Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.sdn/Virut ?


  • Please log in to reply
9 replies to this topic

#1 Mykard

Mykard

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 05 May 2009 - 10:18 AM

Ive had a bit of trouble with a few viruses/trojans. At first when i ran a spybot scan,it came up with
PWS.LDPinchIE
Win32.Agent.pz
Virtumonde.sdn
DNSFlush.cws

After running ComboFix/SDFix and another spybot scan, the only one left is Virtumonde. (Spybot deletes all but 1 component of it) However, I cant visit websites such as Symantec.com/this website/any other tech help sites. Also, combofix will not run anymore and gives me an error message about it being compromised and that i am infected with a patching virus (Virut). Also. When ever i connect to the internet, a process starts called reader_s.exe although SDFix claims to have deleted this when it ran. Now, can no longer start into safe mode to run SDfix. What should i do ?

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 06 May 2009 - 12:56 AM

Try this scan. You can copy it over from another computer on a CD or pen drive if you need to.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Mykard

Mykard
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 07 May 2009 - 12:32 PM

adobelmsvc.exe;c:\program files\common files\adobe systems shared\service;Win32.Virut.56;Cured.;
mpinst.exe;c:\program files\m-audio\mobilepre\install;Win32.Virut.56;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.56;Cured.;
ipsecmon.exe;c:\program files\netgear\netgear prosafe vpn client;Win32.Virut.56;Cured.;
ireike.exe;c:\program files\netgear\netgear prosafe vpn client;Win32.Virut.56;Cured.;
setup50.exe;c:\program files\outlook express;Win32.Virut.56;Cured.;
rampartsvc.exe;c:\program files\sonicwall\sonicwall global vpn client;Win32.Virut.56;Cured.;
ding.exe;c:\program files\southwest airlines\ding;Win32.Virut.56;Cured.;
wmpnetwk.exe;c:\program files\windows media player;Win32.Virut.56;Cured.;
explorer.exe;c:\windows;Win32.Virut.56;Cured.;
unregmp2.exe;c:\windows\inf;Win32.Virut.56;Cured.;
alg.exe;c:\windows\system32;Win32.Virut.56;Cured.;
cisvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
clipsrv.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ctfmon.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dllhost.exe;c:\windows\system32;Win32.Virut.56;Cured.;
dmadmin.exe;c:\windows\system32;Win32.Virut.56;Cured.;
fxssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ie4uinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ieudinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
imapi.exe;c:\windows\system32;Win32.Virut.56;Cured.;
locator.exe;c:\windows\system32;Win32.Virut.56;Cured.;
logon.scr;c:\windows\system32;Win32.Virut.56;Cured.;
logonui.exe;c:\windows\system32;Win32.Virut.56;Cured.;
mnmsrvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
msdtc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
msiexec.exe;c:\windows\system32;Win32.Virut.56;Cured.;
netdde.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ntsd.exe;c:\windows\system32;Win32.Virut.56;Cured.;
nvsvc32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
regsvr32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
rsvp.exe;c:\windows\system32;Win32.Virut.56;Cured.;
rundll32.exe;c:\windows\system32;Win32.Virut.56;Cured.;
scardsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
sessmgr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
shmgrate.exe;c:\windows\system32;Win32.Virut.56;Cured.;
smlogsvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
spoolsv.exe;c:\windows\system32;Win32.Virut.56;Cured.;
svchost.exe;c:\windows\system32;Win32.Virut.56;Cured.;
taskmgr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
tlntsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;
ups.exe;c:\windows\system32;Win32.Virut.56;Cured.;
userinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;
vssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;
winmgmt.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
wmiapsrv.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;
wanmpsvc.exe;c:\windows;Win32.Virut.56;Cured.;
ptrf.exe;C:\;Win32.Virut.56;Cured.;
ptrf.exe;C:\;Win32.Virut.56;Cured.;
tqpxlyy.exe;C:\;Win32.Virut.56;Cured.;
sm3.exe;C:\Backup MyPC\aolextras\sm;Win32.Virut.56;Cured.;
RegUBP2b-kierston.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
carena.exe;C:\Documents and Settings\Heatherg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
highway35.exe;C:\Documents and Settings\Heatherg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
RUPDATE.EXE;C:\Documents and Settings\Heatherg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
stunton.exe;C:\Documents and Settings\Heatherg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
UPDATE.EXE;C:\Documents and Settings\Heatherg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
cleanup.exe;C:\Documents and Settings\Heatherg\Application Data\U3\temp;Win32.Virut.56;Cured.;
Launchpad Removal.exe;C:\Documents and Settings\Heatherg\Application Data\U3\temp;Win32.Virut.56;Cured.;
carena.exe;C:\Documents and Settings\kierston\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
highway35.exe;C:\Documents and Settings\kierston\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
hub.exe;C:\Documents and Settings\kierston\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
ARPPRODUCTICON.exe;C:\Documents and Settings\kierston\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727};Win32.Virut.56;Cured.;
NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe;C:\Documents and Settings\kierston\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727};Win32.Virut.56;Cured.;
redist32.exe;C:\Documents and Settings\kierston\Application Data\Symantec\Layouts\Norton 360\2.0\English\0CB184DDB0041A66D3F0232EA0FAA089BE1;Win32.Virut.56;Cured.;
redist64.exe;C:\Documents and Settings\kierston\Application Data\Symantec\Layouts\Norton 360\2.0\English\0CB184DDB0041A66D3F0232EA0FAA089BE1;Win32.Virut.56;Cured.;
serverbrowser.exe;C:\Documents and Settings\kierston\Desktop\Shortcut;Win32.Virut.56;Cured.;
IEXPLORE.EXE;C:\Documents and Settings\kierston\Local Settings\Application Data\Xenocode\ApplianceCaches\GameCamV2.exe_v317582C1\Native\STUB;Win32.Virut.56;Cured.;
explorer.exe;C:\Documents and Settings\kierston\Local Settings\Application Data\Xenocode\ApplianceCaches\GameCamV2.exe_v382CEADF\Native\STUB;Win32.Virut.56;Cured.;
cmd.execf;C:\Documents and Settings\kierston\Local Settings\temp;Win32.Virut.56;Cured.;
abb[1].txt;C:\Documents and Settings\kierston\Local Settings\Temporary Internet Files\Content.IE5\A1SUZM0B;Trojan.DownLoad.29459;Deleted.;
abb[2].txt;C:\Documents and Settings\kierston\Local Settings\Temporary Internet Files\Content.IE5\A1SUZM0B;Trojan.DownLoad.29459;Deleted.;
cs[1].htm;C:\Documents and Settings\kierston\Local Settings\Temporary Internet Files\Content.IE5\LHGV9T5Q;Trojan.MulDrop.30600;Deleted.;
cs[2].htm;C:\Documents and Settings\kierston\Local Settings\Temporary Internet Files\Content.IE5\LHGV9T5Q;Trojan.MulDrop.30600;Deleted.;
em[1].htm;C:\Documents and Settings\kierston\Local Settings\Temporary Internet Files\Content.IE5\RRJ2Y0DV;Trojan.Spambot.2424;Deleted.;
em[2].htm;C:\Documents and Settings\kierston\Local Settings\Temporary Internet Files\Content.IE5\RRJ2Y0DV;Trojan.Spambot.2424;Deleted.;
cpuz.exe;C:\Documents and Settings\kierston\My Documents\CPUZ;Win32.Virut.56;Cured.;
ATF-Cleaner.exe;C:\Documents and Settings\kierston\My Documents\Downloads;Win32.Virut.56;Cured.;
C-Skript Editor.exe;C:\Documents and Settings\kierston\My Documents\FPG\FPS-Game Maker v0.9.5.23;Win32.Virut.56;Cured.;
ini_update.exe;C:\Documents and Settings\kierston\My Documents\FPG\FPS-Game Maker v0.9.5.23;Win32.Virut.56;Cured.;
AMCAP.EXE;C:\Documents and Settings\kierston\My Documents\Itoy\logitech_eyetoy_drivers;Win32.Virut.56;Cured.;
CleanDev.exe;C:\Documents and Settings\kierston\My Documents\Itoy\logitech_eyetoy_drivers;Win32.Virut.56;Cured.;
OV519CAP.EXE;C:\Documents and Settings\kierston\My Documents\Itoy\logitech_eyetoy_drivers;Win32.Virut.56;Cured.;
sel3110.exe;C:\Documents and Settings\kierston\My Documents\Itoy\logitech_eyetoy_drivers;Win32.Virut.56;Cured.;
WindowsApplication1.vshost.exe;C:\Documents and Settings\kierston\My Documents\Visual Studio 2005\Projects\WindowsApplication1\WindowsApplication1\bin\Debug;Win32.Virut.56;Cured.;
Dark GDK - 3D Game1.exe;C:\Documents and Settings\kierston\My Documents\Visual Studio 2008\Projects\Dark GDK - 3D Game1\Dark GDK - 3D Game1\Debug;Win32.Virut.56;Cured.;
install.exe;C:\Documents and Settings\kierston\temp\TeamViewer\Version4;Win32.Virut.56;Cured.;
install64.exe;C:\Documents and Settings\kierston\temp\TeamViewer\Version4;Win32.Virut.56;Cured.;
install.exe;C:\Documents and Settings\kierston\temp\TeamViewer3;Win32.Virut.56;Cured.;
install64.exe;C:\Documents and Settings\kierston\temp\TeamViewer3;Win32.Virut.56;Cured.;
carena.exe;C:\Documents and Settings\kirtg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
highway35.exe;C:\Documents and Settings\kirtg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
us[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9PPKRLF9;Win32.Virut.56;Cured.;
us[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9PPKRLF9;Trojan.Proxy.2684;Deleted.;
us[2].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9PPKRLF9;Win32.Virut.56;Cured.;
us[2].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9PPKRLF9;Trojan.Proxy.2684;Deleted.;
load1[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NQZ9PEVT;Win32.Virut.56;Cured.;
load1[2].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NQZ9PEVT;Win32.Virut.56;Cured.;
carena.exe;C:\Documents and Settings\minaj\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
highway35.exe;C:\Documents and Settings\minaj\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
hub.exe;C:\Documents and Settings\minaj\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
RUPDATE.EXE;C:\Documents and Settings\minaj\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
stunton.exe;C:\Documents and Settings\minaj\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
UPDATE.EXE;C:\Documents and Settings\minaj\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
setup.exe;C:\Documents and Settings\minaj\Desktop\EDRWI520EN\ENGLISH;Win32.Virut.56;Cured.;
CNDNDlg.exe;C:\Documents and Settings\minaj\Desktop\EDRWI520EN\ENGLISH\WIN_MEXP;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
MAKEBT32.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
DSCLIENT.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
WPNPINS.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
EXPAND.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
LDIFDE.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
LLSSRV.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
NTSD.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
REGEDIT.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SCHUPGR.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
APCOMPAT.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
BUILDCHK.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
ADC.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
EDSSTUB.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
IASNT4.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
PBAINST.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
MAKEBT32.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
EXPAND.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
NTSD.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
REGEDIT.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
TELNET.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
APCOMPAT.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
ADC.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
EDSSTUB.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
IASNT4.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
PBAINST.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
MAKEBT32.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
DSCLIENT.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
WPNPINS.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
EXPAND.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
LDIFDE.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
LLSSRV.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
NTSD.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
REGEDIT.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SCHUPGR.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
APCOMPAT.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
BUILDCHK.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
ADC.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
EDSSTUB.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
SETUP.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
IASNT4.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
PBAINST.EXE;C:\Documents and Settings\minaj\Local Settings\Application Data\Microsoft\CD Burning\EN_WINDOWS_2000_PRO_SERVER_ADVSERVER\ENGLI;Win32.Virut.56;Cured.;
carena.exe;C:\Documents and Settings\ruthg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
highway35.exe;C:\Documents and Settings\ruthg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
hub.exe;C:\Documents and Settings\ruthg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
RUPDATE.EXE;C:\Documents and Settings\ruthg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
stunton.exe;C:\Documents and Settings\ruthg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
UPDATE.EXE;C:\Documents and Settings\ruthg\Application Data\Macromedia\Shockwave Player\DswMedia;Win32.Virut.56;Cured.;
cleanup.exe;C:\Documents and Settings\ruthg\Application Data\U3\temp;Win32.Virut.56;Cured.;
Launchpad Removal.exe;C:\Documents and Settings\ruthg\Application Data\U3\temp;Win32.Virut.56;Cured.;
Connect.exe;C:\ExecSoft\Diskeep;Win32.Virut.56;Cured.;
Control.exe;C:\ExecSoft\Diskeep;Win32.Virut.56;Cured.;
DkService.exe;C:\ExecSoft\Diskeep;Win32.Virut.56;Cured.;
DkWork.exe;C:\ExecSoft\Diskeep;Win32.Virut.56;Cured.;
Uninstall.exe;C:\ExecSoft\Diskeep;Win32.Virut.56;Cured.;
ScanFat.exe;C:\ExecSoft\Diskeep\Analyze;Win32.Virut.56;Cured.;
ScanNtfs.exe;C:\ExecSoft\Diskeep\Analyze;Win32.Virut.56;Cured.;
DkFat.exe;C:\ExecSoft\Diskeep\Defrag;Win32.Virut.56;Cured.;
DkNtfs.exe;C:\ExecSoft\Diskeep\Defrag;Win32.Virut.56;Cured.;
fsnap.exe;C:\fsnap;Win32.Virut.56;Cured.;
paintball2.exe;C:\Games\Paintball2;Win32.Virut.56;Cured.;
serverbrowser.exe;C:\Games\Paintball2;Win32.Virut.56;Cured.;
AddDevicePath.exe;C:\hp\bin;Win32.Virut.56;Cured.;
automod32.exe;C:\hp\bin;Win32.Virut.56;Cured.;
autorun.exe;C:\hp\bin;Win32.Virut.56;Cured.;
AUTOTBAR.EXE;C:\hp\bin;Win32.Virut.56;Cured.;
CleanRec.exe;C:\hp\bin;Win32.Virut.56;Cured.;
cloaker.exe;C:\hp\bin;Win32.Virut.56;Cured.;
COMMANDS.EXE;C:\hp\bin;Win32.Virut.56;Cured.;
FindWindow.exe;C:\hp\bin;Win32.Virut.56;Cured.;
Finis.exe;C:\hp\bin;Win32.Virut.56;Cured.;
FondleWindow.exe;C:\hp\bin;Win32.Virut.56;Cured.;
FullScreen.exe;C:\hp\bin;Win32.Virut.56;Cured.;
HPBI.exe;C:\hp\bin;Win32.Virut.56;Cured.;
HPLocale.exe;C:\hp\bin;Win32.Virut.56;Cured.;
HPPICT.EXE;C:\hp\bin;Win32.Virut.56;Cured.;
HtmlMsg.exe;C:\hp\bin;Win32.Virut.56;Cured.;
IniMerge.exe;C:\hp\bin;Win32.Virut.56;Cured.;
IsRunning.exe;C:\hp\bin;Win32.Virut.56;Cured.;
KBUPDATE.EXE;C:\hp\bin;Win32.Virut.56;Cured.;
KillIt.exe;C:\hp\bin;Win32.Virut.56;Cured.;
KillWind.exe;C:\hp\bin;Win32.Virut.56;Cured.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;;
Locale.exe;C:\hp\bin;Win32.Virut.56;Cured.;
MsgAction.exe;C:\hp\bin;Win32.Virut.56;Cured.;
OSType.exe;C:\hp\bin;Win32.Virut.56;Cured.;
ProcessLogger.exe;C:\hp\bin;Win32.Virut.56;Cured.;
Progress.exe;C:\hp\bin;Win32.Virut.56;Cured.;
PwrMgt.exe;C:\hp\bin;Win32.Virut.56;Cured.;
RefCount.exe;C:\hp\bin;Win32.Virut.56;Cured.;
RPCOPY.EXE;C:\hp\bin;Win32.Virut.56;Cured.;
SendKey.exe;C:\hp\bin;Win32.Virut.56;Cured.;
SetIni.exe;C:\hp\bin;Win32.Virut.56;Cured.;
SetRes.exe;C:\hp\bin;Win32.Virut.56;Cured.;
Sleep.exe;C:\hp\bin;Win32.Virut.56;Cured.;
Spawn.exe;C:\hp\bin;Win32.Virut.56;Cured.;
Terminator.exe;C:\hp\bin;Win32.Virut.56;Cured.;
Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;
TransientMessage.exe;C:\hp\bin;Win32.Virut.56;Cured.;
UIni.exe;C:\hp\bin;Win32.Virut.56;Cured.;
USBPwrMGMT.exe;C:\hp\bin;Win32.Virut.56;Cured.;
CDSTART.EXE;C:\hp\bin\firewallnorton;Win32.Virut.56;Cured.;
Alcxmntr.exe;C:\hp\drivers\audio\Realtek;Win32.Virut.56;Cured.;
PS2.EXE;C:\hp\drivers\keyboard;Win32.Virut.56;Cured.;
hpzglu05.exe;C:\hp\drivers\printers\deskjet;Win32.Virut.56;Cured.;
hpzpdu.exe;C:\hp\drivers\printers\deskjet;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\3320;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\3320\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\3320\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\3320\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\3320\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\3420;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\3420\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\3420\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\3420\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\3420\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\3820;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\3820\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\3820\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\3820\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\3820\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\5550;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\5550\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\5550\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\5550\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\5550\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\920c;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\920c\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\920c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\920c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\920c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\930c;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\930c\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\930c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\930c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\930c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\940c;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\940c\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\940c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\940c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\940c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\960c;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\960c\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\960c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\960c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\960c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\990c;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\deskjet\990c\enu\nt4\disk1;Win32.Virut.56;Cured.;
hpfinstx.exe;C:\hp\drivers\printers\deskjet\990c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\deskjet\990c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\deskjet\990c\enu\nt4\disk1\nt4;Win32.Virut.56;Cured.;
hpfpdi05.exe;C:\hp\drivers\printers\deskjet\util\3320;Win32.Virut.56;Cured.;
hpzghl05.exe;C:\hp\drivers\printers\deskjet\util\3320;Win32.Virut.56;Cured.;
hpzpin05.exe;C:\hp\drivers\printers\deskjet\util\3320;Win32.Virut.56;Cured.;
hpfpdi05.exe;C:\hp\drivers\printers\deskjet\util\3420;Win32.Virut.56;Cured.;
hpzghl05.exe;C:\hp\drivers\printers\deskjet\util\3420;Win32.Virut.56;Cured.;
hpzpin05.exe;C:\hp\drivers\printers\deskjet\util\3420;Win32.Virut.56;Cured.;
hpfpdi05.exe;C:\hp\drivers\printers\deskjet\util\common;Win32.Virut.56;Cured.;
hpzghl05.exe;C:\hp\drivers\printers\deskjet\util\common;Win32.Virut.56;Cured.;
hpzpin05.exe;C:\hp\drivers\printers\deskjet\util\common;Win32.Virut.56;Cured.;
hphipm11.exe;C:\hp\drivers\printers\photosmart;Win32.Virut.56;Cured.;
hpzglu07.exe;C:\hp\drivers\printers\photosmart;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\photosmart;Win32.Virut.56;Cured.;
SysReq.exe;C:\hp\drivers\printers\photosmart\ccc;Win32.Virut.56;Cured.;
usbready.exe;C:\hp\drivers\printers\photosmart\ccc;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\photosmart\DigitImg;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\printers\photosmart\enu\nt4\Disk1;Win32.Virut.56;Cured.;
hpfldr.exe;C:\hp\drivers\printers\photosmart\enu\nt4\Disk1\nt4;Win32.Virut.56;Cured.;
hpfsplsh.exe;C:\hp\drivers\printers\photosmart\enu\nt4\Disk1\nt4;Win32.Virut.56;Cured.;
Hphuni04.exe;C:\hp\drivers\printers\photosmart\enu\nt4\Disk1\nt4;Win32.Virut.56;Cured.;
Hphver04.exe;C:\hp\drivers\printers\photosmart\enu\nt4\Disk1\nt4;Win32.Virut.56;Cured.;
Hphusg04.exe;C:\hp\drivers\printers\photosmart\UsageApp;Win32.Virut.56;Cured.;
hphghl04.exe;C:\hp\drivers\printers\photosmart\util\Hid;Win32.Virut.56;Cured.;
hphpdi04.exe;C:\hp\drivers\printers\photosmart\util\Hid;Win32.Virut.56;Cured.;
HPHipm11.exe;C:\hp\drivers\printers\photosmart\w2kio;Win32.Virut.56;Cured.;
hphwup04.exe;C:\hp\drivers\printers\photosmart\WebUpdat;Win32.Virut.56;Cured.;
dmcpl.exe;C:\hp\drivers\video\nVidia;Win32.Virut.56;Cured.;
nvsvc32.exe;C:\hp\drivers\video\nVidia;Win32.Virut.56;Cured.;
nwiz.exe;C:\hp\drivers\video\nVidia;Win32.Virut.56;Cured.;
setup.exe;C:\hp\drivers\video\nVidia;Win32.Virut.56;Cured.;
shortcut.exe;C:\hp\DTIcons;Win32.Virut.56;Cured.;
splash.exe;C:\hp\DTIcons\Splash\Entertainment;Win32.Virut.56;Cured.;
showdetto.exe;C:\hp\DTIcons\Splash\HotDeals;Win32.Virut.56;Cured.;
splash.exe;C:\hp\DTIcons\Splash\HotDeals;Win32.Virut.56;Cured.;
showdetto.exe;C:\hp\DTIcons\Splash\Security;Win32.Virut.56;Cured.;
splash.exe;C:\hp\DTIcons\Splash\Security;Win32.Virut.56;Cured.;
AutoTBar.exe;C:\hp\EXPLOREBAR;Win32.Virut.56;Cured.;
HPPICT.exe;C:\hp\EXPLOREBAR;Win32.Virut.56;Cured.;
HPTKReg.exe;C:\hp\EXPLOREBAR;Win32.Virut.56;Cured.;
Setbg.exe;C:\hp\EXPLOREBAR;Win32.Virut.56;Cured.;
UnHPTKIT.exe;C:\hp\EXPLOREBAR;Win32.Virut.56;Cured.;
Music_AN.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_FC.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_HK.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_IN.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_KO.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_LA.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_NA.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_SC.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_SE.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Music_TW.exe;C:\hp\EXPLOREBAR\ABOUT\mAbout;Win32.Virut.56;Cured.;
Picture_AN.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_FC.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_HK.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_IN.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_KO.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_LA.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_NA.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_SC.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_SE.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Picture_TW.exe;C:\hp\EXPLOREBAR\ABOUT\pAbout;Win32.Virut.56;Cured.;
Video_AN.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_FC.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_HK.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_IN.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_KO.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_LA.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_NA.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_SC.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_SE.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
Video_TW.exe;C:\hp\EXPLOREBAR\ABOUT\vAbout;Win32.Virut.56;Cured.;
STPAGE.exe;C:\hp\EXPLOREBAR\STATIC;Win32.Virut.56;Cured.;
UnHPTKIT.exe;C:\hp\EXPLOREBAR\UNINST;Win32.Virut.56;Cured.;
HPBrowser.exe;C:\hp\Features\bin;Win32.Virut.56;Cured.;
PCIFINDX.exe;C:\hp\patches\33NA0BLU\ATI\Execute;Win32.Virut.56;Cured.;
Setup.exe;C:\hp\patches\33NA0BLU\ATI\src\CPanel;Win32.Virut.56;Cured.;
IcoSet.exe;C:\hp\patches\33NA0BLU\IcoSet;Win32.Virut.56;Cured.;
PCIFINDX.exe;C:\hp\patches\33NA0BLU\IcoSet;Win32.Virut.56;Cured.;
WinDVD.exe;C:\hp\patches\33NA0BLU\Intervideo;Win32.Virut.56;Cured.;
devcon.exe;C:\hp\patches\33NA0BLU\nVidia\Execute;Win32.Virut.56;Cured.;
PCIFINDX.exe;C:\hp\patches\33NA0BLU\nVidia\Execute;Win32.Virut.56;Cured.;
dmcpl.exe;C:\hp\patches\33NA0BLU\nVidia\src;Win32.Virut.56;Cured.;
nvsvc32.exe;C:\hp\patches\33NA0BLU\nVidia\src;Win32.Virut.56;Cured.;
nwiz.exe;C:\hp\patches\33NA0BLU\nVidia\src;Win32.Virut.56;Cured.;
setup.exe;C:\hp\patches\33NA0BLU\nVidia\src;Win32.Virut.56;Cured.;
instlsp.exe;C:\hp\patches\33NA0BLU\Spam;Win32.Virut.56;Cured.;
CD Creator.exe;C:\hp\patches\33WW1CDC\Files;Win32.Virut.56;Cured.;
PCIFINDX.exe;C:\hp\patches\33WW1NVI\33WW1NVI;Win32.Virut.56;Cured.;
Setup.exe;C:\hp\patches\33WW1RDR\CardReader4\UnInstall;Win32.Virut.56;Cured.;
SetRes.exe;C:\hp\patches\33WW3NVD\SetRes;Win32.Virut.56;Cured.;
PCIFINDX.exe;C:\hp\patches\33WW3NVD\SetRes\SetRes;Win32.Virut.56;Cured.;
wallpaper.exe;C:\hp\region\wallpaper;Win32.Virut.56;Cured.;
REGINIT.EXE;C:\hp\register;Win32.Virut.56;Cured.;
HPSysInfo.exe;C:\hp\support;Win32.Virut.56;Cured.;
autorun.exe;C:\hp\vinetlink;Win32.Virut.56;Cured.;
VINETLINK.exe;C:\hp\vinetlink;Win32.Virut.56;Cured.;
EXPAND.EXE;C:\I386;Win32.Virut.56;Cured.;
NETSETUP.EXE;C:\I386;Win32.Virut.56;Cured.;
NTSD.EXE;C:\I386;Win32.Virut.56;Cured.;
REGEDIT.EXE;C:\I386;Win32.Virut.56;Cured.;
SYSPARSE.EXE;C:\I386;Win32.Virut.56;Cured.;
TELNET.EXE;C:\I386;Win32.Virut.56;Cured.;
WINNT32.EXE;C:\I386;Win32.Virut.56;Cured.;
UNWISE.EXE;C:\Program Files\3DBoxShotMaker;Win32.Virut.56;Cured.;
7z.exe;C:\Program Files\7-Zip;Win32.Virut.56;Cured.;
7zFM.exe;C:\Program Files\7-Zip;Win32.Virut.56;Cured.;
7zG.exe;C:\Program Files\7-Zip;Win32.Virut.56;Cured.;
bspc.exe;C:\Program Files\Activision\EF2;Win32.Virut.56;Cured.;
radiant.exe;C:\Program Files\Activision\EF2;Win32.Virut.56;Cured.;
ubermap.exe;C:\Program Files\Activision\EF2;Win32.Virut.56;Cured.;
dlgedit2.exe;C:\Program Files\Activision\EF2\Utilities;Win32.Virut.56;Cured.;
fontgen.exe;C:\Program Files\Activision\EF2\Utilities;Win32.Virut.56;Cured.;
LODTweak.exe;C:\Program Files\Activision\EF2\Utilities;Win32.Virut.56;Cured.;
lipsync.exe;C:\Program Files\Activision\EF2\Utilities\Lipsync;Win32.Virut.56;Cured.;
max2skl.exe;C:\Program Files\Activision\EF2\Utilities\MAX Utilities;Win32.Virut.56;Cured.;
max2tan.exe;C:\Program Files\Activision\EF2\Utilities\MAX Utilities;Win32.Virut.56;Cured.;
AcrobatInfo.exe;C:\Program Files\Adobe\Acrobat 7.0\Acrobat;Win32.Virut.56;Cured.;
acrobat_sl.exe;C:\Program Files\Adobe\Acrobat 7.0\Acrobat;Win32.Virut.56;Cured.;
capserve.exe;C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture\Server\Roman;Win32.Virut.56;Cured.;
Droplet.exe;C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Preflight;Win32.Virut.56;Cured.;
Acrobat Elements.exe;C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements;Win32.Virut.56;Cured.;
ConvertIP.exe;C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0;Win32.Virut.56;Cured.;
ConvertPDF.exe;C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0;Win32.Virut.56;Cured.;
ConvertWord.exe;C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0;Win32.Virut.56;Cured.;
FormDesigner.exe;C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0;Win32.Virut.56;Cured.;
ConvertIFD.exe;C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertIFD;Win32.Virut.56;Cured.;
acrodist.exe;C:\Program Files\Adobe\Acrobat 7.0\Distillr;Win32.Virut.56;Cured.;
acrotray.exe;C:\Program Files\Adobe\Acrobat 7.0\Distillr;Win32.Virut.56;Cured.;
Pm70.exe;C:\Program Files\Adobe\PageMaker 7.0;Win32.Virut.56;Cured.;
MSPublisher_Quark Converter.exe;C:\Program Files\Adobe\PageMaker 7.0\Converter for MSP_QXP;Win32.Virut.56;Cured.;
KMONINST.EXE;C:\Program Files\Adobe\PageMaker 7.0\Extras\CALBRATE\MONGEN;Win32.Virut.56;Cured.;
MSPConv.exe;C:\Program Files\Adobe\PageMaker 7.0\Extras\Converter for Publisher 95-97;Win32.Virut.56;Cured.;
PPD.EXE;C:\Program Files\Adobe\PageMaker 7.0\Extras\PRINT;Win32.Virut.56;Cured.;
DEAPP.EXE;C:\Program Files\Adobe\PageMaker 7.0\Extras\TEXT;Win32.Virut.56;Cured.;
XPMConv.exe;C:\Program Files\Adobe\PageMaker 7.0\Extras\XPlatConv;Win32.Virut.56;Cured.;
TABLE30.EXE;C:\Program Files\Adobe\PageMaker 7.0\TABLE30;Win32.Virut.56;Cured.;
DIFxSetup.exe;C:\Program Files\AGEIA Technologies\driver\x86\1.1.1.14;Win32.Virut.56;Cured.;
rescanDevNode.exe;C:\Program Files\AGEIA Technologies\driver\x86\1.1.1.14;Win32.Virut.56;Cured.;
pythonservice.exe;C:\Program Files\AGI\common\win32;Win32.Virut.56;Cured.;
win32popenWin9x.exe;C:\Program Files\AGI\common\win32;Win32.Virut.56;Cured.;
python.exe;C:\Program Files\AGI\Python25;Win32.Virut.56;Cured.;
pythonw.exe;C:\Program Files\AGI\Python25;Win32.Virut.56;Cured.;
Removepitchbend.exe;C:\Program Files\AGI\Python25;Win32.Virut.56;Cured.;
aimauto.exe;C:\Program Files\AIM95;Win32.Virut.56;Cured.;
Patcher.exe;C:\Program Files\AIM95;Win32.Virut.56;Cured.;
SendFile.exe;C:\Program Files\AIM95;Win32.Virut.56;Cured.;
ShareFile.exe;C:\Program Files\AIM95;Win32.Virut.56;Cured.;
Unwise32.exe;C:\Program Files\AIM95;Win32.Virut.56;Cured.;
AIMBarInstall.exe;C:\Program Files\AIM95\Sysfiles;Win32.Virut.56;Cured.;
AIMWDInstall.exe;C:\Program Files\AIM95\Sysfiles;Win32.Virut.56;Cured.;
AIMWDUninstall.exe;C:\Program Files\AIM95\Sysfiles;Win32.Virut.56;Cured.;
AolOnDesktop.exe;C:\Program Files\AIM95\Sysfiles;Win32.Virut.56;Cured.;
WxBug.EXE;C:\Program Files\AIM95\Sysfiles;Adware.Aws;;
demo32.exe;C:\Program Files\Alohabob\UltraWeb;Win32.Virut.56;Cured.;
Launch.exe;C:\Program Files\Alohabob\UltraWeb;Win32.Virut.56;Cured.;
Setup.exe;C:\Program Files\Alohabob\UltraWeb\Install\Media\CD-ROM\Disk1;Win32.Virut.56;Cured.;
MakeDisks.exe;C:\Program Files\Alohabob\UltraWeb\Install\Media\Floppies;Win32.Virut.56;Cured.;
Setup.exe;C:\Program Files\Alohabob\UltraWeb\Install\Media\Floppies\Disk1;Win32.Virut.56;Cured.;
accdef.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
aol.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
aolphx.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
aoltray.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
diskinst.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
RBM.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
shellmon.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
shellrestart.exe;C:\Program Files\America Online 9.0;Win32.Virut.56;Cured.;
Real.exe;C:\Program Files\America Online 9.0\Jiti;Win32.Virut.56;Cured.;
real_upd.exe;C:\Program Files\America Online 9.0\Jiti;Win32.Virut.56;Cured.;
AolAod.exe;C:\Program Files\AOD;Win32.Virut.56;Cured.;
GtAOD.exe;C:\Program Files\AOD;Win32.Virut.56;Cured.;
companion.exe;C:\Program Files\AOL Companion;Win32.Virut.56;Cured.;
ArcRegister.exe;C:\Program Files\ArcSoft\ShowBiz DVD;Win32.Virut.56;Cured.;
CheckUpdate.exe;C:\Program Files\ArcSoft\ShowBiz DVD;Win32.Virut.56;Cured.;
ShowBiz.exe;C:\Program Files\ArcSoft\ShowBiz DVD;Win32.Virut.56;Cured.;
Funhouse.exe;C:\Program Files\ArcSoft\Software Suite\Funhouse;Win32.Virut.56;Cured.;
Greeting Card.exe;C:\Program Files\ArcSoft\Software Suite\Greeting Card Creator;Win32.Virut.56;Cured.;
PhotoImpression.exe;C:\Program Files\ArcSoft\Software Suite\PhotoImpression;Win32.Virut.56;Cured.;
ArcRegister.exe;C:\Program Files\ArcSoft\Software Suite\Web\register;Win32.Virut.56;Cured.;
audacity.exe;C:\Program Files\Audacity;Win32.Virut.56;Cured.;
upx.exe;C:\Program Files\AutoIt3\Aut2Exe;Win32.Virut.56;Cured.;
AutoItV2toV3.exe;C:\Program Files\AutoIt3\Extras\v2_to_v3_Converter;Win32.Virut.56;Cured.;
SciTE.exe;C:\Program Files\AutoIt3\SciTE;Win32.Virut.56;Cured.;
designp.exe;C:\Program Files\Avery\DesignPro\DesignPro;Win32.Virut.56;Cured.;
blender.exe;C:\Program Files\Blender Foundation\Blender;Win32.Virut.56;Cured.;
blenderplayer.exe;C:\Program Files\Blender Foundation\Blender;Win32.Virut.56;Cured.;
CNDNDlg.exe;C:\Program Files\Canon\EOS E3KR WIA;Win32.Virut.56;Cured.;
CAPEZE97.EXE;C:\Program Files\CaptureEze97;Win32.Virut.56;Cured.;
cs.exe;C:\Program Files\CharacterShop;Win32.Virut.56;Cured.;
ceregreset.exe;C:\Program Files\Cheat Engine;Win32.Virut.56;Cured.;
Cheat Engine.exe;C:\Program Files\Cheat Engine;Win32.Virut.56;Cured.;
EmptyProcess.exe;C:\Program Files\Cheat Engine;Win32.Virut.56;Cured.;
EmptyProcess.exe;C:\Program Files\Cheat Engine;Win32.HLLW.Viking.34;Deleted.;
Kernelmoduleunloader.exe;C:\Program Files\Cheat Engine;Win32.Virut.56;Cured.;
Systemcallretriever.exe;C:\Program Files\Cheat Engine;Win32.Virut.56;Cured.;
systemcallsignal.exe;C:\Program Files\Cheat Engine;Win32.Virut.56;Cured.;
Tutorial.exe;C:\Program Files\Cheat Engine;Win32.Virut.56;Cured.;
AOM.exe;C:\Program Files\Common Files\Adobe\Web;Win32.Virut.56;Cured.;
uninstaller.exe;C:\Program Files\Common Files\AOL;Win32.Virut.56;Cured.;
AcsUninstall.exe;C:\Program Files\Common Files\AOL\ACS;Win32.Virut.56;Cured.;
fix_vcrt.exe;C:\Program Files\Common Files\AOL\ACS;Win32.Virut.56;Cured.;
ospath.exe;C:\Program Files\Common Files\AOL\ACS;Win32.Virut.56;Cured.;
wanmpsvc.exe;C:\Program Files\Common Files\AOL\ACS;Win32.Virut.56;Cured.;
aolcinst.exe;C:\Program Files\Common Files\aolback\Comps\coach;Win32.Virut.56;Cured.;
realpl8.exe;C:\Program Files\Common Files\aolback\Comps\rp;Win32.Virut.56;Cured.;
rp9codec.exe;C:\Program Files\Common Files\aolback\Comps\rp;Win32.Virut.56;Cured.;
VPPrePop.exe;C:\Program Files\Common Files\aolback\Comps\vwpt;Win32.Virut.56;Cured.;
sinf.exe;C:\Program Files\Common Files\aolshare\sysinfo;Win32.Virut.56;Cured.;
tb80main.exe;C:\Program Files\Common Files\click2learn\TBSystem;Win32.Virut.56;Cured.;
tb80run.exe;C:\Program Files\Common Files\click2learn\TBSystem;Win32.Virut.56;Cured.;
tbload.exe;C:\Program Files\Common Files\click2learn\TBSystem;Win32.Virut.56;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Virut.56;Cured.;
IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32;Win32.Virut.56;Cured.;
IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32;Win32.Virut.56;Cured.;
IKernel.exe;C:\Program Files\Common Files\InstallShield\engine\6\Intel 32;Win32.Virut.56;Cured.;
DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32;Win32.Virut.56;Cured.;
DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32;Win32.Virut.56;Cured.;
Assist.exe;C:\Program Files\Common Files\Intuit\Internet Client;Win32.Virut.56;Cured.;
axlbridge.exe;C:\Program Files\Common Files\Intuit\QuickBooks;Win32.Virut.56;Cured.;
QBLaunch.exe;C:\Program Files\Common Files\Intuit\QuickBooks;Win32.Virut.56;Cured.;
SR_FedEx_PLS.exe;C:\Program Files\Common Files\Intuit\QuickBooks;Win32.Virut.56;Cured.;
launcher.exe;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Virut.56;Cured.;
zipper.exe;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Virut.56;Cured.;
ARTGALRY.EXE;C:\Program Files\Common Files\Microsoft Shared\Artgalry;Win32.Virut.56;Cured.;
CAG.EXE;C:\Program Files\Common Files\Microsoft Shared\Artgalry;Win32.Virut.56;Cured.;
wzcnflct.exe;C:\Program Files\Common Files\Microsoft Shared\Database Replication\Conflict Viewer;Win32.Virut.56;Cured.;
dexplore.exe;C:\Program Files\Common Files\Microsoft Shared\Help;Win32.Virut.56;Cured.;
msinfo32.exe;C:\Program Files\Common Files\Microsoft Shared\MSInfo;Win32.Virut.56;Cured.;
OFFPROV.EXE;C:\Program Files\Common Files\Microsoft Shared\MSInfo;Win32.Virut.56;Cured.;
MSOICONS.EXE;C:\Program Files\Common Files\Microsoft Shared\Office10;Win32.Virut.56;Cured.;
ORGCHART.EXE;C:\Program Files\Common Files\Microsoft Shared\Orgchart;Win32.Virut.56;Cured.;
sapisvr.exe;C:\Program Files\Common Files\Microsoft Shared\Speech;Win32.Virut.56;Cured.;
cfgwiz.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin;Win32.Virut.56;Cured.;
fpremadm.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin;Win32.Virut.56;Cured.;
FPSERVER.EXE;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin;Win32.Virut.56;Cured.;
fpsrvadm.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin;Win32.Virut.56;Cured.;
HTIMAGE.EXE;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin;Win32.Virut.56;Cured.;
IMAGEMAP.EXE;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin;Win32.Virut.56;Cured.;
tcptest.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin;Win32.Virut.56;Cured.;
fpcount.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi;Win32.Virut.56;Cured.;
fpcount.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin;Win32.Virut.56;Cured.;
shtml.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin;Win32.Virut.56;Cured.;
admin.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm;Win32.Virut.56;Cured.;
author.exe;C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut;Win32.Virut.56;Cured.;
WRDART32.EXE;C:\Program Files\Common Files\Microsoft Shared\WordArt;Win32.Virut.56;Cured.;
AOLMediaPlaybackControl.exe;C:\Program Files\Common Files\Nullsoft\ActiveX;Win32.Virut.56;Cured.;
ProxyConfig.exe;C:\Program Files\Common Files\Nullsoft\ActiveX\2.6;Win32.Virut.56;Cured.;
Uninstall.exe;C:\Program Files\Common Files\Nullsoft\ActiveX\2.6;Win32.Virut.56;Cured.;
realevent.exe;C:\Program Files\Common Files\Real\Update_OB;Win32.Virut.56;Cured.;
realsched.exe;C:\Program Files\Common Files\Real\Update_OB;Win32.Virut.56;Cured.;
rnathchk.exe;C:\Program Files\Common Files\Real\Update_OB;Win32.Virut.56;Cured.;
rnuninst.exe;C:\Program Files\Common Files\Real\Update_OB;Win32.Virut.56;Cured.;
rnxproc.exe;C:\Program Files\Common Files\Real\Update_OB;Win32.Virut.56;Cured.;
upgrdhlp.exe;C:\Program Files\Common Files\Real\Update_OB;Win32.Virut.56;Cured.;
sgtray.exe;C:\Program Files\Common Files\Sonic\Update Manager;Win32.Virut.56;Cured.;
IraLrShl.exe;C:\Program Files\Common Files\Symantec Shared\LiveReg;Win32.Virut.56;Cured.;
VcCleanUp.exe;C:\Program Files\Common Files\Symantec Shared\LiveReg;Win32.Virut.56;Cured.;
VcSetup.exe;C:\Program Files\Common Files\Symantec Shared\LiveReg;Win32.Virut.56;Cured.;
CNFNOT32.EXE;C:\Program Files\Common Files\System\Mapi\1033\NT;Win32.Virut.56;Cured.;
NEWPROF.EXE;C:\Program Files\Common Files\System\Mapi\1033\NT;Win32.Virut.56;Cured.;
SCANPST.EXE;C:\Program Files\Common Files\System\Mapi\1033\NT;Win32.Virut.56;Cured.;
WT10sptlEN.exe;C:\Program Files\Corel\Shared\Writing Tools\10.0;Win32.Virut.56;Cured.;
CARMOrganizer.exe;C:\Program Files\Corel\WordPerfect Office 2002\Programs;Win32.Virut.56;Cured.;
CdrConv.exe;C:\Program Files\Corel\WordPerfect Office 2002\Programs;Win32.Virut.56;Cured.;
PrintServer100.exe;C:\Program Files\Corel\WordPerfect Office 2002\Programs;Win32.Virut.56;Cured.;
Prwin10.exe;C:\Program Files\Corel\WordPerfect Office 2002\Programs;Win32.Virut.56;Cured.;
ps100.exe;C:\Program Files\Corel\WordPerfect Office 2002\Programs;Win32.Virut.56;Cured.;
QPW.exe;C:\Program Files\Corel\WordPerfect Office 2002\Programs;Win32.Virut.56;Cured.;
UA100.exe;C:\Program Files\Corel\WordPerfect Office 2002\Programs;Win32.Virut.56;Cured.;
wpwin10.exe;C:\Program Files\Corel\WordPerfect Office 2002\Programs;Win32.Virut.56;Cured.;
MaxRT.exe;C:\Program Files\Cycling '74\MaxMSP 4.6;Win32.Virut.56;Cured.;
autouchk.exe;C:\Program Files\Day-Timer Organizer 2000;Win32.Virut.56;Cured.;
dto2kpop.exe;C:\Program Files\Day-Timer Organizer 2000;Win32.Virut.56;Cured.;
xday.exe;C:\Program Files\Day-Timer Organizer 2000;Win32.Virut.56;Cured.;
xserv2k.exe;C:\Program Files\Day-Timer Organizer 2000;Win32.Virut.56;Cured.;
HPSdpApp.exe;C:\Program Files\Easy Internet signup;Win32.Virut.56;Cured.;
HPUpdater.exe;C:\Program Files\Easy Internet signup;Win32.Virut.56;Cured.;
bspc.exe;C:\Program Files\EjoyStudio\Activision\EF2;Win32.Virut.56;Cured.;
EF2.exe;C:\Program Files\EjoyStudio\Activision\EF2;Win32.Virut.56;Cured.;
3DWorldStudio.exe;C:\Program Files\EjoyStudio\DBORO\DarkBASIC Game Development Package\3D World Studio (Cracked);Win32.Virut.56;Cured.;
DB 1.75 crack.exe;C:\Program Files\EjoyStudio\DBORO\DarkBASIC Game Development Package\DarkBASIC Professional (Cracked)\CRACK;Win32.Virut.56;Cured.;
emusic_remote.exe;C:\Program Files\eMusic Remote;Win32.Virut.56;Cured.;
updater.exe;C:\Program Files\eMusic Remote\xulrunner;Win32.Virut.56;Cured.;
xpicleanup.exe;C:\Program Files\eMusic Remote\xulrunner;Win32.Virut.56;Cured.;
xulrunner.exe;C:\Program Files\eMusic Remote\xulrunner;Win32.Virut.56;Cured.;
filezilla.exe;C:\Program Files\FileZilla FTP Client;Win32.Virut.56;Cured.;
fzputtygen.exe;C:\Program Files\FileZilla FTP Client;Win32.Virut.56;Cured.;
fzsftp.exe;C:\Program Files\FileZilla FTP Client;Win32.Virut.56;Cured.;
Comrade.exe;C:\Program Files\GameSpy\Comrade;Win32.Virut.56;Cured.;
Updater.exe;C:\Program Files\GameSpy\Comrade\162;Win32.Virut.56;Cured.;
HAMMER.EXE;C:\Program Files\HammerHead;Win32.Virut.56;Cured.;
MAKEBANK.EXE;C:\Program Files\HammerHead;Win32.Virut.56;Cured.;
Uninstall.exe;C:\Program Files\HammerHead;Win32.Virut.56;Cured.;
hpqaprnt.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\Album;Win32.Virut.56;Cured.;
DestTest.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqaol08.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqclpbd.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqdclnt.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
Hpqdirec.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqdstcp.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqEmlsz.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqfru07.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqprntw.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqptc08.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqtax08.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqthb08.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqvwr08.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqwrap.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
hpqwrg.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
svtf.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\bin;Win32.Virut.56;Cured.;
EXTRACT.EXE;C:\Program Files\Hewlett-Packard\Digital Imaging\HPISInst;Win32.Virut.56;Cured.;
Install.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\HPISInst;Win32.Virut.56;Cured.;
InstWrp.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\HPISInst;Win32.Virut.56;Cured.;
HpqCmon.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\Unload;Win32.Virut.56;Cured.;
HpqPhUnl.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\Unload;Win32.Virut.56;Cured.;
HpqUnSet.exe;C:\Program Files\Hewlett-Packard\Digital Imaging\Unload;Win32.Virut.56;Cured.;
jview.exe;C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin;Win32.Virut.56;Cured.;
mad.exe;C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin;Win32.Virut.56;Cured.;
matcli.exe;C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin;Win32.Virut.56;Cured.;
MatcliWrapper.exe;C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin;Win32.Virut.56;Cured.;
MotiveBrowser.exe;C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin;Win32.Virut.56;Cured.;
MotiveDirectory.exe;C:\Program Files\Hewlett-Packard\HP Instant Support DI\common;Win32.Virut.56;Cured.;
motmon.exe;C:\Program Files\Hewlett-Packard\HP Instant Support DI\common;Win32.Virut.56;Cured.;
hpgs2wnd.exe;C:\Program Files\Hewlett-Packard\HP Share-to-Web;Win32.Virut.56;Cured.;
hpgs2wnf.exe;C:\Program Files\Hewlett-Packard\HP Share-to-Web;Win32.Virut.56;Cured.;
S2WEx.exe;C:\Program Files\Hewlett-Packard\HP Share-to-Web;Win32.Virut.56;Cured.;
Shar2Web.exe;C:\Program Files\Hewlett-Packard\HP Share-to-Web;Win32.Virut.56;Cured.;
hppcfg.exe;C:\Program Files\Hewlett-Packard\LaserJet All-in-one;Win32.Virut.56;Cured.;
hppdevchooser.exe;C:\Program Files\Hewlett-Packard\LaserJet All-in-one;Win32.Virut.56;Cured.;
hppsoftconfigpage.exe;C:\Program Files\Hewlett-Packard\LaserJet All-in-one;Win32.Virut.56;Cured.;
setup.exe;C:\Program Files\Hewlett-Packard\LaserJet All-in-one\Uninstall\2200;Win32.Virut.56;Cured.;
_isdel.exe;C:\Program Files\Hewlett-Packard\LaserJet All-in-one\Uninstall\2200;Win32.Virut.56;Cured.;
webreg.exe;C:\Program Files\Hewlett-Packard\LaserJet All-in-one\WebReg;Win32.Virut.56;Cured.;
hpod.exe;C:\Program Files\Hewlett-Packard\Memories Disc;Win32.Virut.56;Cured.;
hpodinst.exe;C:\Program Files\Hewlett-Packard\Memories Disc;Win32.Virut.56;Cured.;
hpodlog.exe;C:\Program Files\Hewlett-Packard\Memories Disc;Win32.Virut.56;Cured.;
UNWISE.EXE;C:\Program Files\HP Instant Support;Win32.Virut.56;Cured.;
hpzglu07.exe;C:\Program Files\HP Photosmart 11\hphinstall;Win32.Virut.56;Cured.;
setup.exe;C:\Program Files\HP Photosmart 11\hphinstall;Win32.Virut.56;Cured.;
hphghl04.exe;C:\Program Files\HP Photosmart 11\hphinstall\Util\Hid;Win32.Virut.56;Cured.;
hphpdi04.exe;C:\Program Files\HP Photosmart 11\hphinstall\Util\Hid;Win32.Virut.56;Cured.;
hphipm11.exe;C:\Program Files\HP Photosmart 11\hphinstall\w2kio;Win32.Virut.56;Cured.;
hpfinsta.exe;C:\Program Files\HP Photosmart 11\Printer;Win32.Virut.56;Cured.;
hpfiui.exe;C:\Program Files\HP Photosmart 11\Printer;Win32.Virut.56;Cured.;

#4 Mykard

Mykard
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 07 May 2009 - 12:33 PM

Thats as much of the log as it would allow me to post. But it seems like every exe file on the PC was infected. Thanks a lot for the help, anything else i should do ?

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 07 May 2009 - 03:25 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:09:41 AM

Posted 07 May 2009 - 05:26 PM

Er, Budapest.

Not to barge in, but Mykard is infected with Virut, which, to my understanding, the only way to actually remove this is to reformat.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 07 May 2009 - 05:34 PM

scff249, I don't mind if you barge in. And actually, you are right. The problem with Virut is that it sometimes corrupts the .exe files it infects. So even if you disinfect them they remain corrupted. I'm sorry to say Mykard that your best course of action is to format and reinstall Windows.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:09:41 AM

Posted 07 May 2009 - 05:39 PM

Just to add as well, if you want to backup important data, here's some guidelines:

Keep in mind, with a Virut infection, there is a chance you will infect the new hard drive. You can salvage your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. Do not attempt reovery of any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid recovering compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files.


From: http://www.bleepingcomputer.com/forums/ind...t&p=1253734

Edited by scff249, 07 May 2009 - 05:39 PM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#9 Mykard

Mykard
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 08 May 2009 - 06:35 AM

Wait, even after ive run the dr web- Cure-IT i am still infected ? Everything seems to be ok now.

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 08 May 2009 - 04:52 PM

Some reading material:

http://miekiemoes.blogspot.com/2008/06/vir...again-sigh.html
http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html

If you don't want to reinstall at this point I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Be sure to include a link to this thread so they can see what has already been tried.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

Edited by Budapest, 08 May 2009 - 04:54 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users