Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outerinfo and Sakora, unable to remove [CLOSED]


  • This topic is locked This topic is locked

#16
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to delete:
C:\WINDOWS\mrofinu1001186.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | runner1

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .




NEXT


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient






Please post the following logs in your next reply... Post each log in separate post..

1. The Avenger
2. Kaspersky Webscanner
3. A fresh DSS log (after F-Secure step)



Regards
fenzodahl512

Edited by fenzodahl512, 25 July 2008 - 08:17 AM.

  • 0

Advertisements


#17
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\mrofinu1001186.exe" deleted successfully.

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|runner1"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|runner1" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
  • 0

#18
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Deckard's System Scanner v20071014.68
Run by Megan MacDonald on 2008-07-27 16:03:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Megan MacDonald.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Documents and Settings\Megan MacDonald\Desktop\dss.exe
C:\DOCUME~1\MEGANM~1\Desktop\Megan MacDonald.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C28323133A9D26033AAC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StrgSync.exe] C:\Program Files\Storage\StorageSync\StrgSync.exe -w
O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SpeedRunner] C:\Documents and Settings\Megan MacDonald\Application Data\SpeedRunner\SpeedRunner.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [kruo] C:\PROGRA~1\COMMON~1\kruo\kruom.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink...xp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198207144984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198207138687
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6489 bytes

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 15:12:57 0 d-------- C:\fsaua.data
2008-07-27 15:07:59 44544 -ra------ C:\WINDOWS\mrofinu1001186.exe
2008-07-27 11:08:10 94208 --a------ C:\WINDOWS\grswptdl.exe
2008-07-25 16:41:29 0 d-------- C:\Program Files\Webtools
2008-07-25 07:50:38 0 d-------- C:\Documents and Settings\Megan MacDonald\Application Data\Malwarebytes
2008-07-25 07:50:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-25 07:50:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-23 22:11:52 0 dr-hs---- C:\cmdcons
2008-07-23 22:11:37 0 d-------- C:\WINDOWS\setupupd
2008-07-23 19:46:14 75264 --a------ C:\WINDOWS\zip.exe
2008-07-23 19:46:14 60996 --a------ C:\WINDOWS\VFind.exe
2008-07-23 19:46:14 219648 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 19:46:14 144896 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-23 19:46:14 169472 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-23 19:46:14 105984 --a------ C:\WINDOWS\sed.exe
2008-07-23 19:46:14 87580 --a------ C:\WINDOWS\grep.exe
2008-07-23 19:46:14 97696 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-23 13:20:46 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-07 22:10:37 0 d-------- C:\WINDOWS\ERUNT
2008-07-06 20:38:12 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-06 20:38:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-07-06 18:38:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-07-06 17:51:09 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-06 17:40:29 0 d-------- C:\Documents and Settings\Megan MacDonald\Application Data\Google
2008-07-06 17:40:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2008-07-27 14:52:44 0 d-------- C:\Documents and Settings\Megan MacDonald\Application Data\LimeWire
2008-07-27 14:41:10 0 d-------- C:\Program Files\Common Files
2008-07-25 16:47:42 0 d-------- C:\Program Files\Security
2008-07-20 02:28:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-06 17:55:28 0 d-------- C:\Program Files\Google
2008-06-26 16:44:37 0 d-------- C:\Documents and Settings\Megan MacDonald\Application Data\Macromedia
2008-06-22 20:16:53 0 d-------- C:\Program Files\Picasa2
2008-06-20 14:39:35 0 d-------- C:\Documents and Settings\Megan MacDonald\Application Data\Leadertech
2008-06-20 14:37:43 0 d-------- C:\Documents and Settings\Megan MacDonald\Application Data\Adobe
2008-06-19 20:18:04 0 d-------- C:\Program Files\LimeWire
2008-06-19 17:22:43 2042 --a------ C:\WINDOWS\mozver.dat
2008-06-17 09:03:29 0 d-------- C:\Program Files\Trillian
2008-06-17 08:44:12 0 d-------- C:\Program Files\iPod
2008-06-17 08:43:40 0 d-------- C:\Program Files\music
2008-06-17 08:42:13 0 d-------- C:\Program Files\QuickTime
2008-06-02 06:21:16 0 d-------- C:\Program Files\Modem Helper
2008-06-02 06:18:13 0 d-------- C:\Program Files\FileZilla


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/21/2007 02:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [08/02/2006 01:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/02/2006 01:32]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [07/23/2008 15:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00]
"StrgSync.exe"="C:\Program Files\Storage\StorageSync\StrgSync.exe" [12/21/2007 00:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"mjc"=C:\Program Files\mjc\mjc.exe
"SpeedRunner"=C:\Documents and Settings\Megan MacDonald\Application Data\SpeedRunner\SpeedRunner.exe
"kruo"=C:\PROGRA~1\COMMON~1\kruo\kruom.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\DVD Drive\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\music\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\DVD Drive\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]
C:\Program Files\Storage\StorageSync\StrgSync.exe -w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPod Service"=3 (0x3)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"wscsvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59044394-427c-11dd-b184-0013ce2abbb4}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e44adc7a-552c-11dd-b191-0013ce2abbb4}]
AutoRun\command- E:\Launch.exe




-- End of Deckard's System Scanner: finished at 2008-07-27 16:03:56 ------------
  • 0

#19
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
F-Secure online Scan would not work - said download file corrupt so I cannot post Kaspersky Webscanner log...
  • 0

#20
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
For some reason, you are getting re-infected.. Tell me, do you use any flashdrive, external hard disk? It probably infected from there..


Please save this instruction into Notepad or Ms-Word as you will need to go into Safe Mode..


Please download these programs and save it to your Desktop.. Don't do anything yet.. We will run them in Safe Mode..

1. Dr.Web CureIt
2. AVPTool by Kaspersky


Now, Please reboot into Safe Mode


Within Safe Mode, OTMoveIt2 step..

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\mjc
    C:\Program Files\Common Files\kruo
    C:\WINDOWS\mrofinu.exe
    C:\WINDOWS\mrofinu*.*
    C:\WINDOWS\grswptdl.exe
    C:\Documents and Settings\Megan MacDonald\Application Data\SpeedRunner
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1
    HKEY_USERS\.default\software\microsoft\windows\currentversion\run\\mjc
    HKEY_USERS\.default\software\microsoft\windows\currentversion\run\\SpeedRunner
    HKEY_USERS\.default\software\microsoft\windows\currentversion\run\\kruo
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59044394-427c-11dd-b184-0013ce2abbb4}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e44adc7a-552c-11dd-b191-0013ce2abbb4}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Still within Safe Mode.. Dr.Web CureIt step..
  • Once you are in Safe Mode, double-click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.




NEXT


Still in Safe Mode... AVPTool step..
  • Once you are in Safe Mode, double click the setup file to run and install it.
  • By default it will install to your Desktop (as Kaspersky Lan Tool folder)
  • A Kaspersky Virus Removal Tool window will open. There will be a tab that says Automatic Scan.
  • Under Automatic Scan make sure these are checked.
    • [1.] System Memory
      [2.] Startup Objects
      [3.] Disk Boot Sectors.
      [4.] My Computer.
      [5.] Also any other drives (Removable that you may have)
  • Then click on Scan button.
  • It will automatically Neutralize any objects found.
  • If some objects are left unneutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized, then chooose the Delete option when prompted.
  • After that is done click on the Report button at the bottom and save it to file name as Kas.
  • Save it somewhere convenient like your Desktop and just post only the detected Virus\malware in the report. It will be at the very top under Detected list. Post those results in your next reply.
  • When you close the AVPTool, you will be asked to uninstall the program.. Choose Yes..


Please post the following logs in your next reply.. Please post each log in separate post...

1. OTMoveIt2
2. Dr.Web Cure-It
3. AVPTool (the Detected items only
4. Reboot into Normal Mode and post me a fresh DSS log in your next reply...


Regards
fenzodahl512
  • 0

#21
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
For some odd reason OTMoveIt2 wouldn't work...

Attached to this one is Dr. Web results...

Attached Files


  • 0

#22
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Attached is AVP Tool Detected Items list (for some reason I could neither just input dr.web or avp straight into reply)

Attached Files

  • Attached File  avp.txt   157.36KB   208 downloads

  • 0

#23
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
And as I try to copy and paste DSS log, the log will not paste...this is very peculiar...attached is dss log

Attached Files

  • Attached File  main.txt   14.43KB   150 downloads

  • 0

#24
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. logs from Dr.Web suggested you have Virut infection.. This is extremely bad..


Before we remove any bad files, I will need you to do a scan with Kaspersky Webscanner just to look how much it infected your system.. Please do the following...


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Regards
fenzodahl512
  • 0

#25
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 29, 2008 15:04
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/07/2008
Kaspersky Anti-Virus database records: 1023241
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 120631
Number of viruses found: 17
Number of infected objects: 865
Number of suspicious objects: 0
Duration of the scan process: 02:39:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl1.zip/mrofinu.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl3.zip/b103.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl4.zip/b116.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl6.zip/b103.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl7.zip/b116.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl8.zip/b157.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1560OinAdmin.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip/Yazzle1560OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip/Yazzle1560OinUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip ZIP: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\cert8.db Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\foxmarks.log Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\history.dat Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\key3.db Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\parent.lock Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\Application Data\Mozilla\Firefox\Profiles\zcr5nzyd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\temp\~DF2793.tmp Object is locked skipped
C:\Documents and Settings\Megan MacDonald\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Megan MacDonald\ntuser.dat Object is locked skipped
C:\Documents and Settings\Megan MacDonald\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Media\VideoLAN\VLC\http\index.html Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Media\VideoLAN\VLC\http\mosaic.html Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Media\VideoLAN\VLC\http\old\admin\index.html Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Media\VideoLAN\VLC\http\vlm.html Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Modem Helper\Template.htm Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Office\Templates\1033\Column With Contents.htm Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Office\Templates\1033\Frequently Asked Questions.htm Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Office\Templates\1033\Left-aligned Column.htm Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Office\Templates\1033\Personal Web Page.htm Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Office\Templates\1033\Right-aligned Column.htm Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Office\Templates\1033\Simple Layout.htm Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Office\Templates\1033\Table of Contents.htm Infected: Trojan-Clicker.HTML.IFrame.mu skipped
C:\Program Files\Picasa2\web\templates\blackfrm\footer.html Infected: Worm.Win32.Mefir.p skipped
C:\Program Files\Picasa2\web\templates\greyfrm\footer.html Infected: Worm.Win32.Mefir.p skipped
C:\Program Files\Picasa2\web\templates\whitefrm\footer.html Infected: Worm.Win32.Mefir.p skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Winfo22.sys.zip/Winfo22.sys Infected: Trojan-Downloader.Win32.Mutant.aim skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Winfo22.sys.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lanmandrv.sys.vir Infected: Backdoor.Win32.Qmop.b skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lanmanwrk.exe.vir Infected: Backdoor.Win32.Qmop.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Mutant.are skipped
C:\SDFix\backups\backups.zip/backups/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\SDFix\backups\backups.zip/backups/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups\backups.zip/backups/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups\backups.zip/backups/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups\backups.zip/backups/b152.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups\backups.zip/backups/b155.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups\backups.zip/backups/b156.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups\backups.zip/backups/b157.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups\backups.zip/backups/mjc.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups\backups.zip/backups/mrofinu1001186.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups\backups.zip/backups/Sakora.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups\backups.zip ZIP: infected - 11 skipped
C:\SDFix\backups_old\backups.zip/backups/17PHolmes1001186.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/AutoUpdateWin32.exe Infected: not-a-virus:AdWare.Win32.Agent.ed skipped
C:\SDFix\backups_old\backups.zip/backups/AutoUpdateWin33.exe Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\SDFix\backups_old\backups.zip/backups/b103.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\SDFix\backups_old\backups.zip/backups/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups_old\backups.zip/backups/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups_old\backups.zip/backups/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups_old\backups.zip/backups/b116.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/b148.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/b152.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/b155.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/b156.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/b157.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/b159.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/dimnet201.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/iDlo041066.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/mrofinu1001186.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/mrofinu1001186.exe.tmp Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/Sakora.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\backups_old\backups.zip/backups/TGbn1dll.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.TrafficSol.ai skipped
C:\SDFix\backups_old\backups.zip/backups/TGbn1dll.exe/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.ai skipped
C:\SDFix\backups_old\backups.zip/backups/TGbn1dll.exe Infected: not-a-virus:AdWare.Win32.TrafficSol.ai skipped
C:\SDFix\backups_old\backups.zip/backups/WindowsUpdates.exe Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\SDFix\backups_old\backups.zip ZIP: infected - 24 skipped
C:\SDFix\backups_old\HOSTS Infected: Trojan.Win32.Qhost.akg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP195\A0061999.exe Infected: Trojan-Downloader.Win32.Agent.tkz skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP198\A0062210.dll Infected: Trojan.Win32.BHO.dfd skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP199\A0062506.exe Infected: Trojan-Downloader.Win32.Agent.tkz skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP200\A0063611.exe Infected: Trojan-Downloader.Win32.Agent.tkz skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP200\A0063675.exe Infected: Trojan-Downloader.Win32.Agent.tkz skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074361.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074362.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074363.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074364.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074365.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074366.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074367.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074368.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074369.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074370.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074371.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074372.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074373.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074374.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074375.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074376.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074377.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074378.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074379.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074380.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074381.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074382.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074383.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074384.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074385.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074386.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074387.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074388.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074389.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074390.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074391.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074392.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074393.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074394.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074395.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074396.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074397.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074398.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074399.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074400.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074401.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074402.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074403.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074404.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074405.EXE Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074406.EXE Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074407.EXE Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074408.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074409.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074410.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074411.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074412.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074413.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074414.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074415.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074416.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074417.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074418.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074419.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074420.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074421.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074422.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074423.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074424.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074425.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074426.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074427.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074428.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074429.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074430.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074431.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074432.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074433.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074434.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074435.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074436.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074437.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074438.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074439.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074440.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074441.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074442.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074443.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074444.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074445.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074446.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074447.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074448.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074449.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074450.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074451.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074452.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074453.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074454.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074455.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074456.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074457.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074458.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074459.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074460.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074461.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074462.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074463.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074464.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074465.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074466.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074467.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074468.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074469.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074470.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074471.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074472.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074473.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074474.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074475.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074476.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074477.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074478.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074479.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074480.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074481.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074482.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074483.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074484.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074485.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074486.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074487.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074488.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074489.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074490.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074491.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074492.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074493.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074494.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074495.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074496.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074497.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074498.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074499.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074500.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074501.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074502.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074503.EXE Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074504.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074505.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074506.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074507.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074508.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074509.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074510.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074511.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074512.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074513.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074514.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074515.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074516.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074517.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074518.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074519.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074520.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074521.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074522.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074523.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074524.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074525.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074526.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074527.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074528.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074529.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074530.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074531.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074532.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074533.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074534.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074535.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074536.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074537.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074538.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074539.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074540.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074541.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074542.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074543.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074544.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074545.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074546.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074547.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074548.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074549.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074550.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074551.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074552.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074553.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074554.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074555.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074556.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074557.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074558.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074559.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074560.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074561.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074562.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074563.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074564.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074565.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074566.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074567.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074568.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074569.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074570.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074571.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074572.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074573.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074574.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074575.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074576.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074577.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074578.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074579.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074580.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074581.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074582.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074583.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074584.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074585.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074586.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074587.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074588.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074589.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074590.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074591.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074592.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074593.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074594.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074595.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074596.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074597.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074598.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074599.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074600.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074601.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074602.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074603.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074604.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074605.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074606.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074607.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074608.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074609.scr Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074610.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074611.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074612.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074613.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074614.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074615.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074616.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074617.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074618.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074619.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074620.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074621.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074622.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074623.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074624.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074625.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074626.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074627.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074628.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074629.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074630.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074631.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074632.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074633.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074634.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074635.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074636.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074637.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074638.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074639.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074640.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074641.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074642.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074643.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074644.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074645.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074646.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074647.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074648.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074649.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074650.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074651.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074652.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074653.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074654.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074655.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074656.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074657.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074658.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{F0A84AC3-84A8-44F9-8DB6-AB00BB44F96A}\RP216\A0074659.exe Infected:
  • 0

Advertisements


#26
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, for some reason, your Kaspersky logfile been cut-off.. Please attach it as it will be too long to fit into one post..
  • 0

#27
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
sorry bout that - here it is

Attached Files


  • 0

#28
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. Firstly about Virut.. Virut is a polymorhic file infecter, which infects all .exe and .scr (include critical system files).. I would suggest you to back-up all your documents and data (don't back-up any applications and zip files.. They will be infected too..) and then do re-format and clean Windows installation.. (Repair Windows is not advisable here..)...


Please tell me your desicion whether to do a reformat or continue with the cleaning process.. If you want to continue with the cleaning process, please do the following..


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image




NEXT


IMPORTANT!: Please create a fresh Restore Point before proceed with our fix. Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.



NEXT


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report



NEXT


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient




IF F-Secure Online doesn't work, then do below..


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic




Please post the following logs in your next reply.. Post each log in separate post..

1. Panda Online Scan
2. F-Secure Online Scan/NOD32 Online scan..
3. A fresh DSS log (after F-Secure step)


Regards
fenzodahl512

Edited by fenzodahl512, 29 July 2008 - 06:23 PM.
to edit instruction..

  • 0

#29
1_redhead

1_redhead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I haven't decided yet -
If I reformat windows that means that all my current executables will be erased, thus I will have no way of reinstalling after formating...but if I choose to clean I'm not sure what the outcome will be...
Which do you suggest would be the better choice?
  • 0

#30
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Virut is a nasty file infecter which infect ALL .exe and .scr files.. Looking at the number of files that has been infected, I'd suggest you to re-format it but should you decide to continue with the cleaning process, please do the suggested steps IMMEDIATELY as the longer you wait, the worse it will get..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP