Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection. Can you please help me.


  • Please log in to reply
9 replies to this topic

#1 aburre2

aburre2

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 22 February 2010 - 07:00 PM

I used Hijack This and copied the log file. I think my computer is infected.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\895077.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PeerSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\fonts\services.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\WINDOWS\fonts\services.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\fonts\services.exe
O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: ,C:\WINDOWS\TEMP\mpcor_4194304.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: peersvc Service (peersvc) - Netopsystems A - C:\WINDOWS\system32\PeerSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Edited by Orange Blossom, 22 February 2010 - 10:24 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 aburre2

aburre2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 23 February 2010 - 12:34 AM

any help would be greatly appreciated



===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 23 February 2010 - 05:29 AM.


#3 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:57 PM

Posted 24 February 2010 - 08:15 PM

hi,

QUOTE
I think my computer is infected.
it is.

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\fonts\services.exe
O20 - AppInit_DLLs: ,C:\WINDOWS\TEMP\mpcor_4194304.dll

next to help show all files:
on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

reboot computer. Navigate to C:\WINDOWS\fonts and delete the services.exe
if you cant find it dont worry about it.

Last;

Please download Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

I also dont see a resident antivirus so next stop is to do a online scan;

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

finally get a AV installed. MS has a free one complete with anti-malware: Update it and scan your machine.
http://www.microsoft.com/Security_essentials/

Last:
after all the above rescan and post a new hjt log, include the top portion. Its missing in this hjt log, The malwarebytes log and the ESET log please

How Can I Reduce My Risk to Malware?


#4 aburre2

aburre2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 25 February 2010 - 03:49 AM

The MBAM Log
Scan type: Full Scan (C:\|)
Objects scanned: 164864
Time elapsed: 56 minute(s), 19 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 3
Registry Keys Infected: 9
Registry Values Infected: 16
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 51

Memory Processes Infected:
C:\WINDOWS\system32\281924.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\PeerSvc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\temp\229.tmp (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Delete on reboot.
C:\WINDOWS\system32\BtwSvc.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peersvc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe dmnv.pro mgvxnxy) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\281924.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\229.tmp (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FQPOHVP6\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FQPOHVP6\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FQPOHVP6\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FQPOHVP6\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FQPOHVP6\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PCY7RWCB\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PCY7RWCB\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PCY7RWCB\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PCY7RWCB\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PCY7RWCB\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RFYX0U0R\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RFYX0U0R\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RFYX0U0R\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RFYX0U0R\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WEAXWP8B\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WEAXWP8B\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WEAXWP8B\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WEAXWP8B\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2937846.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3156046.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmnv.pro (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3965067.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4751856.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5537485.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6146769.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6161265.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\646557.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7772181.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8119471.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8928645.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9303857.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9496254.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\t4m0_430469446656.bk (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\t4m0_43984564289.bk (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\t4m0_445233289020.bk (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\t4m0_92260410382.bk (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\tmp0_465617750196.bk (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\tmp0_544582889565.bk (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\tmp0_559293278858.bk (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmdtc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Allen Burrell\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PeerSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSvc.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opeia.exe (Backdoor.Bot) -> Quarantined and deleted successfully.




#5 aburre2

aburre2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 25 February 2010 - 04:00 AM

ESET LOG
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=52ed9d1ad28f804080f963b14775f901
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-25 08:55:46
# local_time=2010-02-25 02:55:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 19353672 19353672 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=48522
# found=553
# cleaned=551
# scan_time=1933
C:\Documents and Settings\All Users\Start Menu\Programs\setup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Thinstall\Microsoft Office Enterprise 2007\1000000b00002h\verclsid.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OffDiag.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Thinstall\Microsoft Office Enterprise 2007\300000003f00002h\CLVIEW.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Thinstall\Microsoft Office Enterprise 2007\300000005700002h\WINWORD.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Thinstall\Microsoft Office Enterprise 2007\300000008c00002h\offlb.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Thinstall\Microsoft Office Enterprise 2007\30000000cf00002h\MSTORDB.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Application Data\Thinstall\Microsoft Office Enterprise 2007\400000600002h\ctfmon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen Burrell\Desktop\ATF-Cleaner.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\EXPAND.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\FAXPATCH.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\NETSETUP.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\NTSD.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\REGEDIT.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\SPNPINST.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\SYSPARSE.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\TELNET.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\WINNT32.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\WIN9XMIG\FAX\AWDVSTUB.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\I386\WIN9XMIG\MAPI\DLL\MKNTFRMCACHE.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Active WebCam\PY_Uninstal.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwls32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver2.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver2.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\launcher.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\zipper.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\DivX\DivX Codec\config.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\DivX\DivX Codec\DivXsm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\DivX\DivX Converter\DivX Converter.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\DivX\DivX Player\DivX Player.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Hewlett-Packard\BrandIt\BrdItVer.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Hewlett-Packard\Documentation\HpDocViewer.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Hewlett-Packard\SDP\HPUpdater.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Hewlett-Packard\SDP\HPWaitWindow.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Hewlett-Packard\SDP\HPWriter.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\IDT\WDM\AESTFltr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\IDT\WDM\sttray.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\IDT\WDM\suhlp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Internet Explorer\ExtExport.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Internet Explorer\iedw.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\java-rmi.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\java.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\javacpl.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\javaws.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\keytool.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\kinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\klist.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\ktab.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\orbd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\pack200.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\policytool.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\rmid.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\rmiregistry.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\servertool.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\tnameserv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre1.6.0_06\bin\unpack200.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\LimeWire.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Marvell\Miniport Driver\installu.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Messenger\msmsgs.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Works\wksgsg.htm HTML/TrojanClicker.IFrame.NAP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\NetMeeting\cb32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\NetMeeting\conf.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\NetMeeting\wb32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Outlook Express\msimn.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Outlook Express\oemig50.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Outlook Express\setup50.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Outlook Express\wab.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Outlook Express\wabmig.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Real\RealPlayer\fixrjb.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Real\RealPlayer\realjbox.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Real\RealPlayer\converter\Update\r1puninst.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SUPERAntiSpyware\BootSafe.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SUPERAntiSpyware\SASINST.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\InstNT.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\SynMood.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\SynZMetr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\Tutorial.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\Media\InstNT.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\Media\setup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\Media\SynMood.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\Media\SynZMetr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Synaptics\SynTP\Media\Tutorial.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Connect 2\wmccds.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Connect 2\WMCCFG.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\migrate.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\mplayer2.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\setup_wm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\wmdbexport.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\wmlaunch.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\wmpenc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\wmplayer.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\wmpnetwk.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\wmpnscfg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\wmpshare.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Media Player\wmsetsdk.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\WinRAR\Rar.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\WinRAR\RarExtLoader.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\WinRAR\Uninstall.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\WinRAR\UnRAR.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\WinRAR\WinRAR.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Your Uninstaller 2010\fos.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Your Uninstaller 2010\inimerge.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SwSetup\HPQATTAgent\setup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SwSetup\HPQATTAgent\program files\AT&T\Service Activation\CAPDelayLauncher.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SYSTEM.SAV\util\CHKIMAGE.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SYSTEM.SAV\util\cvacompg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SYSTEM.SAV\util\DelDir.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SYSTEM.SAV\util\ISLOGCHK.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SYSTEM.SAV\util\PININST.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SYSTEM.SAV\util\PREINFO2.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\SYSTEM.SAV\util\REGDEV.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\explorer.exe Win32/Virut.NBP virus (error while cleaning) 00000000000000000000000000000000 I
C:\WINDOWS\grep.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\hh.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\MBR.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\NIRCMD.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\NOTEPAD.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\regedit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\sed.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\sttray.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SWREG.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SWSC.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SWXCACLS.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\TASKMAN.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\twunk_32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\winhlp32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\zip.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB923561\SP3QFE\wordpad.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB955839\SP3QFE\tzchange.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\sc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB960859\SP3QFE\telnet.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB960859\SP3QFE\tlntsess.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\ieudinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB969897-IE8\SP3QFE\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB972260-IE8\SP3QFE\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB974455-IE8\SP3QFE\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB923561$\wordpad.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB951978$\cscript.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB951978$\wscript.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB952069_WM9$\logagent.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB955839$\tzchange.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB956572$\services.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB960859$\telnet.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB970653-v3$\tzchange.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB976098-v2$\tzchange.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallKB979306$\tzchange.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\ctfmon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\explorer.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\lsass.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\services.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\spoolsv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\svchost.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\userinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\winlogon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\cache\wscntfy.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ERDNT\subs\ERDNT.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie7updates\KB963027-IE7\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie7updates\KB963027-IE7\ieudinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8\msfeedssync.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8\mshta.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8\winfxdocobj.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8updates\KB969897-IE8\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8updates\KB972260-IE8\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8updates\KB974455-IE8\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8updates\KB976325-IE8\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ie8updates\KB978207-IE8\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\inf\unregmp2.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\msagent\agentsvr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SoftwareDistribution\Download\ca9dce055d1f0f23d2b57daec177104f\tzchange.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\actmovie.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\AESTFltr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ahui.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\arp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\at.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\atmadm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\attrib.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\auditusr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\blastcln.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\bootok.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\bootvrfy.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cacls.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\chkdsk.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\chkntfs.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cidaemon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cisvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ckcnv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cleanmgr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cliconfg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\clipsrv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cmd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cmdl32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cmmon32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cmstp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\comp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\compact.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\conime.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\control.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\convert.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cscript.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ctfmon.exe Win32/Virut.NBP virus (error while cleaning) 00000000000000000000000000000000 I
C:\WINDOWS\system32\dcomcnfg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ddeshare.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\defrag.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dfrgfat.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dfrgntfs.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\diantz.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\diskpart.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\diskperf.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllhost.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllhst3g.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dmadmin.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dmremote.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\doskey.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dplaysvr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dpnsvr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dpvsetup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drmupgds.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drwtsn32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dumprep.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dvdplay.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dvdupgrd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dwwin.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dxdiag.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\esentutl.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\eudcedit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\eventvwr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\expand.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\extrac32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\find.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\findstr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\finger.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fixmapi.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fltMc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fontview.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\forcedos.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fsquirt.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fsutil.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ftp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\grpconv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\help.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\hkcmd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\hostname.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ie4uinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ieudinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\iexpress.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\igfxcfg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\igfxext.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\igfxpers.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\igfxsrvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\igfxtray.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\igfxzoom.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\imapi.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ipconfig.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ipsec6.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ipv6.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ipxroute.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\label.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\lights.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\lnkstub.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\locator.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\lodctr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\logagent.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\logman.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\logoff.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\logon.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\logonui.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\lpq.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\lpr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\magnify.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\makecab.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\migpwd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mmc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mmcperf.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mnmsrvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mobsync.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mountvol.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mpnotify.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mrinfo.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\msdtc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\msfeedssync.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\msg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mshta.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\msiexec.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\msswchx.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mstinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mstsc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\napstat.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\narrator.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\nbtstat.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\nddeapir.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\net.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\net1.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\netdde.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\netsetup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\netsh.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\netstat.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\notepad.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\nslookup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ntbackup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ntsd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ntvdm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\odbcad32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\odbcconf.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\osk.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\osuninst.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\packager.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\pathping.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\pentnt.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\perfmon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ping.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ping6.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\powercfg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\print.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\progman.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\proquota.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\proxycfg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\qappsrv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\qprocess.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\qwinsta.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rasautou.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rasdial.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rasphone.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rcimlby.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rcp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rdpclip.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rdsaddin.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rdshost.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\recover.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\reg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\regedt32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\regini.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\regsvr32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\regwiz.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\replace.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\reset.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rexec.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\route.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\routemon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rsh.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rsm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rsmsink.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rsmui.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rsvp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rtcshare.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\runas.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rundll32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\runonce.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rwinsta.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\savedump.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\scardsvr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\scrnsave.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sdbinst.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sessmgr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sethc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\setup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\setupn.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sfc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\shadow.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\shmgrate.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\shrpubw.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\shutdown.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sigverif.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\skeys.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\smbinst.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\smlogsvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sort.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\spnpinst.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ss3dfo.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ssbezier.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ssflwbox.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ssmarque.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ssmypics.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ssmyst.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sspipes.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ssstars.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sstext3d.scr Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\stimon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\subst.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\syncapp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\syskey.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sysocmgr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\systray.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\taskman.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\taskmgr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tcmsetup.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tcpsvcs.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\telnet.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tftp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tourstart.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tracert.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tracert6.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tscon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tsdiscon.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tskill.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tsshutdn.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tzchange.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\unlodctr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\upnpcont.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ups.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\userinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\usrmlnka.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\usrprbda.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\usrshuta.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\utilman.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\uwdf.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\verclsid.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\verifier.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\vssadmin.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\vssvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\w32tm.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wdfmgr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wextract.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wiaacmgr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\WinFXDocObj.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\winhlp32.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\winmsd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\winver.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\WISPTIS.EXE Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wpabaln.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wpdshextautoplay.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wpnpinst.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wscntfy.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wscript.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wuauclt1.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\WudfHost.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wupdmgr.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\xcopy.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\Com\comrepl.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\Com\comrereg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllcache\ieudinit.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllcache\services.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllcache\telnet.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllcache\wmiprvse.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllcache\wordpad.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\hkcmd.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxcfg.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxext.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxpers.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxsrvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxtray.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxzoom.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\npp\nppagent.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\oobe\DeleteLog.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\oobe\GetMName.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\oobe\killExe.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\oobe\msoobe.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\oobe\oobebaln.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\Restore\rstrui.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\Restore\srdiag.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\URTTemp\regtlib.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\usmt\migload.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\usmt\migwiz.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\usmt\migwiza.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\mofcomp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\scrcons.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\unsecapp.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\wbemtest.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\winmgmt.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\wmiadap.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\wmiapsrv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\wmiprvse.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\temp\mpcor_4194304.dll a variant of Win32/PSW.OnLineGames.OTG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


#6 aburre2

aburre2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 25 February 2010 - 06:34 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:34 AM, on 2/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2000555127-4053168126-3197449613-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2000555127-4053168126-3197449613-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-2000555127-4053168126-3197449613-1006 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 4257 bytes


#7 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:57 PM

Posted 25 February 2010 - 06:36 PM

Hi,

What a load, You had a nice assortment of malware on board. How long have you been without antivirus software? Its possible there could have been remote access to your machine. you should for sure change any passwords you use. You do any financial transactions on the machine? Wouldnt hurt to check malwarebytes for updates then do another pass with it.
We will get one more tool to use as a check for malware. Its called Combofix. there is a guide you need to read first. Read through the guide first, download combofix to your desktop, disable any running Antivirus or anti-malware, double click the combofix icon on your desktop and follow the prompts. Post the combofix log in your reply:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

How Can I Reduce My Risk to Malware?


#8 aburre2

aburre2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 25 February 2010 - 09:40 PM

Most of my passwords were saved to my computer. Is it possible to find out who had remote access to my computer?

#9 aburre2

aburre2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 25 February 2010 - 10:13 PM

COMBOFIX LOG
Running from: c:\documents and settings\Allen Burrell\Desktop\ComboFix.exe
AV: AVG Internet Security 3-pack *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\mlog
c:\windows\Install.txt
c:\windows\srchasst\nls302en.lex
c:\windows\system32\Install.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSVC
-------\Legacy_PEERSVC


((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-25 09:08 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-25 09:05 . 2010-02-25 09:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-25 08:16 . 2010-02-25 08:16 -------- d-----w- c:\program files\ESET
2010-02-24 08:00 . 2010-02-24 08:00 52224 ----a-w- c:\documents and settings\Allen Burrell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-24 08:00 . 2010-02-24 08:00 117760 ----a-w- c:\documents and settings\Allen Burrell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-24 07:59 . 2010-02-24 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-24 07:59 . 2010-02-25 08:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-24 07:59 . 2010-02-24 07:59 -------- d-----w- c:\documents and settings\Allen Burrell\Application Data\SUPERAntiSpyware.com
2010-02-24 07:38 . 2010-02-24 07:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 23:13 . 2010-02-22 23:13 -------- d-----w- c:\documents and settings\Allen Burrell\Local Settings\Application Data\Help
2010-02-22 19:55 . 2010-02-22 21:16 -------- d-----w- c:\program files\Enigma Software Group
2010-02-11 08:01 . 2010-02-25 08:38 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-02-11 03:31 . 2010-02-11 03:31 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-11 03:31 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-11 03:30 . 2010-02-11 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-11 03:30 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-11 01:32 . 2010-02-11 07:39 -------- d-----w- c:\documents and settings\Allen Burrell\Local Settings\Application Data\spvyxg
2010-02-11 01:32 . 2010-02-11 07:39 -------- d-----w- c:\documents and settings\Allen Burrell\Local Settings\Application Data\pbpdjr
2010-02-05 15:27 . 2010-02-05 15:27 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-02-04 18:09 . 2008-11-10 17:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-04 18:09 . 2006-10-27 01:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-04 18:04 . 2010-02-04 18:04 -------- d-----w- c:\program files\Microsoft.NET
2010-02-04 18:01 . 2010-02-04 18:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-04 18:00 . 2010-02-04 18:06 -------- d-----w- c:\windows\SHELLNEW
2010-02-04 17:59 . 2010-02-04 17:59 -------- d-----w- c:\documents and settings\Allen Burrell\Local Settings\Application Data\Microsoft Help
2010-02-04 17:59 . 2010-02-10 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-04 17:58 . 2010-02-04 17:58 -------- d-----r- C:\MSOCache
2010-02-04 17:54 . 2010-02-04 17:56 -------- d-----w- c:\temp\Office2007SP2
2010-02-04 17:54 . 2010-02-04 17:54 -------- d-----w- C:\temp
2010-02-04 05:35 . 2010-02-25 08:33 -------- d-----w- c:\program files\LimeWire
2010-02-01 06:55 . 2010-02-01 06:55 -------- d-----w- c:\program files\Common Files\xing shared
2010-02-01 06:55 . 2010-02-01 06:55 -------- d-----w- c:\program files\Real
2010-02-01 06:55 . 2010-02-01 06:55 -------- d-----w- c:\program files\Common Files\Real
2010-01-31 23:19 . 2008-05-01 03:01 108488 ----a-w- c:\windows\system32\drivers\dptrackerd.sys
2010-01-27 21:15 . 2010-01-27 21:15 -------- d-----w- c:\documents and settings\Allen Burrell\Application Data\DivX
2010-01-27 21:15 . 2007-08-13 20:51 446464 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-01-27 21:14 . 2010-01-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PY_Software
2010-01-27 21:14 . 2010-02-25 08:27 -------- d-----w- c:\program files\Active WebCam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 18:29 . 2009-11-01 07:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-25 09:18 . 2010-02-25 08:48 15360 ----a-w- c:\windows\system32\OLD3A5.tmp
2010-02-25 08:37 . 2008-12-19 07:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-25 08:35 . 2008-12-19 08:02 -------- d-----w- c:\program files\Microsoft Works
2010-02-25 06:42 . 2010-02-25 06:42 44 ----a-w- c:\windows\system32\227.tmp
2010-02-24 20:32 . 2009-06-05 05:01 -------- d-----w- c:\program files\Yahoo!
2010-02-24 19:20 . 2010-02-24 19:20 44 ----a-w- c:\windows\system32\17F.tmp
2010-02-24 17:31 . 2010-02-24 17:31 44 ----a-w- c:\windows\system32\74.tmp
2010-02-24 15:02 . 2010-02-24 15:02 44 ----a-w- c:\windows\system32\28.tmp
2010-02-24 09:20 . 2009-06-05 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-02-24 09:20 . 2010-02-24 09:20 44 ----a-w- c:\windows\system32\4.tmp
2010-02-24 08:53 . 2010-02-24 08:53 44 ----a-w- c:\windows\system32\10.tmp
2010-02-24 07:45 . 2010-02-24 07:45 44 ----a-w- c:\windows\system32\7.tmp
2010-02-24 03:25 . 2010-02-24 03:25 44 ----a-w- c:\windows\system32\5C.tmp
2010-02-23 21:07 . 2010-02-23 21:07 44 ----a-w- c:\windows\system32\3.tmp
2010-02-23 19:34 . 2010-02-23 19:34 0 ----a-w- c:\windows\system32\40B.tmp
2010-02-23 18:27 . 2010-02-23 18:27 44 ----a-w- c:\windows\system32\3A9.tmp
2010-02-23 16:36 . 2010-02-23 16:35 44 ----a-w- c:\windows\system32\356.tmp
2010-02-23 16:20 . 2010-02-23 16:20 0 ----a-w- c:\windows\system32\353.tmp
2010-02-23 05:13 . 2010-02-23 05:13 44 ----a-w- c:\windows\system32\2F5.tmp
2010-02-22 23:31 . 2010-02-22 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-02-22 23:13 . 2010-02-22 23:12 -------- d-----w- c:\program files\Security Task Manager
2010-02-22 20:51 . 2010-02-22 20:51 44 ----a-w- c:\windows\system32\33.tmp
2010-02-11 08:08 . 2009-11-19 01:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-10 15:44 . 2009-06-03 02:10 85384 ----a-w- c:\documents and settings\Allen Burrell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 18:06 . 2009-08-22 08:26 -------- d-----w- c:\program files\MSBuild
2010-02-01 06:55 . 2009-06-06 20:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-01 06:55 . 2009-06-06 20:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-28 17:59 . 2009-06-03 02:10 19448 ----a-w- c:\documents and settings\Allen Burrell\Application Data\wklnhst.dat
2010-01-20 22:43 . 2010-01-20 22:43 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-31 16:50 . 2008-04-15 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2007-08-14 09:54 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 07:08 . 2008-04-15 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2008-04-15 04:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-15 04:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-15 04:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 21:23 . 2009-12-02 21:23 149040 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-11-28 21:57 . 2009-11-28 21:57 143976 ----a-w- c:\documents and settings\Allen Burrell\Application Data\Move Networks\uninstall.exe
2009-11-28 21:57 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Allen Burrell\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-11-01 06:00 . 2009-11-01 06:00 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-01 198160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]

c:\documents and settings\Allen Burrell\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [12/19/2008 1:48 AM 112128]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 UCORESYS;UCORESYS;c:\swsetup\SP45107\UCORESYS.SYS [7/24/2008 3:16 PM 15432]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 00:02]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Allen Burrell\Application Data\Mozilla\Firefox\Profiles\140a4p55.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Allen Burrell\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 20:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,a9,cf,85,3d,eb,91,40,9b,45,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,a9,cf,85,3d,eb,91,40,9b,45,69,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\IDT\WDM\STacSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-25 21:09:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-26 03:08
ComboFix2.txt 2010-02-12 04:25
ComboFix3.txt 2009-12-21 02:27
ComboFix4.txt 2009-11-06 06:40

Pre-Run: 46,889,902,080 bytes free
Post-Run: 46,752,755,712 bytes free

- - End Of File - - 0493819B97303A5C7FDBF150359D77AF


#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:57 PM

Posted 26 February 2010 - 07:46 PM

hi,

QUOTE
Is it possible to find out who had remote access to my computer?

No, its not.

you also had a virus that infects files with .exe and .scr extensions. All these:
QUOTE
Win32/Virut.NBP virus

shown in the ESET log you posted. While it may be possible to clean them up with antivirus you have many many .exe on your machine.

you might consider a reformat/reinstall of Windows. A reformat would wipe your hard drive clean.
You can also try another tool:


Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit icon to start the program.
* press start
* Allow the program to run the initial express scan
* This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.
* Once the short scan has finished, check the Complete scan box on the left side, even if nothing was found on the initial scan.
* Then click the small green arrow button on the right under the Dr.Web Antivirus picture to start the complete scan. (This scan will take several hours)
* During this complete scan - if Dr.Web finds an infection a window will pop up requesting your attention. Select the Cure button.
Note:(If the file cannot be cured, Dr.Web will automatically delete the file)
* Once the scan is complete, on the menu bar, click file and choose report list.
* Save the report to your desktop. The report will be called DrWeb.csv
* Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
* Close Dr.Web Cureit.
* Please post the Dr.Web.txt report in your next reply

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users