26 20:02 37,032 --a------ C:\WINDOWS\system32\4A.tmp
2008-09-26 20:02 . 2008-09-26 20:02 176 --a------ C:\WINDOWS\system32\36.tmp
2008-09-26 20:02 . 2008-09-26 20:02 18 --a------ C:\WINDOWS\system32\4D.tmp
2008-09-26 18:09 . 2008-09-26 18:09 186,368 --a------ C:\WINDOWS\system32\44.tmp
2008-09-26 18:09 . 2008-09-26 18:09 78,848 --a------ C:\WINDOWS\system32\43.tmp
2008-09-26 18:09 . 2008-09-26 18:09 41,984 --a------ C:\WINDOWS\system32\41.tmp
2008-09-26 18:09 . 2008-09-26 18:09 37,032 --a------ C:\WINDOWS\system32\42.tmp
2008-09-26 18:09 . 2008-09-26 18:09 18 --a------ C:\WINDOWS\system32\45.tmp
2008-09-26 18:08 . 2008-09-26 18:08 186,368 --a------ C:\WINDOWS\system32\34.tmp
2008-09-26 18:08 . 2008-09-26 18:08 78,848 --a------ C:\WINDOWS\system32\33.tmp
2008-09-26 18:08 . 2008-09-26 18:08 41,984 --a------ C:\WINDOWS\system32\31.tmp
2008-09-26 18:08 . 2008-09-26 18:08 37,032 --a------ C:\WINDOWS\system32\32.tmp
2008-09-26 18:08 . 2008-09-26 18:09 176 --a------ C:\WINDOWS\system32\37.tmp
2008-09-26 18:08 . 2008-09-26 18:08 176 --a------ C:\WINDOWS\system32\30.tmp
2008-09-26 18:08 . 2008-09-26 18:08 18 --a------ C:\WINDOWS\system32\35.tmp
2008-09-26 17:06 . 2008-09-26 17:06 186,368 --a------ C:\WINDOWS\system32\3F.tmp
2008-09-26 17:06 . 2008-09-26 17:06 78,848 --a------ C:\WINDOWS\system32\3E.tmp
2008-09-26 17:06 . 2008-09-26 17:06 41,984 --a------ C:\WINDOWS\system32\3C.tmp
2008-09-26 17:06 . 2008-09-26 17:06 37,032 --a------ C:\WINDOWS\system32\3D.tmp
2008-09-26 17:06 . 2008-09-26 17:06 176 --a------ C:\WINDOWS\system32\3B.tmp
2008-09-26 17:06 . 2008-09-26 17:06 18 --a------ C:\WINDOWS\system32\40.tmp
2008-09-26 15:54 . 2008-09-26 15:54 186,368 --a------ C:\WINDOWS\system32\2B.tmp
2008-09-26 15:54 . 2008-09-26 15:54 78,848 --a------ C:\WINDOWS\system32\2A.tmp
2008-09-26 15:54 . 2008-09-26 15:54 41,984 --a------ C:\WINDOWS\system32\28.tmp
2008-09-26 15:54 . 2008-09-26 15:54 37,032 --a------ C:\WINDOWS\system32\29.tmp
2008-09-26 15:54 . 2008-09-26 15:54 176 --a------ C:\WINDOWS\system32\27.tmp
2008-09-26 15:54 . 2008-09-26 15:54 18 --a------ C:\WINDOWS\system32\2F.tmp
2008-09-26 15:46 . 2008-09-26 15:46 186,368 --a------ C:\WINDOWS\system32\25.tmp
2008-09-26 15:46 . 2008-09-26 15:46 78,848 --a------ C:\WINDOWS\system32\21.tmp
2008-09-26 15:46 . 2008-09-26 15:46 41,984 --a------ C:\WINDOWS\system32\1F.tmp
2008-09-26 15:46 . 2008-09-26 15:46 37,032 --a------ C:\WINDOWS\system32\20.tmp
2008-09-26 15:46 . 2008-09-26 15:46 176 --a------ C:\WINDOWS\system32\1A.tmp
2008-09-26 15:46 . 2008-09-26 15:46 18 --a------ C:\WINDOWS\system32\26.tmp
2008-09-26 15:28 . 2008-09-26 15:28 29 --a------ C:\WINDOWS\system32\dswiuwsf.tmp
2008-09-26 15:27 . 2008-09-26 15:27 18 --a------ C:\WINDOWS\system32\24.tmp
2008-09-26 15:27 . 2008-09-26 15:27 18 --a------ C:\WINDOWS\system32\23.tmp
2008-09-26 15:26 . 2008-09-26 15:27 163,840 --a------ C:\WINDOWS\system32\22.tmp
2008-09-26 15:14 . 2008-09-26 15:26 52 --a------ C:\WINDOWS\system32\1B.tmp
2008-09-26 15:08 . 2008-09-26 15:26 52 --a------ C:\WINDOWS\system32\19.tmp
2008-09-26 15:04 . 2008-09-26 15:04 186,368 --a------ C:\WINDOWS\system32\17.tmp
2008-09-26 15:04 . 2008-09-26 15:04 78,848 --a------ C:\WINDOWS\system32\14.tmp
2008-09-26 15:04 . 2008-09-26 15:04 41,984 --a------ C:\WINDOWS\system32\15.tmp
2008-09-26 15:04 . 2008-09-26 15:04 37,032 --a------ C:\WINDOWS\system32\16.tmp
2008-09-26 15:04 . 2008-09-26 15:04 176 --a------ C:\WINDOWS\system32\13.tmp
2008-09-26 15:04 . 2008-09-26 15:04 18 --a------ C:\WINDOWS\system32\18.tmp
2008-09-26 13:19 . 2008-09-26 13:19 186,368 --a------ C:\WINDOWS\system32\C7.tmp
2008-09-26 13:19 . 2008-09-26 13:19 78,848 --a------ C:\WINDOWS\system32\C4.tmp
2008-09-26 13:19 . 2008-09-26 13:19 41,984 --a------ C:\WINDOWS\system32\C5.tmp
2008-09-26 13:19 . 2008-09-26 13:19 37,032 --a------ C:\WINDOWS\system32\C6.tmp
2008-09-26 13:19 . 2008-09-26 13:19 176 --a------ C:\WINDOWS\system32\C3.tmp
2008-09-26 13:19 . 2008-09-26 13:19 18 --a------ C:\WINDOWS\system32\C8.tmp
2008-09-26 12:13 . 2008-09-26 12:13 186,368 --a------ C:\WINDOWS\system32\B2.tmp
2008-09-26 12:13 . 2008-09-26 12:13 41,984 --a------ C:\WINDOWS\system32\B0.tmp
2008-09-26 12:13 . 2008-09-26 12:13 37,032 --a------ C:\WINDOWS\system32\B1.tmp
2008-09-26 12:13 . 2008-09-26 12:13 18 --a------ C:\WINDOWS\system32\B3.tmp
2008-09-26 12:12 . 2008-09-26 12:13 136 --a------ C:\WINDOWS\system32\AF.tmp
2008-09-26 11:15 . 2008-09-26 11:15 186,368 --a------ C:\WINDOWS\system32\7E.tmp
2008-09-26 11:15 . 2008-09-26 11:15 41,984 --a------ C:\WINDOWS\system32\7C.tmp
2008-09-26 11:15 . 2008-09-26 11:15 37,032 --a------ C:\WINDOWS\system32\7D.tmp
2008-09-26 11:15 . 2008-09-26 11:15 136 --a------ C:\WINDOWS\system32\7B.tmp
2008-09-26 11:15 . 2008-09-26 11:15 0 --a------ C:\WINDOWS\system32\7F.tmp
2008-09-26 10:38 . 2008-09-26 10:38 <DIR> d-------- C:\WINDOWS\Sun
2008-09-26 10:33 . 2008-09-26 10:33 37,032 --a------ C:\WINDOWS\system32\B.tmp
2008-09-26 10:33 . 2008-09-26 10:33 0 --a------ C:\WINDOWS\system32\12.tmp
2008-09-26 10:28 . 2008-09-26 10:28 <DIR> d-------- C:\Program Files\Sun
2008-09-26 10:28 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-26 10:27 . 2008-09-26 10:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-26 08:57 . 2008-09-26 08:57 20,480 --ahs---- C:\WINDOWS\system32\1Dr.dll
2008-09-26 08:43 . 2008-09-26 08:43 8,512 --a------ C:\WINDOWS\system32\netrp.sys
2008-09-26 08:43 . 2008-09-26 08:43 0 --a------ C:\WINDOWS\system32\11.tmp
2008-09-26 08:42 . 2008-09-26 08:43 136 --a------ C:\WINDOWS\system32\9.tmp
2008-09-25 22:08 . 2008-09-25 22:08 16,384 --ahs---- C:\WINDOWS\system32\58c.dll
2008-09-25 21:55 . 2008-09-25 21:55 92 --a------ C:\WINDOWS\system32\4.tmp
2008-09-25 21:55 . 2008-09-25 21:55 18 --a------ C:\WINDOWS\system32\8.tmp
2008-09-25 18:41 . 2008-09-25 18:41 92 --a------ C:\WINDOWS\system32\2.tmp
2008-09-25 18:41 . 2008-09-26 08:57 82 --a-s---- C:\WINDOWS\system32\598619786.dat
2008-09-25 18:41 . 2008-09-25 18:41 18 --a------ C:\WINDOWS\system32\5.tmp
2008-09-21 21:05 . 2008-09-30 18:24 2,296 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-21 17:50 . 2008-09-21 17:50 <DIR> d-------- C:\VundoFix Backups
2008-09-20 17:04 . 2008-09-20 17:04 199,168 --a------ C:\WINDOWS\system32\60.tmp
2008-09-20 17:04 . 2008-09-20 17:04 48 --a------ C:\WINDOWS\system32\5F.tmp
2008-09-20 17:04 . 2008-09-20 17:04 18 --a------ C:\WINDOWS\system32\61.tmp
2008-09-20 16:47 . 2008-09-20 16:47 199,168 --a------ C:\WINDOWS\system32\57.tmp
2008-09-20 16:47 . 2008-09-20 16:47 48 --a------ C:\WINDOWS\system32\55.tmp
2008-09-20 16:47 . 2008-09-20 16:47 18 --a------ C:\WINDOWS\system32\58.tmp
2008-09-20 15:00 . 2008-09-20 15:00 199,168 --a------ C:\WINDOWS\system32\48.tmp
2008-09-20 15:00 . 2008-09-20 15:00 48 --a------ C:\WINDOWS\system32\46.tmp
2008-09-20 15:00 . 2008-09-20 15:00 18 --a------ C:\WINDOWS\system32\49.tmp
2008-09-20 14:17 . 2008-09-20 14:17 199,168 --a------ C:\WINDOWS\system32\39.tmp
2008-09-20 14:17 . 2008-09-20 14:17 18 --a------ C:\WINDOWS\system32\3A.tmp
2008-09-20 14:16 . 2008-09-20 14:17 48 --a------ C:\WINDOWS\system32\38.tmp
2008-09-20 14:02 . 2008-09-20 14:02 199,168 --a------ C:\WINDOWS\system32\2D.tmp
2008-09-20 14:02 . 2008-09-20 14:02 48 --a------ C:\WINDOWS\system32\2C.tmp
2008-09-20 14:02 . 2008-09-20 14:02 18 --a------ C:\WINDOWS\system32\2E.tmp
2008-09-20 13:39 . 2008-09-20 13:39 199,168 --a------ C:\WINDOWS\system32\1D.tmp
2008-09-20 13:39 . 2008-09-20 13:39 48 --a------ C:\WINDOWS\system32\1C.tmp
2008-09-20 13:39 . 2008-09-20 13:39 18 --a------ C:\WINDOWS\system32\1E.tmp
2008-09-20 13:35 . 2008-09-20 13:35 48 --a------ C:\WINDOWS\system32\D.tmp
2008-09-20 13:35 . 2008-09-20 13:35 18 --a------ C:\WINDOWS\system32\10.tmp
2008-09-20 03:40 . 2008-09-20 03:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 03:40 . 2008-09-20 03:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 03:40 . 2008-09-20 03:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-20 03:40 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 03:40 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 21:46 . 2008-09-19 21:46 <DIR> d-------- C:\Program Files\uTorrent
2008-09-19 21:45 . 2008-09-19 21:45 <DIR> d-------- C:\WINDOWS\system32\p
2008-09-19 21:45 . 2008-09-19 21:45 <DIR> d-------- C:\WINDOWS\system32\np5
2008-09-19 21:45 . 2008-09-21 20:49 <DIR> d-------- C:\WINDOWS\system32\inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 01:28 90,112 ----a-w C:\WINDOWS\DUMP9078.tmp
2008-09-26 19:53 90,112 ----a-w C:\WINDOWS\DUMP9c6e.tmp
2008-09-26 19:03 90,112 ----a-w C:\WINDOWS\DUMP82eb.tmp
2008-09-26 14:28 --------- d-----w C:\Program Files\Java
2008-09-25 22:09 --------- d-----w C:\Program Files\TalkPCR
2008-09-20 07:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 23:33 --------- d-----w C:\Program Files\LandAirSea Systems
2008-07-06 15:10 348,160 ----a-w C:\WINDOWS\MSVCR71.DLL
2008-07-06 15:10 1,060,864 ----a-w C:\WINDOWS\MFC71.DLL
2008-07-06 15:09 40,960 ----a-w C:\WINDOWS\SimTestDll.dll
.
------- Sigcheck -------
2005-03-13 21:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 06:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 17:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-03-13 20:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 15:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 07:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 20:12 1041408 b0d52f609df94a72b4af3edf477c7c2e C:\WINDOWS\explorer.exe
2007-06-13 07:26 1040896 4580e16e92bb88da525a51e1b03b42e2 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 1040896 3225f4663de4cb04858403af116aef98 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 17:00 1039872 8fe830fbff9363952ed533a4022f5291 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 1041408 c074c20ff2cd9560706244ff3aad5724 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 17:00 23040 8cbacd9f0d3d6942fe10d134ed7ed764 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 20:12 23040 1f00a2901ffc1ba48321c06b5f2195f9 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 20:12 23040 d6cdc4fa4980a746a548be5d456ae7e4 C:\WINDOWS\system32\ctfmon.exe
2005-06-10 20:17 65536 ce3605a5b02be13080ad6fc62b00327a C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 19:53 65536 292419cc59317cc6ced2666a9ffcdde3 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 17:00 65536 53832404a4ae49aea8ad515644b979bc C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 20:12 65536 30721bc166cf511848d7340e167170f3 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 20:12 65536 c09cccb28b2a6307ef7e76e9c97b0e78 C:\WINDOWS\system32\spoolsv.exe
2004-08-04 17:00 32256 37bcdc79f48a0c7a83b48f31d6423247 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 33792 cdb8fe37d770759da584fa4a3c585666 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 20:12 33792 0d931ad3b3aa2bae592d3ed2d6392aea C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ponheg"="C:\Documents and Settings\Administrator\My Documents\?icrosoft\w?crtupd.exe" [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRunOnce"="C:\util\prunonce\PRunOnce.exe" [2004-08-06 118784]
"Panasonic HotKey Manager"="C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-06-13 983040]
"PCinfo"="C:\Program Files\Panasonic\PCINFO\SetDiag.exe" [2005-06-14 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 393216]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 C:\WINDOWS\AGRSMMSG.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WLAN network adaptor Wireless LAN Configuration.lnk - C:\WINDOWS\system32\wlansta.exe [2006-05-10 155719]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 14:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= nuvision.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ttxxx.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Panasonic Hand Writing.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Panasonic Hand Writing.lnk
backup=C:\WINDOWS\pss\Panasonic Hand Writing.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1702912 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2006-05-20 11:49 290816 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-06-13 09:16 536576 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--------- 2002-04-26 13:53 19968 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scroller]
--a------ 2005-04-18 15:18 90112 C:\WINDOWS\system32\FPapli.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\FreeFTP\\FreeFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 GPSFilter;Panasonic GPS Filter Service;C:\WINDOWS\system32\DRIVERS\gpsfilter.sys [2005-09-26 10112]
R1 ati1ttxxx;ati1ttxxx;C:\WINDOWS\system32\drivers\ati1ttxxx.sys [2008-09-26 8512]
R2 brecal;Panasonic Battery Recalibration Driver;C:\Program Files\Panasonic\BRECAL\Brecal.sys [2004-11-15 7168]
R2 pcinfo;Panasonic PC Info. Viewer Driver;C:\Program Files\Panasonic\PCINFO\pcinfo.sys [2004-11-04 7168]
R2 SDKEY;Panasonic SD Misc. Function Driver;C:\Program Files\Panasonic\SDKEY\SDKEY.SYS [2005-04-21 8192]
R3 FIDMOU;Fujitsu touchpad;C:\WINDOWS\system32\DRIVERS\Fidmou.sys [2005-04-18 23463]
R3 HOTKEY;Panasonic Hotkey Driver;C:\WINDOWS\system32\DRIVERS\HOTKEY.SYS [2003-03-17 9216]
R3 vidcap;vidcap;C:\WINDOWS\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
S0 fvac;fvac;C:\WINDOWS\system32\drivers\xlrp.sys [ ]
S0 hwqud;hwqud;C:\WINDOWS\system32\drivers\cjvwgp.sys [ ]
S0 xeljap;xeljap;C:\WINDOWS\system32\drivers\uhktyh.sys [ ]
S2 NUWNNTWO;NUWNNTWO;C:\WINDOWS\system32\drivers\NUWNNTWO.sys [ ]
S2 USBHSB;GeneLink File Transfer Driver;C:\WINDOWS\system32\Drivers\usbhsb.sys [2001-12-17 18690]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];C:\WINDOWS\system32\Drivers\VRDVC20X.SYS [2004-11-09 04:02 31104]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 NuVision;Hauppauge WinTV USB Pro (NTSC);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 260144]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 WLAN;IEEE 802.11b WLAN network adaptor Driver;C:\WINDOWS\system32\DRIVERS\WLANNDS.sys [2003-10-17 651776]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\264zyfxi.default\
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 11:08:38
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-05 11:13:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 15:13:12
ComboFix2.txt 2008-10-05 01:31:15
ComboFix3.txt 2008-09-22 00:53:25
ComboFix4.txt 2008-02-03 17:59:13
Pre-Run: 30,612,865,536 bytes free
Post-Run: 30,583,459,328 bytes free
312 --- E O F --- 2008-09-11 03:34:02
Logfile of HijackThis v1.99.1
Scan saved at 11:16:29, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wlansta.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\hij.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\prefs.js)
O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE"
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Ponheg] "C:\Documents and Settings\Administrator\My Documents\?icrosoft\w?crtupd.exe"
O4 - Global Startup: WLAN network adaptor Wireless LAN Configuration.lnk = ?
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} (JMWiseCam Control) - http://192.168.1.199/JMWiseCam.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Hi
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
BitTorrent
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete these folders afterwards:
C:\Program Files\uTorrent
C:\Program Files\BitTorrent
Empty Recycle Bin.
After that:
Start hjt, do a system scan, check (if found):
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
Close browsers and fix checked.
Open notepad and copy/paste the text in the quotebox below into it:
Driver::
ati1ttxxx
fvac
hwqud
xeljap
NUWNNTWO
File::
C:\WINDOWS\system32\drivers\ati1ttxxx.sys
C:\WINDOWS\system32\6A.tmp
C:\WINDOWS\system32\69.tmp
C:\WINDOWS\system32\68.tmp
C:\WINDOWS\system32\67.tmp
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\66.tmp
C:\WINDOWS\system32\52.tmp
C:\WINDOWS\system32\51.tmp
C:\WINDOWS\system32\4F.tmp
C:\WINDOWS\system32\50.tmp
C:\WINDOWS\system32\4E.tmp
C:\WINDOWS\system32\53.tmp
C:\WINDOWS\system32\4C.tmp
C:\WINDOWS\system32\4B.tmp
C:\WINDOWS\system32\47.tmp
C:\WINDOWS\system32\4A.tmp
C:\WINDOWS\system32\36.tmp
C:\WINDOWS\system32\4D.tmp
C:\WINDOWS\system32\44.tmp
C:\WINDOWS\system32\43.tmp
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\42.tmp
C:\WINDOWS\system32\45.tmp
C:\WINDOWS\system32\34.tmp
C:\WINDOWS\system32\33.tmp
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\32.tmp
C:\WINDOWS\system32\37.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\35.tmp
C:\WINDOWS\system32\3F.tmp
C:\WINDOWS\system32\3E.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\3D.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\40.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\2A.tmp
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\29.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\2F.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\21.tmp
C:\WINDOWS\system32\1F.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\1A.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\dswiuwsf.tmp
C:\WINDOWS\system32\24.tmp
C:\WINDOWS\system32\23.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\1B.tmp
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\C7.tmp
C:\WINDOWS\system32\C4.tmp
C:\WINDOWS\system32\C5.tmp
C:\WINDOWS\system32\C6.tmp
C:\WINDOWS\system32\C3.tmp
C:\WINDOWS\system32\C8.tmp
C:\WINDOWS\system32\B2.tmp
C:\WINDOWS\system32\B0.tmp
C:\WINDOWS\system32\B1.tmp
C:\WINDOWS\system32\B3.tmp
C:\WINDOWS\system32\AF.tmp
C:\WINDOWS\system32\7E.tmp
C:\WINDOWS\system32\7C.tmp
C:\WINDOWS\system32\7D.tmp
C:\WINDOWS\system32\7B.tmp
C:\WINDOWS\system32\7F.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\1Dr.dll
C:\WINDOWS\system32\netrp.sys
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\58c.dll
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\598619786.dat
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\60.tmp
C:\WINDOWS\system32\5F.tmp
C:\WINDOWS\system32\61.tmp
C:\WINDOWS\system32\57.tmp
C:\WINDOWS\system32\55.tmp
C:\WINDOWS\system32\58.tmp
C:\WINDOWS\system32\48.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\49.tmp
C:\WINDOWS\system32\39.tmp
C:\WINDOWS\system32\3A.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\2D.tmp
C:\WINDOWS\system32\2C.tmp
C:\WINDOWS\system32\2E.tmp
C:\WINDOWS\system32\1D.tmp
C:\WINDOWS\system32\1C.tmp
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\DUMP9078.tmp
C:\WINDOWS\DUMP9c6e.tmp
C:\WINDOWS\DUMP82eb.tmp
C:\WINDOWS\system32\FPapli.exe
C:\WINDOWS\system32\drivers\xlrp.sys
C:\WINDOWS\system32\drivers\cjvwgp.sys
C:\WINDOWS\system32\drivers\uhktyh.sys
C:\WINDOWS\system32\drivers\NUWNNTWO.sys
Folder::
C:\VundoFix Backups
C:\Program Files\uTorrent
C:\WINDOWS\system32\p
C:\WINDOWS\system32\np5
C:\WINDOWS\system32\inf
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ponheg"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ttxxx.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scroller]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall all old Java versions (below Java Runtime Environment (JRE) 6 Update 7)
Uninstall old Adobe Reader and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm).
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh hjt log and above meantioned ComboFix resultant log.
do you think it safe for me to put this computer online now? i have been doing everything on a different computer and transferring w an sd card
to avoid it going out and getting/sending bad stuff.
the kasperski i think i would have to connect!
ComboFix 08-10-04.07 - Administrator 2008-10-05 12:27:31.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.877 [GMT -4:00]
Running from: E:\ComboFix.exe
Command switches used :: E:\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\DUMP82eb.tmp
C:\WINDOWS\DUMP9078.tmp
C:\WINDOWS\DUMP9c6e.tmp
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\1A.tmp
C:\WINDOWS\system32\1B.tmp
C:\WINDOWS\system32\1C.tmp
C:\WINDOWS\system32\1D.tmp
C:\WINDOWS\system32\1Dr.dll
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\1F.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\21.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\23.tmp
C:\WINDOWS\system32\24.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\29.tmp
C:\WINDOWS\system32\2A.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\2C.tmp
C:\WINDOWS\system32\2D.tmp
C:\WINDOWS\system32\2E.tmp
C:\WINDOWS\system32\2F.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\32.tmp
C:\WINDOWS\system32\33.tmp
C:\WINDOWS\system32\34.tmp
C:\WINDOWS\system32\35.tmp
C:\WINDOWS\system32\36.tmp
C:\WINDOWS\system32\37.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\39.tmp
C:\WINDOWS\system32\3A.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\3D.tmp
C:\WINDOWS\system32\3E.tmp
C:\WINDOWS\system32\3F.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\40.tmp
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\42.tmp
C:\WINDOWS\system32\43.tmp
C:\WINDOWS\system32\44.tmp
C:\WINDOWS\system32\45.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\47.tmp
C:\WINDOWS\system32\48.tmp
C:\WINDOWS\system32\49.tmp
C:\WINDOWS\system32\4A.tmp
C:\WINDOWS\system32\4B.tmp
C:\WINDOWS\system32\4C.tmp
C:\WINDOWS\system32\4D.tmp
C:\WINDOWS\system32\4E.tmp
C:\WINDOWS\system32\4F.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\50.tmp
C:\WINDOWS\system32\51.tmp
C:\WINDOWS\system32\52.tmp
C:\WINDOWS\system32\53.tmp
C:\WINDOWS\system32\55.tmp
C:\WINDOWS\system32\57.tmp
C:\WINDOWS\system32\58.tmp
C:\WINDOWS\system32\58c.dll
C:\WINDOWS\system32\598619786.dat
C:\WINDOWS\system32\5F.tmp
C:\WINDOWS\system32\60.tmp
C:\WINDOWS\system32\61.tmp
C:\WINDOWS\system32\66.tmp
C:\WINDOWS\system32\67.tmp
C:\WINDOWS\system32\68.tmp
C:\WINDOWS\system32\69.tmp
C:\WINDOWS\system32\6A.tmp
C:\WINDOWS\system32\7B.tmp
C:\WINDOWS\system32\7C.tmp
C:\WINDOWS\system32\7D.tmp
C:\WINDOWS\system32\7E.tmp
C:\WINDOWS\system32\7F.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\AF.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\B0.tmp
C:\WINDOWS\system32\B1.tmp
C:\WINDOWS\system32\B2.tmp
C:\WINDOWS\system32\B3.tmp
C:\WINDOWS\system32\C3.tmp
C:\WINDOWS\system32\C4.tmp
C:\WINDOWS\system32\C5.tmp
C:\WINDOWS\system32\C6.tmp
C:\WINDOWS\system32\C7.tmp
C:\WINDOWS\system32\C8.tmp
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\drivers\ati1ttxxx.sys
C:\WINDOWS\system32\drivers\cjvwgp.sys
C:\WINDOWS\system32\drivers\NUWNNTWO.sys
C:\WINDOWS\system32\drivers\uhktyh.sys
C:\WINDOWS\system32\drivers\xlrp.sys
C:\WINDOWS\system32\dswiuwsf.tmp
C:\WINDOWS\system32\FPapli.exe
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\netrp.sys
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\WINDOWS\DUMP82eb.tmp
C:\WINDOWS\DUMP9078.tmp
C:\WINDOWS\DUMP9c6e.tmp
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\1A.tmp
C:\WINDOWS\system32\1B.tmp
C:\WINDOWS\system32\1C.tmp
C:\WINDOWS\system32\1D.tmp
C:\WINDOWS\system32\1Dr.dll
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\1F.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\21.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\23.tmp
C:\WINDOWS\system32\24.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\29.tmp
C:\WINDOWS\system32\2A.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\2C.tmp
C:\WINDOWS\system32\2D.tmp
C:\WINDOWS\system32\2E.tmp
C:\WINDOWS\system32\2F.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\32.tmp
C:\WINDOWS\system32\33.tmp
C:\WINDOWS\system32\34.tmp
C:\WINDOWS\system32\35.tmp
C:\WINDOWS\system32\36.tmp
C:\WINDOWS\system32\37.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\39.tmp
C:\WINDOWS\system32\3A.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\3D.tmp
C:\WINDOWS\system32\3E.tmp
C:\WINDOWS\system32\3F.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\40.tmp
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\42.tmp
C:\WINDOWS\system32\43.tmp
C:\WINDOWS\system32\44.tmp
C:\WINDOWS\system32\45.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\47.tmp
C:\WINDOWS\system32\48.tmp
C:\WINDOWS\system32\49.tmp
C:\WINDOWS\system32\4A.tmp
C:\WINDOWS\system32\4B.tmp
C:\WINDOWS\system32\4C.tmp
C:\WINDOWS\system32\4D.tmp
C:\WINDOWS\system32\4E.tmp
C:\WINDOWS\system32\4F.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\50.tmp
C:\WINDOWS\system32\51.tmp
C:\WINDOWS\system32\52.tmp
C:\WINDOWS\system32\53.tmp
C:\WINDOWS\system32\55.tmp
C:\WINDOWS\system32\57.tmp
C:\WINDOWS\system32\58.tmp
C:\WINDOWS\system32\58c.dll
C:\WINDOWS\system32\598619786.dat
C:\WINDOWS\system32\5F.tmp
C:\WINDOWS\system32\60.tmp
C:\WINDOWS\system32\61.tmp
C:\WINDOWS\system32\66.tmp
C:\WINDOWS\system32\67.tmp
C:\WINDOWS\system32\68.tmp
C:\WINDOWS\system32\69.tmp
C:\WINDOWS\system32\6A.tmp
C:\WINDOWS\system32\7B.tmp
C:\WINDOWS\system32\7C.tmp
C:\WINDOWS\system32\7D.tmp
C:\WINDOWS\system32\7E.tmp
C:\WINDOWS\system32\7F.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\AF.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\B0.tmp
C:\WINDOWS\system32\B1.tmp
C:\WINDOWS\system32\B2.tmp
C:\WINDOWS\system32\B3.tmp
C:\WINDOWS\system32\C3.tmp
C:\WINDOWS\system32\C4.tmp
C:\WINDOWS\system32\C5.tmp
C:\WINDOWS\system32\C6.tmp
C:\WINDOWS\system32\C7.tmp
C:\WINDOWS\system32\C8.tmp
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\drivers\ati1ttxxx.sys
C:\WINDOWS\system32\dswiuwsf.tmp
C:\WINDOWS\system32\FPapli.exe
C:\WINDOWS\system32\inf
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\netrp.sys
C:\WINDOWS\system32\np5
C:\WINDOWS\system32\np5\sfeth112.exe
C:\WINDOWS\system32\p
C:\WINDOWS\system32\p\xerd2140.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI1TTXXX
-------\Legacy_NUWNNTWO
-------\Service_ati1ttxxx
-------\Service_fvac
-------\Service_hwqud
-------\Service_NUWNNTWO
-------\Service_xeljap
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-09-26 21:29 . 2008-09-26 21:30 186,368 --a------ C:\WINDOWS\system32\65.tmp
2008-09-26 21:29 . 2008-09-26 21:29 186,368 --a------ C:\WINDOWS\system32\5B.tmp
2008-09-26 21:29 . 2008-09-26 21:29 78,848 --a------ C:\WINDOWS\system32\64.tmp
2008-09-26 21:29 . 2008-09-26 21:29 78,848 --a------ C:\WINDOWS\system32\5A.tmp
2008-09-26 21:29 . 2008-09-26 21:29 41,984 --a------ C:\WINDOWS\system32\62.tmp
2008-09-26 21:29 . 2008-09-26 21:29 41,984 --a------ C:\WINDOWS\system32\56.tmp
2008-09-26 21:29 . 2008-09-26 21:29 37,032 --a------ C:\WINDOWS\system32\63.tmp
2008-09-26 21:29 . 2008-09-26 21:29 37,032 --a------ C:\WINDOWS\system32\59.tmp
2008-09-26 21:29 . 2008-09-26 21:29 176 --a------ C:\WINDOWS\system32\5E.tmp
2008-09-26 21:29 . 2008-09-26 21:29 176 --a------ C:\WINDOWS\system32\54.tmp
2008-09-26 21:29 . 2008-09-26 21:29 18 --a------ C:\WINDOWS\system32\5C.tmp
2008-09-26 10:38 . 2008-09-26 10:38 <DIR> d-------- C:\WINDOWS\Sun
2008-09-26 10:28 . 2008-09-26 10:28 <DIR> d-------- C:\Program Files\Sun
2008-09-26 10:28 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-26 10:27 . 2008-09-26 10:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-20 03:40 . 2008-09-20 03:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 03:40 . 2008-09-20 03:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 03:40 . 2008-09-20 03:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-20 03:40 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 03:40 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 21:45 . 2008-09-20 11:30 <DIR> d-------- C:\WINDOWS\system32\ES
2008-09-19 21:45 . 2008-09-19 21:45 <DIR> d-------- C:\Temp\mtc2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 14:28 --------- d-----w C:\Program Files\Java
2008-09-25 22:09 --------- d-----w C:\Program Files\TalkPCR
2008-09-20 07:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 23:33 --------- d-----w C:\Program Files\LandAirSea Systems
2008-07-06 15:10 348,160 ----a-w C:\WINDOWS\MSVCR71.DLL
2008-07-06 15:10 1,060,864 ----a-w C:\WINDOWS\MFC71.DLL
2008-07-06 15:09 40,960 ----a-w C:\WINDOWS\SimTestDll.dll
.
------- Sigcheck -------
2005-03-13 21:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 06:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 17:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-03-13 20:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 15:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 07:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 20:12 1041408 b0d52f609df94a72b4af3edf477c7c2e C:\WINDOWS\explorer.exe
2007-06-13 07:26 1040896 4580e16e92bb88da525a51e1b03b42e2 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 1040896 3225f4663de4cb04858403af116aef98 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 17:00 1039872 8fe830fbff9363952ed533a4022f5291 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 1041408 c074c20ff2cd9560706244ff3aad5724 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 17:00 23040 8cbacd9f0d3d6942fe10d134ed7ed764 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 20:12 23040 1f00a2901ffc1ba48321c06b5f2195f9 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 20:12 23040 d6cdc4fa4980a746a548be5d456ae7e4 C:\WINDOWS\system32\ctfmon.exe
2005-06-10 20:17 65536 ce3605a5b02be13080ad6fc62b00327a C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 19:53 65536 292419cc59317cc6ced2666a9ffcdde3 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 17:00 65536 53832404a4ae49aea8ad515644b979bc C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 20:12 65536 30721bc166cf511848d7340e167170f3 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 20:12 65536 c09cccb28b2a6307ef7e76e9c97b0e78 C:\WINDOWS\system32\spoolsv.exe
2004-08-04 17:00 32256 37bcdc79f48a0c7a83b48f31d6423247 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 33792 cdb8fe37d770759da584fa4a3c585666 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 20:12 33792 0d931ad3b3aa2bae592d3ed2d6392aea C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRunOnce"="C:\util\prunonce\PRunOnce.exe" [2004-08-06 118784]
"Panasonic HotKey Manager"="C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-06-13 983040]
"PCinfo"="C:\Program Files\Panasonic\PCINFO\SetDiag.exe" [2005-06-14 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 393216]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 C:\WINDOWS\AGRSMMSG.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WLAN network adaptor Wireless LAN Configuration.lnk - C:\WINDOWS\system32\wlansta.exe [2006-05-10 155719]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 14:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= nuvision.ax
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Panasonic Hand Writing.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Panasonic Hand Writing.lnk
backup=C:\WINDOWS\pss\Panasonic Hand Writing.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1702912 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2006-05-20 11:49 290816 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-06-13 09:16 536576 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--------- 2002-04-26 13:53 19968 C:\Program Files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\FreeFTP\\FreeFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 GPSFilter;Panasonic GPS Filter Service;C:\WINDOWS\system32\DRIVERS\gpsfilter.sys [2005-09-26 10112]
R2 brecal;Panasonic Battery Recalibration Driver;C:\Program Files\Panasonic\BRECAL\Brecal.sys [2004-11-15 7168]
R2 pcinfo;Panasonic PC Info. Viewer Driver;C:\Program Files\Panasonic\PCINFO\pcinfo.sys [2004-11-04 7168]
R2 SDKEY;Panasonic SD Misc. Function Driver;C:\Program Files\Panasonic\SDKEY\SDKEY.SYS [2005-04-21 8192]
R3 FIDMOU;Fujitsu touchpad;C:\WINDOWS\system32\DRIVERS\Fidmou.sys [2005-04-18 23463]
R3 HOTKEY;Panasonic Hotkey Driver;C:\WINDOWS\system32\DRIVERS\HOTKEY.SYS [2003-03-17 9216]
R3 vidcap;vidcap;C:\WINDOWS\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
S2 USBHSB;GeneLink File Transfer Driver;C:\WINDOWS\system32\Drivers\usbhsb.sys [2001-12-17 18690]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];C:\WINDOWS\system32\Drivers\VRDVC20X.SYS [2004-11-09 04:02 31104]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 NuVision;Hauppauge WinTV USB Pro (NTSC);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 260144]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 WLAN;IEEE 802.11b WLAN network adaptor Driver;C:\WINDOWS\system32\DRIVERS\WLANNDS.sys [2003-10-17 651776]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 12:32:26
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-05 12:37:08 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-10-05 16:37:02
ComboFix2.txt 2008-10-05 15:13:26
ComboFix3.txt 2008-10-05 01:31:15
ComboFix4.txt 2008-09-22 00:53:25
ComboFix5.txt 2008-10-05 16:26:22
Pre-Run: 30,733,098,496 bytes free
Post-Run: 30,684,529,664 bytes free
417 --- E O F --- 2008-09-11 03:34:02
Hi
Yes, let's do Kaspersky scan (and other remaining things on the list) at this point :)
well i did the kasperski and like i was worried about.. as soon as i went on line i think it went out and reloaded all the nasty stuff and its pretty well screwed up!!!:sad:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 06, 2008 13:05:11
Records in database: 1294374
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 53293
Threat name: 33
Infected objects: 1730
Suspicious objects: 0
Duration of the scan: 01:34:40
File name / Threat name / Threats count
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe/C:\Program Files\Intel\Wireless\Bin\EvtEng.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe/C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe/C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\spoolsv.exe/C:\WINDOWS\system32\spoolsv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Explorer.EXE/C:\WINDOWS\Explorer.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\System32\SCardSvr.exe/C:\WINDOWS\System32\SCardSvr.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe/C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Infected: Virus.Win32.Virut.br 1
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe/C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE/C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe/C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wlansta.exe/C:\WINDOWS\system32\wlansta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\System32\alg.exe/C:\WINDOWS\System32\alg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wscntfy.exe/C:\WINDOWS\system32\wscntfy.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\archos\TPPALDR.EXE Infected: Virus.Win32.Virut.br 1
C:\dl stuff\archos\TPPNTTRY.EXE Infected: Virus.Win32.Virut.br 1
C:\dl stuff\archos\TPPSTRAY.EXE Infected: Virus.Win32.Virut.br 1
C:\dl stuff\archos\TPPUN.EXE Infected: Virus.Win32.Virut.br 1
C:\dl stuff\archos\USBJBM.EXE Infected: Virus.Win32.Virut.br 1
C:\dl stuff\Autoruns\autoruns.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\Autoruns\autorunsc.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\DRTCP021.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\FELIX2.EXE Infected: Virus.Win32.Virut.br 1
C:\dl stuff\photos\new_hcwclear\hcwclear.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\photoshop\Photoshop CS2\Adobe DNG Converter\Adobe DNG Converter.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\setup.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\photoshop\Photoshop CS2\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\SlingPlayer_1.0.5.140_full\dx\dxsetup.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\stinger.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\TalkPCR3.0beta.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\uninstall_flash_player.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\winrar\Rar.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\winrar\RarExtLoader.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\winrar\Uninstall.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\winrar\UnRAR.exe Infected: Virus.Win32.Virut.br 1
C:\dl stuff\winrar\WinRAR.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0d96-2c4b2aae.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-4fa94485.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Administrator\Application Data\BitTorrent\incomplete\5f3cfb23-2d6f\unlocker\GarminUnlocker.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\Mail\mail.wwnet.net\edit Infected: Email-Worm.Win32.Myparty.a 1
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\Mail\mail.wwnet.net\Inbox Infected: Trojan-Downloader.JS.Iframe.sh 1
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\l0hnf070.slt\Mail\mail.wwnet.net\Inbox Infected: Trojan-Spy.Win32.Zbot.edw 2
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\404Fix.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\AntiXPVSTFix.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\dumphive.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\exit.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\GenericRenosFix.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\HostsChk.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\IEDFix.C.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\IEDFix.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\o4Patch.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Policies.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmiUpdate.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\swreg.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\swsc.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\swxcacls.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\UIFix.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\unzip.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\VACFix.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\WS2Fix.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Administrator\Desktop\VundoFix.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\ScanningProcess.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\Administrator\Local Settings\temp\set53.tmp Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem4642_symnet_4.7.3_english\Message.exe Infected: Virus.Win32.Virut.br 1
C:\Garmin\MapSource.exe Infected: Virus.Win32.Virut.br 1
C:\Garmin\UnlockWizard.exe Infected: Virus.Win32.Virut.br 1
C:\Garmin\WebUpdater\WebUpdater.exe Infected: Virus.Win32.Virut.br 1
C:\garmin updates\gpscomputerinterface\g7towin.exe Infected: Virus.Win32.Virut.br 1
C:\garmin updates\vis2.28\UPDATER.EXE Infected: Virus.Win32.Virut.br 1
C:\GenelinkUSBtransfercable\Genelink USB transfer cable\Genelink\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\GenelinkUSBtransfercable\Genelink USB transfer cable\Genelink\_ISDel.exe Infected: Virus.Win32.Virut.br 1
C:\Genesys Logic\USB File Transfer 1.11A\GeneLink.exe Infected: Virus.Win32.Virut.br 1
C:\OCR Eng v5.0\disk1\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\pcr1000\icom software\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\pcr1000\talkpcr\epromback\radiocom backup\SPCR.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\CoverDesigner\CoverDes.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero\nero.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero\NeroCmd.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero BackItUp\NBR.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Ahead\WMPBurn\WMPBurn.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\AlfaClock\AlfaClock.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\AOD\AolAod.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Audacity\audacity.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\template.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Ahead\Lib\specialoffer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06\launcher.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06\zipper.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Nero\Uninstall\setupx.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Teleca Shared\DCU-11\UninstallDriver.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Teleca Shared\DSS-20\Ftdiunin.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Teleca Shared\DSS-25\Ftdiunin.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Teleca Shared\Generic.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Teleca Shared\SequentialStarter.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Diamond Cut Productions\DCLive6 Demo\DCLive6Demo.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\DivX\DivX Codec\config.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\DivX\DivX Codec\DivX EKG.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\DivX\DivX Converter\Converter.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\DivX\DivX Player\DivX Player.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\FreeFTP\FreeFTP.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Garmin\xImage\xImage.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Gemplus\ReaderTools\Installer\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Genesys Logic\USB File Transfer 1.11A\GeneLink.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Google\Google Earth\googleearth.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Google\Google Earth\gpsbabel.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\GPLGS\gswin32c.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\GPSDiag\GPSDiag.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\HijackThis\hij.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{30348D0E-37F0-41EE-869B-F0441A87FFEC}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{3A4D8493-60C5-4051-8D2D-877FDF3E4346}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{45D39011-AD99-4980-ADF9-B8202173668D}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{5408344D-95C0-486A-9539-36EBBACADC68}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{5639BE8E-33DA-402A-B414-1FBED9CC50E1}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{6714CE3A-FEDD-497F-8072-C8A9A8E4F1DA}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{6DAA0AF0-3B51-4EE0-83CC-47A3582DFA51}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{93994589-6A13-49BE-8AF6-12AAC9A28529}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{B18C20D2-A3E9-422D-9136-99B5BDD6565D}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{DEEFA812-64A6-4083-BB38-87F68B6BA820}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\DrWiFi.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\iWrap.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\PfWizard.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Intel\Wireless\Drivers\SetupWLD.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\iexplore.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\java-rmi.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\java.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\javacpl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\keytool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\kinit.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\klist.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\ktab.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\orbd.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\pack200.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\policytool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\rmid.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\rmiregistry.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\servertool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\ssvagent.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\tnameserv.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.6.0_07\bin\unpack200.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\LandAirSea Systems\Past-Track\Past-Track.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\LandAirSea Systems\Past-Track\REGSVR32.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\LandAirSea Systems\Past-Track\UTracking.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\look angle calc\lookangl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\ltmoh\ltmoh.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Movie Maker\moviemk.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\MSN\MsnInstaller\msninst.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Netflix\Netflix Movie Viewer\InstallChecker.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Netflix\Netflix Movie Viewer\ResetDRM.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\NetMeeting\cb32.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\NetMeeting\conf.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\NetMeeting\wb32.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Network Stumbler\NetStumbler.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\03EA7907 Infected: Trojan-Downloader.Win32.PurityScan.fy 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1B6279E0 Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1B6279E0 Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\303F4088 Infected: Trojan-Downloader.Win32.TSUpdate.n 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\33555A5A Infected: not-a-virus:AdWare.Win32.CommAd.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B8C0524 Infected: Trojan.Win32.Agent.anr 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\400D6A2F.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49B652B4 Infected: Rootkit.Win32.Agent.eq 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\53986DD3 Infected: Trojan-Downloader.Win32.VB.awj 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5BCF0CC8 Infected: not-a-virus:AdWare.Win32.CommAd.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5BD336C5 Infected: Trojan-Downloader.Win32.TSUpdate.o 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5BD336C5 Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5BE05EB6 Infected: Trojan-Downloader.Win32.TSUpdate.r 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5BE308B3 Infected: Trojan-Downloader.Win32.TSUpdate.f 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\612A57DF Infected: not-a-virus:AdWare.Win32.PurityScan.fk 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\67E22BC9.htm Infected: Trojan-Downloader.VBS.Psyme.qh 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B45320D Infected: not-a-virus:AdWare.Win32.Agent.co 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B485C0A Infected: Trojan-Downloader.Win32.TSUpdate.l 1
C:\Program Files\Outlook Express\msimn.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Outlook Express\oemig50.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Outlook Express\setup50.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Outlook Express\wab.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Outlook Express\wabmig.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\BRECAL\Brecal.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\BRECAL\rebootex.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\DMI\DMIVIEW.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\HotKey Appendix\hkeyapp.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\Hotkey Settings\HKEYSET.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\ienlarge\ChgTheme.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\ienlarge\ienlarge.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\Loupe\loupe.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\PCINFO\PcInfoBm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\PCINFO\SetDiag.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\SDKEY\SdKeyEnv.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\SDKEY\SdStart.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Panasonic\WRITING\WRITING.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\PCRPro\PcrPro.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\PCRPro1\PcrPro.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\QuickTime\PictureViewer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\QuickTime\QTInfo.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\QuickTime\QTSystem\QTPluginInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\QuickTime\qttask.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\QuickTime\QuickTimePlayer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Real\RealPlayer\fixrjb.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Real\RealPlayer\realjbox.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Real\RealPlayer\rphelperapp.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\SatScape\SatScape.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\SatScape\wispdde.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\SIM editor\SimCardc.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony\VRD-VCX\MpegCap.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Connection Wizard\ConnectionWizard.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\File Manager\dmassist.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\File Manager\FMObexServer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Networking Wizard\mnadmin.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Networking Wizard\mngui.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\caleditatl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\catcheventatl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\closedbgout.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\dbgout.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epm_util.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\setdbgout.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\setregsecurity.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Notifier\Notifier.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\PhoneInfo\PhoneInfo.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Sync Manager\DXP Pim.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Sync Manager\DXP SyncML.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Sync Manager\SyncController.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Sync Manager\SyncEngineApp.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Sync Manager\SyncIndicator.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Sync Manager\SyncMLDesktopServer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Sync Manager\SyncStarter.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Telecalib\Log Settings\LogSettings.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sony Ericsson\Mobile2\Tools\SyncDebug.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Spybot - Search & Destroy\SDFiles.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Spybot - Search & Destroy\SDShred.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Sun\OpenOffice.org Installer 1.0\ooostub.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\TalkPCR\TalkPCR.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Unlocker\Unlocker.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Unlocker\UnlockerAssistant.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\USAPhotoMaps\unzip.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\USAPhotoMaps\USAPhotoMaps.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\USB6800 Instant Drive\Application Software\Manager.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\USB6800 Instant Drive\Application Software\PassMan.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\USB6800 Instant Drive\Application Software\Startup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\USB6800 Instant Drive\Win98 Driver\DrvSetup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Winamp\winamp.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Winamp\winampa.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinAVIVideoConverter\WinAVI.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinAVIVideoConverter\WinAVIcmd.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Connect 2\wmccds.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Connect 2\WMCCFG.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\migrate.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\mplayer2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\setup_wm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\wmdbexport.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\wmlaunch.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\wmpenc.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\wmplayer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\wmpnetwk.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\wmpnscfg.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\wmpshare.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows Media Player\wmsetsdk.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows NT\Accessories\wordpad.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows NT\dialer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows NT\hypertrm.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Windows NT\Pinball\pinball.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinRAR\Rar.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinRAR\RarExtLoader.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinRAR\Uninstall.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinRAR\UnRAR.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinRAR\WinRAR.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinTV\amcap.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinTV\exec.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinTV\hcwclear.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinTV\Primary.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinTV\prodinfo.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinTV\UNTV32.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\WinTV\WinTV2K.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\ZD Soft\Video Recorder\instdrv.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\ZD Soft\Video Recorder\vrecorder.exe Infected: Virus.Win32.Virut.br 1
C:\QooBox\Quarantine\C\WINDOWS\system32\14.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\17.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\1D.tmp.vir Infected: Backdoor.Win32.Frauder.fk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\21.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\25.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\2A.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\2B.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\2D.tmp.vir Infected: Backdoor.Win32.Frauder.fk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\33.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\34.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\39.tmp.vir Infected: Backdoor.Win32.Frauder.fk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\3E.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\3F.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\43.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\44.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\48.tmp.vir Infected: Backdoor.Win32.Frauder.fk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\4B.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\4C.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\51.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\52.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\57.tmp.vir Infected: Backdoor.Win32.Frauder.fk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\6.tmp.vir Infected: Backdoor.Win32.IRCBot.gbn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\60.tmp.vir Infected: Backdoor.Win32.Frauder.fk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\60ws.exe.vir Infected: Virus.Win32.Virut.br 1
C:\QooBox\Quarantine\C\WINDOWS\system32\68.tmp.vir Infected: Trojan-Downloader.Win32.Small.aeaq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\7.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\7E.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\awvts.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\B2.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\C4.tmp.vir Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\C7.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ati1ttxxx.sys.vir Infected: Trojan-Spy.Win32.Goldun.baf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\F.tmp.vir Infected: Backdoor.Win32.Frauder.ib 1
C:\QooBox\Quarantine\C\WINDOWS\system32\FPapli.exe.vir Infected: Virus.Win32.Virut.br 1
C:\QooBox\Quarantine\C\WINDOWS\system32\inf\TNP43I46.exe.vir Infected: Trojan-Clicker.Win32.Agent.dne 1
C:\QooBox\Quarantine\C\WINDOWS\system32\netrp.sys.vir Infected: Trojan-Spy.Win32.Goldun.baf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\np5\sfeth112.exe.vir Infected: Virus.Win32.Virut.br 1
C:\QooBox\Quarantine\C\WINDOWS\system32\p\xerd2140.exe.vir Infected: Virus.Win32.Virut.br 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sstqp.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\catchme-foreign-3110-netprp.dll.zip Infected: Trojan-Spy.Win32.Goldun.bae 1
C:\rttydecode\1\HamScope.exe Infected: Virus.Win32.Virut.br 1
C:\ScanWizard 5 v6.30\Disk1\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\TalkPCR\TalkPCR.exe Infected: Virus.Win32.Virut.br 1
C:\TalkPCR\TALKPCR3\TalkPCR3.exe Infected: Virus.Win32.Virut.br 1
C:\util\brecal\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\chgdisp\CHGDISP.exe Infected: Virus.Win32.Virut.br 1
C:\util\chgdisp\cpcald.exe Infected: Virus.Win32.Virut.br 1
C:\util\chkgps\tools\CheckDev.exe Infected: Virus.Win32.Virut.br 1
C:\util\chksc\tools\CheckDev.exe Infected: Virus.Win32.Virut.br 1
C:\util\chkts\tools\CheckDev.exe Infected: Virus.Win32.Virut.br 1
C:\util\chkwlan\tools\CheckDev.exe Infected: Virus.Win32.Virut.br 1
C:\util\chkwlan\tools\ClearAppEvtLog.exe Infected: Virus.Win32.Virut.br 1
C:\util\cpupower\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\dmi\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\hotkey\hkeyman.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\modem\agrsmdel.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\modem\AGRSMhom.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\modem\LtMoh.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\modem\setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\mouse\Calwin.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\mouse\Event.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\mouse\Fidmouu.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\mouse\FPapli.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\mouse\Fpchase.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\mouse\Tprbtn.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\sound\WDM\fastinstall.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\sound\WDM\fi.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\video\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\video\Win2000\hkcmd.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\video\Win2000\igfxcfg.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\video\Win2000\igfxdiag.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\video\Win2000\igfxext.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\video\Win2000\igfxtray.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\video\Win2000\igfxzoom.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\wlan\Docs\iULaunch.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\wlan\proset\iProData\iconvrtr.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\wlan\proset\iProInst.exe Infected: Virus.Win32.Virut.br 1
C:\util\drivers\wlan\SetupWLD.EXE Infected: Virus.Win32.Virut.br 1
C:\util\hkeyapp\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\hkeyset\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\ienlarge\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\loupe\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\pcinfo\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\prunonce\PRunOnce.exe Infected: Virus.Win32.Virut.br 1
C:\util\sdkey\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\wlansw\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\writing\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\util\wswitch\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\weathersat stuff\antennastuff\HelixCalc.exe Infected: Virus.Win32.Virut.br 1
C:\weathersat stuff\antennastuff\QHA\qhamatch.exe Infected: Virus.Win32.Virut.br 1
C:\weathersat stuff\antennastuff\yagi.exe Infected: Virus.Win32.Virut.br 1
C:\weathersat stuff\qha.exe Infected: Virus.Win32.Virut.br 1
C:\weathersat stuff\qhamatch.exe Infected: Virus.Win32.Virut.br 1
C:\weathersat stuff\satscape\SatScape.exe Infected: Virus.Win32.Virut.br 1
C:\weathersat stuff\satsignal\SatSignal.exe Infected: Virus.Win32.Virut.br 1
C:\weathersat stuff\wxtrack\WXtrack.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB890047\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB890047\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB890175\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB890175\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB931836\SP2QFE\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\admin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ahui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\alg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\asr_fmt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\asr_pfu.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\at.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\attrib.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\auditusr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\author.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\blastcln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\bootcfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cacls.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cipher.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cmd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\comrereg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\conf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\conime.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\cscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\davcdata.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dcomcnfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\defrag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dialer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\diantz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\driverquery.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\drvqry.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\evcreate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\eventcreate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\eventtriggers.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\evtrig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\findstr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fltmc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fontview.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\forcedos.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fsquirt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ftp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\getmac.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\gpresult.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\gprslt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\help.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\hh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\iisrstas.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\imapi.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\inetin51.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\locator.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\logman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\logon.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\logonui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\lsass.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\magnify.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\makecab.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\migload.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mmc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mqbkup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mqsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mqtgsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mshta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\msimn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\msoobe.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\muisetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\narrator.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\nddeapir.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\net.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\net1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\netdde.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\netsh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\netstat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\notepad.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\nppagent.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\nslookup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ntbackup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\odbcconf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\oemig50.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\oobebaln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\openfiles.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\opnfiles.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\osk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\packager.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\perfmon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\pinball.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ping.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\powercfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\progman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\proquota.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\proxycfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rcp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\reg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rexec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rsh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rsnotify.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\runonce.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\savedump.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\schtasks.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sctasks.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\secedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\services.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sethc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\setup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\setup50.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\shtml.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\skeys.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\smbinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\snmp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sort.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\spider.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\spiisupd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\spnpinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\stimon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sysinfo.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\systeminfo.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\taskkill.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tasklist.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\telnet.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tlntadmn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tlntsess.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tlntsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tracerpt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tracert.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\ups.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\utilman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\verclsid.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wab.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\winver.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wmic.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\wuauclt1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB887626$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB896358$\hh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB896428$\telnet.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB933360$\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB933566$\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB937143$\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB939653$\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB942615$\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB944533$\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB947864$\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB950759_0$\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB951978$\cscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallKB951978$\wscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\agrsmdel.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Ddcheck.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\DOTNETFX\DELTEMP.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\DOTNETFX\REBOOTST.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\iTunesSetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\erdnt\subs\ERDNT.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\explorer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\fdsv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\grep.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\hh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\EXPAND.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\FAXPATCH.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\NETSETUP.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\NTSD.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\REGEDIT.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\SPNPINST.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\SYSPARSE.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\TELNET.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\WIN9XMIG\FAX\AWDVSTUB.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\WIN9XMIG\MAPI\DLL\MKNTFRMCACHE.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\I386\WINNT32.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\inf\unregmp2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\iProData\iconvrtr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\iProInst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{004B0DCB-4C60-465B-8F01-44B0A4111187}\NewShortcut3_004B0DCB4C60465B8F0144B0A4111187.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{004B0DCB-4C60-465B-8F01-44B0A4111187}\SlingPlayer.exe11_1A1E3AC99C164779B2618A033937AA5E.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{004B0DCB-4C60-465B-8F01-44B0A4111187}\SlingPlayer.exe1_1A1E3AC99C164779B2618A033937AA5E.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{004B0DCB-4C60-465B-8F01-44B0A4111187}\SlingPlayer.exe21_1A1E3AC99C164779B2618A033937AA5E.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{004B0DCB-4C60-465B-8F01-44B0A4111187}\SlingPlayer.exe2_1A1E3AC99C164779B2618A033937AA5E.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{54221816-138B-4F68-A9C3-C7A2F0AA9277}\NewShortcut1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}\_542830EA6FE6_4FFC_94F9_C86E629E90BC.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\cagicon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\misc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\mspicons.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\oisicon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\opwicon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\pubs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\icon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\IsUninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\msagent\agentsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\mui\muisetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\network diagnostic\xpnetdiag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\Nircmd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\notepad.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\regedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\sed.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\accwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\actmovie.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\admin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ahui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\alg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\aspnet_state.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\at.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\atmadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\attrib.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\auditusr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\author.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\blastcln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\bootcfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cacls.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\caspol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cipher.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cisvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cmd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cmstp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\comrepl.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\comrereg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\conf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\conime.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\csc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\cscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\davcdata.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dcomcnfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\defrag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dialer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\diantz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\diskpart.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dllhost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dmremote.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\drvqry.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dumprep.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dwwin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\evcreate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\evntwin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\evtrig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\explorer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\extrac32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\findstr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fltmc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fontview.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\forcedos.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fpcount.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ftp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fxscover.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\getmac.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\gprslt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\grpconv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\help.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\helpctr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\hh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\hscupd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ieexec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\iexpress.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\iisrstas.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ilasm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\imapi.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\inetin51.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\installutil.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ipv6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ipxroute.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\irftp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\jsc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\imscinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lhmstsc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\locator.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\logman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\logon.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\logonui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\lsass.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\magnify.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\makecab.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\migload.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\migregdb.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\migwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\migwiza.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mmc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mmcperf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mobsync.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\moviemk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mplay32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mqbkup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mqsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mqtgsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\msconfig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\msdtc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mshta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\msiexec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\msimn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\msiregmv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\msoobe.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mspaint.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mstinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\mtstocom.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\muisetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\napstat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\narrator.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\net.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\net1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\netdde.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\netsetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\netsh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\netstat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ngen.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\notepad.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\nppagent.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\nslookup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ntbackup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\oemig50.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\opnfiles.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\osk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\packager.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\perfmon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\pinball.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ping.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\powercfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\progman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\proquota.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\proxycfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\qprocess.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rasphone.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rcp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rdshost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\reg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\regasm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\regedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\regsvcs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rexec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rsh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rsnotify.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rstrui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\runonce.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\savedump.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\scrcons.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sctasks.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\secedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\services.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sethc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\setup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\setup50.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\setupn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\shrpubw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\shtml.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\shutdown.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sigverif.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\skeys.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\slrundll.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\slserv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\smbinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\snmp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sort.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\spdwnwxp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\spider.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\spiisupd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\spnpinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\spupdwxp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ssmypics.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sspipes.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ssstars.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\stimon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvwin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\svchost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\taskkill.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tasklist.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tcptest.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\telnet.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tlntadmn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tlntsess.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tlntsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tourstrt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tp4mon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tracerpt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tracert.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\uploadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\upnpcont.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\ups.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\userinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\utilman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\vbc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\verclsid.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\vssvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wab.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wabmig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wbemtest.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wextract.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\winver.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wmiadap.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wmic.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wordpad.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wpabaln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wpnpinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\xcopy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\i386\xpnetdg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ServicePackFiles\ServicePackCache\i386\msmsgs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\slrundll.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ST5UNST.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\ST6UNST.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\SUPPORT\TOOLS\FASTWIZ.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\SUPPORT\TOOLS\GBUNICNV.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\SUPPORT\TOOLS\MSRDPCLI.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\SUPPORT\TOOLS\SETUP.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\swreg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\SWSC.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\swxcacls.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\153.tmp Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\WINDOWS\system32\17A.tmp Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\WINDOWS\system32\404Fix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\5A.tmp Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\WINDOWS\system32\5B.tmp Infected: Backdoor.Win32.Frauder.ib 1
C:\WINDOWS\system32\64.tmp Infected: Trojan-Spy.Win32.Zbot.fbu 1
C:\WINDOWS\system32\65.tmp Infected: Backdoor.Win32.Frauder.ib 1
C:\WINDOWS\system32\accwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\actmovie.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\agrsmdel.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ahui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\alg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\AntiXPVSTFix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\arp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\asr_fmt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\asr_ldm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\asr_pfu.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\at.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\atmadm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\attrib.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\auditusr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\blastcln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\blphc74sj0e34c.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\bootcfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\bootok.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\bootvrfy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cacls.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\calc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Calwin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\charmap.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\chkdsk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\chkntfs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cidaemon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cipher.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cisvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ckcnv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cleanmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cliconfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\clipbrd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\clipsrv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cmd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cmdl32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cmmon32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cmstp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Com\comrepl.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Com\comrereg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\comp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\compact.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\comsdupd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\conime.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\control.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\convert.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\cscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ctfmon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dcomcnfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ddeshare.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\defrag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dfrgfat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dfrgntfs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\diantz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\diskpart.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\diskperf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\DivXsm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\arp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\asr_ldm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\bckgzm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\bootok.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\bootvrfy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\calc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\cb32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\change.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\charmap.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\chglogon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\chgport.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\chgusr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\chkdsk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\chkntfs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\chkrzm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\cidaemon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\ckcnv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\comp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\compact.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\control.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\convert.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\convlog.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\cprofile.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\cscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\diskperf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\dllhst3g.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\doskey.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\drwtsn32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\esentutl.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\eventvwr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\expand.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\fc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\find.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\finger.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\fixmapi.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\flattemp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\freecell.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\fsutil.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\fxssend.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\gpupdate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\helphost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\hostname.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\hrtzzm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\icwtutor.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\iisreset.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\iissync.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\inetmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\ipsec6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\isignup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\label.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\lights.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\lnkstub.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\lodctr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\logagent.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\logoff.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\lpq.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\lpr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\migisol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\migrate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\migwiz_a.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\mountvol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\mplay32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\mplayer2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\mpnotify.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\mrinfo.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\msg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\mshearts.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\msinfo32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\msswchx.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\mstsc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\nbtstat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\notiflag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\ntsd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\nwscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\osuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\pathping.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\pentnt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\ping6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\print.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\qappsrv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\query.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\quser.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\qwinsta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rasautou.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rasdial.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\recover.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\regedt32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\regini.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\register.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\regwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\relog.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\replace.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\reset.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\route.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\routemon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rsm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rsmsink.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rsmui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rsopprov.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rsvp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\runas.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rvsezm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\rwinsta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\sapisvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\sc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\setup_wm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\sfc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\shadow.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\shvlzm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\sndvol32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\sol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\srdiag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\subst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\syncapp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\syskey.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\systray.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\taskman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tcmsetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tcpsvcs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tftp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tracert6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tscon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tscupgrd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tsdiscon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tskill.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tsprof.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\tsshutdn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\twunk_32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\typeperf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\unlodctr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\unregmp2.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\unsecapp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\verifier.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\vssadmin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\w32tm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\wb32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\winhstb.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\winmgmt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\winmine.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\winmsd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\wmplayer.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\write.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\wscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\wupdmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllcache\zclientm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllhost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dllhst3g.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dmadmin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dmremote.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\doskey.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dplaysvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dpnsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dpvsetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\driverquery.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\drmupgds.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\drwtsn32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dumphive.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dumprep.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dvdplay.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dvdupgrd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dwwin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\dxdiag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\esentutl.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\eudcedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Event.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\eventcreate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\eventtriggers.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\eventvwr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\expand.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\extrac32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\faxpatch.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\fc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Fidmouu.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\find.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\findstr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\finger.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\fixmapi.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\fltmc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\fontview.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\forcedos.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Fpchase.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\freecell.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\fsquirt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\fsutil.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ftcunin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\FTDIUNIN.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ftp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\gemstrmw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\getmac.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\gpresult.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\gpupdate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\grpconv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\help.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\hkcmd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\HKEYMAN.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\hostname.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ie4uinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\IEDFix.C.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\IEDFix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\iexpress.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\igfxcfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\igfxdiag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\igfxext.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\igfxtray.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\igfxzoom.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\imapi.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ipconfig.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ipsec6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ipv6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ipxroute.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\java.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\javaw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\javaws.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\label.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\lasunin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\lights.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\lnkstub.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\locator.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\lodctr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\logagent.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\logman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\logoff.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\logon.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\logonui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\lpq.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\lpr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\magnify.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\makecab.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\migpwd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mmc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mmcperf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mnmsrvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mobsync.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mountvol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mplay32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mpnotify.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mqbkup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mqsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mqtgsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mrinfo.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\msdtc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\msg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mshearts.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mshta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\msiexec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mspaint.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\msswchx.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mstinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\mstsc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\napstat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\narrator.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\nbtstat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\nddeapir.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\NeroCheck.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\net.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\net1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\netdde.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\netsetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\netsh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\netstat.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\notepad.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\npp\nppagent.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\nslookup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ntbackup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ntsd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ntvdm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\nwscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\o4Patch.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\odbcad32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\odbcconf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\oobe\msoobe.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\oobe\oobebaln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\openfiles.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\osk.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\osuninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\packager.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\pathping.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\pentnt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\perfmon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ping.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ping6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\powercfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\print.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Process.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\progman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\proquota.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\proxycfg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\qappsrv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\qprocess.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\qwinsta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rasautou.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rasdial.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rasphone.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rcimlby.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rcp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rdpclip.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rdsaddin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rdshost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\recover.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\reg.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\regedt32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\regini.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\regsvr32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\regwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\relog.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\replace.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\reset.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Restore\rstrui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Restore\srdiag.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rexec.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\route.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\routemon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rsh.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rsm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rsmsink.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rsmui.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rsnotify.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rsopprov.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rsvp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rtcshare.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\runas.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rundll32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\runonce.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\rwinsta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\savedump.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\scardsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\schtasks.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\scrnsave.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sdbinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\secedit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sessmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sethc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\setup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\setupn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sfc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\shadow.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\shmgrate.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\shrpubw.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\shutdown.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sigverif.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\skeys.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\slrundll.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\slserv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\smbinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\smlogsvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sndrec32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sndvol32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sol.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sort.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\spdwnwxp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\spider.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\spiisupd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\spnpinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\spoolsv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\spupdwxp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ss3dfo.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ssbezier.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ssflwbox.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ssmarque.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ssmypics.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ssmyst.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sspipes.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ssstars.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sstext3d.scr Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\stimon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\subst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\syncapp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\syskey.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\sysocmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\systeminfo.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\systray.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\taskkill.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tasklist.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\taskman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\taskmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tcmsetup.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tcpsvcs.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\telnet.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tftp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tlntadmn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tlntsess.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tlntsvr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tourstart.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\Tprbtn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tracerpt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tracert.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tracert6.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tscon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tscupgrd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tsdiscon.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tskill.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tsshutdn.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\typeperf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\tzchange.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\unlodctr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\upnpcont.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\ups.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\URTTemp\regtlib.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\userinit.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\usmt\migload.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\usmt\migwiz.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\usmt\migwiza.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\usmt\migwiz_a.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\usrmlnka.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\usrprbda.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\usrshuta.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\utilman.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\uwdf.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\VACFix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\verclsid.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\verifier.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\vssadmin.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\vssvc.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\w32tm.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\mofcomp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\scrcons.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\unsecapp.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\wbemtest.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\winmgmt.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\wmiadap.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\wmiapsrv.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\wmic.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wbem\wmiprvse.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wdfmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wextract.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wiaacmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\winhlp32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\winmine.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\winmsd.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\winver.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\WLANSTA.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wpabaln.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wpdshextautoplay.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wpnpinst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\write.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\WS2Fix.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wscntfy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wscript.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wuauclt1.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\WudfHost.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\wupdmgr.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\system32\xcopy.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\TASKMAN.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\temp\.tt154.tmp.vbs Infected: Backdoor.Win32.Frauder.eo 1
C:\WINDOWS\temp\.tt158.tmp Infected: not-a-virus:FraudTool.Win32.Devushka.ae 1
C:\WINDOWS\temp\.tt158.tmp.exe Infected: not-a-virus:FraudTool.Win32.Devushka.ae 1
C:\WINDOWS\twunk_32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\uninst.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\VALUEADD\MSFT\MGMT\IAS\IASNT4.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\VALUEADD\MSFT\MGMT\PBA\PBAINST.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\VALUEADD\MSFT\NET\TOOLS\TTCP.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\VALUEADD\MSFT\USMT\ANSI\SCANSTATE.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\VALUEADD\MSFT\USMT\LOADSTATE.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\VALUEADD\MSFT\USMT\SCANSTATE.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\VALUEADD\MSFT\USMT\SCANSTATE_A.EXE Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\VFind.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\winhlp32.exe Infected: Virus.Win32.Virut.br 1
C:\WINDOWS\zip.exe Infected: Virus.Win32.Virut.br 1
E:\ATF-Cleaner.exe Infected: Virus.Win32.Virut.br 1
The selected area was scanned.
I've got very bad news for you :sad:
The infection you have is one of the worst, Virut (http://www.avast.com/eng/win32-virut.html). It infects all existing exe files making survival possibilities very minimal or almost impossible. I recommended reformatting when I first saw your hjt log in the beginning of this topic. Now it seems there isn't any other choice left.
there is nothing that can be done?
if i can get inside is it safe to get things off before reformatting (as long as they aren't .exe's)? like bookmarks emails addresses etc.
there is nothing that can be done?
No. Unfortunately this infection has done too much damage in your system.
If i can get inside is it safe to get things off before reformatting (as long as they aren't .exe's)? like bookmarks emails addresses etc.
You can make backup. Remember though that you can't backup .exe and .scr files and exe within archive files (for example zip and rar).
Im thinking to just copy files to an sd card so i can return them after reformatting
Ok. Just remember what I told you about files suitable for backuping.
Thanks blade,
i did the malwarebytes in safe mode and it got it back to being useable (as long as i don't connect to the net) so i should be able to get most of the stuff i need. reassure me that this thing won't be attached to anything other than exe's or scr's right?
reassure me that this thing won't be attached to anything other than exe's or scr's right?
And those rar & zip archives that contain exe files as mentioned earlier. I wish you good luck with backuping & reformatting.
Thanks for trying! i'm now working to find all the stuff that got erased.
i think i forgot a bunch of stuff when i reformatted:sad: but thats life!
at least i'll learn more about the inner workings of my browser trying to restore the bazillion things i forgot about!
thanks again,
RTV
sometimes you get the bear...sometimes the bear gets you!
(i got mauled)
You're welcome though I'm sorry that couldn't help you without reformat. I wish you safer computer time in the future! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.