Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

From -- Win32.Delf.uc -- to I know not where


  • This topic is locked This topic is locked
17 replies to this topic

#1 Post

Post

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 31 July 2012 - 03:49 PM

Truly I did the best I could with the reports. Sectioned to follow with:


= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

When I downloaded Defogger I folowed instructions:

click on the
Disable button to disable your CD Emulation drivers...


click
on the Yes button to continue...

see a Finished! message. Click on
the OK button to exit the program.

untill,

If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

it "Defogger" never asked to reboot.


Here is a copy of the report generated:

.............

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:16 on 31/07/2012 (Robert)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
.............

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

Please forgive me for not zipping this first file.
Both "DDS - Notepad" and "Attach - Notepad" showed up as files on the bottom line of my screen but nowhere else on my system. I have no idea as to why. I didn't want to risk loosing the information so I did a copy and past into here to insure keeping the info.

As I suspected, Malwarebytes' kept popping up screens saying this file or that file was dangerous whatever ~~ anyway I missed saving the two files to the desktop. So, I'm glad I saved them here.



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
Apple Application Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
C-Media 3D Audio
Dazzle MovieStar 5
EASEUS Data Recovery Wizard Free Edition 5.0.1
EASEUS Partition Recovery 5.0.1
ewido anti-spyware 4.0
Google Update Helper
HijackThis 1.99.1
HLPCCTR
Intel® Network Connections Drivers
Java Auto Updater
Java™ 6 Update 23
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
QuickTime
RealUpgrade 1.1
Spybot - Search & Destroy
Viewpoint Media Player
WebFldrs XP
Windows XP Service Pack 3
.
==== End Of File ===========================

.............

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Run by Robert at 12:31:45 on 2012-07-31
.
============== Pseudo HJT Report ===============
.
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert\application data\mozilla\firefox\profiles\nxwcprxv.default\
FF - prefs.js: browser.startup.homepage - hxxp://bigcharts.marketwatch.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6851a895-bb90-4084-8311-97a3165e2728%7D&mid=9f8d73e4728047d1b3bfd14acce4e9e6-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=ts025&v=11.1.0.12&lang=en&pr=sa&d=2012-07-10%2009%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112049&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 68d49a7a000000000000000c7661288c
FF - user.js: extensions.BabylonToolbar_i.hardId - 68d49a7a000000000000000c7661288c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15497
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:02:26
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R? ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MozillaMaintenance;Mozilla Maintenance Service
R? prwntdrv;prwntdrv
R? Psmanages;Protected Storage Manage Support
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
.
=============== File Associations ===============
.
inffile=%windir%\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-07-28 22:59:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 19:48:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:47:41 9216 ----a-w- c:\windows\system32\proxycfg.exe
2012-07-06 05:47:26 13824 ----a-w- c:\windows\system32\rexec.exe
2012-07-06 05:47:22 4608 ----a-w- c:\windows\system32\mqsvc.exe
2012-07-06 05:47:22 32256 ----a-w- c:\windows\system32\wpabaln.exe
2012-07-06 05:47:20 75776 ----a-w- c:\windows\system32\telnet.exe
2012-07-06 05:47:19 14848 ----a-w- c:\windows\system32\stimon.exe
2012-07-06 05:47:18 26112 ----a-w- c:\windows\system32\skeys.exe
2012-07-06 05:47:17 11264 ----a-w- c:\windows\system32\atmadm.exe
2012-07-06 05:47:13 21504 ----a-w- c:\windows\system32\rcp.exe
2012-07-06 05:47:09 16896 ----a-w- c:\windows\system32\upnpcont.exe
2012-07-06 05:47:00 23040 ----a-w- c:\windows\system32\setup.exe
2012-07-06 05:46:55 13824 ----a-w- c:\windows\system32\rdsaddin.exe
2012-07-06 05:46:50 109568 ----a-w- c:\windows\system32\progman.exe
2012-07-06 05:46:45 12288 ----a-w- c:\windows\system32\mstinit.exe
2012-07-06 05:46:41 7680 ----a-w- c:\windows\system32\forcedos.exe
2012-07-06 05:46:34 4096 ----a-w- c:\windows\system32\nddeapir.exe
2012-07-06 05:46:34 11264 ----a-w- c:\windows\system32\wpnpinst.exe
2012-07-06 05:46:32 13312 ----a-w- c:\windows\system32\savedump.exe
2012-07-06 05:46:31 4096 ----a-w- c:\windows\system32\actmovie.exe
2012-07-06 05:46:27 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2012-07-06 05:45:08 233472 ----a-w- c:\windows\system32\cmirmdrv.exe
2012-07-06 05:44:31 77824 ----a-w- c:\windows\system32\wmpstub.exe
2012-07-06 05:44:16 1458176 ----a-w- c:\windows\system\SmWizard.exe
2012-07-06 05:44:04 82944 ----a-w- c:\windows\system32\eventtriggers.exe
2012-07-06 05:42:59 16896 ----a-w- c:\windows\system32\tftp.exe
2012-07-06 05:41:54 4608 ----a-w- c:\windows\system32\dllhst3g.exe
2012-07-06 05:41:49 13824 ----a-w- c:\windows\system32\convert.exe
2012-07-06 05:41:46 8192 ----a-w- c:\windows\system32\cidaemon.exe
2012-07-06 05:41:46 7680 ----a-w- c:\windows\system32\ckcnv.exe
2012-07-06 05:41:43 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-06 05:41:41 16896 ----a-w- c:\windows\system32\tsshutdn.exe
2012-07-06 05:41:40 5120 ----a-w- c:\windows\system32\bootvrfy.exe
2012-07-06 05:41:39 4608 ----a-w- c:\windows\system32\bootok.exe
2012-07-06 05:41:36 32256 ----a-w- c:\windows\system32\asr_ldm.exe
2012-07-06 05:41:08 16896 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-17 18:14:26 4142392 ----a-w- c:\windows\uninst.exe
.
============= FINISH: 12:35:24.89 ===============


= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

Attached Files

  • Attached File  ark.txt   28.9KB   1 downloads

Edited by Post, 01 August 2012 - 02:04 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:37 PM

Posted 05 August 2012 - 01:01 PM

Please run the following:

Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Edited by CatByte, 05 August 2012 - 01:02 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Post

Post
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 06 August 2012 - 12:31 AM

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

ComboFix has detected the following real time scanner(s) to be active:

antivirus: AVG Anti-Virus 2012

I'm sure I removed that a long time ago. Its not found under "All programs" or
in the control panel under "Add or Remove Programs".



Could it be finding an artifact, because even Search isn't turning up anything
after a 30 min search. I going to let it run its course but its taking a long,
long time. Ok, no soap but I'm going to check the Download sub-directory.


I found the install icon and have deleted it before clicking on "OK". I only
hope this completely removes the issue.

Again, thank you for all your help...

Robert / Post

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

ComboFix 12-08-05.02 - Robert 08/05/2012 23:03:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.900 [GMT -6:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spoolsv.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-03 23:50 . 2012-08-03 23:50 -------- d-----w- c:\windows\Spell Check Anywhere
2012-07-28 18:24 . 2012-07-28 18:24 -------- d-----w- c:\documents and settings\Robert\Application Data\Malwarebytes
2012-07-28 18:23 . 2012-07-28 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-28 18:23 . 2012-07-28 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 18:23 . 2012-07-03 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 17:46 . 2012-07-28 17:46 -------- d-----w- c:\program files\Google
2012-07-28 17:46 . 2012-07-28 17:46 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\Google
2012-07-28 17:46 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-28 17:46 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-28 17:46 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-28 17:46 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-28 17:46 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-28 17:46 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-28 17:46 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-28 17:46 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-28 17:45 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-28 17:45 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-28 17:44 . 2012-07-28 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-28 17:44 . 2012-07-28 17:44 -------- d-----w- c:\program files\AVAST Software
2012-07-27 19:48 . 2012-07-28 22:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 19:48 . 2012-07-27 19:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-10 15:37 . 2012-07-10 15:37 -------- d-----w- c:\documents and settings\Robert\Application Data\AVG Secure Search
2012-07-10 15:36 . 2012-07-10 15:37 -------- d-----w- c:\documents and settings\Robert\Application Data\FixCleaner
2012-07-10 15:36 . 2012-07-10 16:01 -------- d-----w- c:\program files\FixCleaner
2012-07-08 05:40 . 2012-07-08 05:40 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-08 05:40 . 2012-07-08 05:40 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 05:47 . 2001-08-23 12:00 9216 ----a-w- c:\windows\system32\proxycfg.exe
2012-07-06 05:47 . 2001-08-23 12:00 13824 ----a-w- c:\windows\system32\rexec.exe
2012-07-06 05:47 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2012-07-06 05:47 . 2001-08-23 12:00 32256 ----a-w- c:\windows\system32\wpabaln.exe
2012-07-06 05:47 . 2002-08-29 11:41 75776 ----a-w- c:\windows\system32\telnet.exe
2012-07-06 05:47 . 2001-08-23 12:00 14848 ----a-w- c:\windows\system32\stimon.exe
2012-07-06 05:47 . 2011-01-08 09:28 26112 ----a-w- c:\windows\system32\skeys.exe
2012-07-06 05:47 . 2001-08-23 12:00 11264 ----a-w- c:\windows\system32\atmadm.exe
2012-07-06 05:47 . 2001-08-23 12:00 21504 ----a-w- c:\windows\system32\rcp.exe
2012-07-06 05:47 . 2001-08-23 12:00 16896 ----a-w- c:\windows\system32\upnpcont.exe
2012-07-06 05:47 . 2011-01-08 09:28 23040 ----a-w- c:\windows\system32\setup.exe
2012-07-06 05:46 . 2011-01-08 09:28 13824 ----a-w- c:\windows\system32\rdsaddin.exe
2012-07-06 05:46 . 2001-08-23 12:00 109568 ----a-w- c:\windows\system32\progman.exe
2012-07-06 05:46 . 2011-01-08 09:28 12288 ----a-w- c:\windows\system32\mstinit.exe
2012-07-06 05:46 . 2001-08-23 12:00 7680 ----a-w- c:\windows\system32\forcedos.exe
2012-07-06 05:46 . 2001-08-23 12:00 4096 ----a-w- c:\windows\system32\nddeapir.exe
2012-07-06 05:46 . 2001-08-23 12:00 11264 ----a-w- c:\windows\system32\wpnpinst.exe
2012-07-06 05:46 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\savedump.exe
2012-07-06 05:46 . 2001-08-23 12:00 4096 ----a-w- c:\windows\system32\actmovie.exe
2012-07-06 05:46 . 2008-04-14 13:42 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2012-07-06 05:45 . 2012-01-11 20:24 233472 ----a-w- c:\windows\system32\cmirmdrv.exe
2012-07-06 05:44 . 2011-01-08 09:28 77824 ----a-w- c:\windows\system32\wmpstub.exe
2012-07-06 05:44 . 2012-01-11 20:25 1458176 ----a-w- c:\windows\system\SmWizard.exe
2012-07-06 05:44 . 2001-08-23 12:00 82944 ----a-w- c:\windows\system32\eventtriggers.exe
2012-07-06 05:43 . 2001-08-23 12:00 30208 ----a-w- c:\windows\system32\ddeshare.exe
2012-07-06 05:43 . 2011-01-08 19:56 35328 ----a-w- c:\windows\pchealth\HELPCTR\Binaries\notiflag.exe
2012-07-06 05:43 . 2011-01-08 19:55 5632 ----a-w- c:\windows\system32\write.exe
2012-07-06 05:43 . 2001-08-23 12:00 40448 ----a-w- c:\windows\system32\osuninst.exe
2012-07-06 05:43 . 2001-08-17 22:37 69632 ----a-w- c:\windows\system32\usrshuta.exe
2012-07-06 05:43 . 2001-08-17 22:37 61440 ----a-w- c:\windows\system32\usrprbda.exe
2012-07-06 05:43 . 2001-08-17 22:37 77824 ----a-w- c:\windows\system32\usrmlnka.exe
2012-07-06 05:43 . 2001-08-23 12:00 15360 ----a-w- c:\windows\system32\pentnt.exe
2012-07-06 05:43 . 2001-08-23 12:00 51712 ----a-w- c:\windows\system32\migpwd.exe
2012-07-06 05:43 . 2001-08-23 12:00 14848 ----a-w- c:\windows\system32\rsh.exe
2012-07-06 05:43 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\cliconfg.exe
2012-07-06 05:43 . 2001-08-23 12:00 11776 ----a-w- c:\windows\system32\winmsd.exe
2012-07-06 05:43 . 2001-08-23 12:00 25600 ----a-w- c:\windows\twunk_32.exe
2012-07-06 05:43 . 2001-08-23 12:00 31744 ----a-w- c:\windows\system32\tracert6.exe
2012-07-06 05:43 . 2001-08-23 12:00 15872 ----a-w- c:\windows\system32\dmremote.exe
2012-07-06 05:42 . 2001-08-23 12:00 16896 ----a-w- c:\windows\system32\tftp.exe
2012-07-06 05:42 . 2001-08-23 12:00 19456 ----a-w- c:\windows\system32\tcpsvcs.exe
2012-07-06 05:42 . 2001-08-23 12:00 15360 ----a-w- c:\windows\system32\taskman.exe
2012-07-06 05:42 . 2001-08-23 12:00 51200 ----a-w- c:\windows\system32\syncapp.exe
2012-07-06 05:42 . 2011-01-08 19:54 13312 ----a-w- c:\windows\system32\wbem\winmgmt.exe
2012-07-06 05:42 . 2001-08-23 12:00 49152 ----a-w- c:\windows\system32\rsmui.exe
2012-07-06 05:42 . 2001-08-23 12:00 24576 ----a-w- c:\windows\system32\rsmsink.exe
2012-07-06 05:42 . 2001-08-23 12:00 49152 ----a-w- c:\windows\system32\rsm.exe
2012-07-06 05:42 . 2001-08-23 12:00 25600 ----a-w- c:\windows\system32\routemon.exe
2012-07-06 05:42 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\regwiz.exe
2012-07-06 05:42 . 2001-08-23 12:00 3584 ----a-w- c:\windows\system32\regedt32.exe
2012-07-06 05:42 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\ping6.exe
2012-07-06 05:42 . 2001-08-23 12:00 126464 ----a-w- c:\windows\system32\nwscript.exe
2012-07-06 05:42 . 2001-08-23 12:00 31744 ----a-w- c:\windows\system32\ntsd.exe
2012-07-06 05:42 . 2001-08-23 12:00 6656 ----a-w- c:\windows\system32\msswchx.exe
2012-07-06 05:42 . 2011-01-08 11:46 15360 ----a-w- c:\windows\TASKMAN.EXE
2012-07-06 05:42 . 2011-01-08 19:54 33792 ----a-w- c:\windows\system32\regini.exe
2012-07-06 05:42 . 2001-08-23 12:00 6144 ----a-w- c:\windows\system32\lpq.exe
2012-07-06 05:42 . 2001-08-23 12:00 8192 ----a-w- c:\windows\system32\lpr.exe
2012-07-06 05:42 . 2001-08-23 12:00 29696 ----a-w- c:\windows\system32\lights.exe
2012-07-06 05:42 . 2001-08-23 12:00 44032 ----a-w- c:\windows\system32\ipsec6.exe
2012-07-06 05:42 . 2001-08-23 12:00 45568 ----a-w- c:\windows\system32\drwtsn32.exe
2012-07-06 05:41 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\dllhst3g.exe
2012-07-06 05:41 . 2001-08-23 12:00 13824 ----a-w- c:\windows\system32\convert.exe
2012-07-06 05:41 . 2001-08-23 12:00 8192 ----a-w- c:\windows\system32\cidaemon.exe
2012-07-06 05:41 . 2001-08-23 12:00 7680 ----a-w- c:\windows\system32\ckcnv.exe
2012-07-06 05:41 . 2012-02-17 18:17 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-06 05:41 . 2011-01-08 19:54 16896 ----a-w- c:\windows\system32\tsshutdn.exe
2012-07-06 05:41 . 2001-08-23 12:00 5120 ----a-w- c:\windows\system32\bootvrfy.exe
2012-07-06 05:41 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\bootok.exe
2012-07-06 05:41 . 2001-08-23 12:00 32256 ----a-w- c:\windows\system32\asr_ldm.exe
2012-07-06 05:41 . 2011-01-08 19:54 16896 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2012-07-06 05:38 . 2011-01-08 09:28 18432 ----a-w- c:\windows\system32\ups.exe
2012-07-06 05:38 . 2011-01-08 09:29 73216 ----a-w- c:\windows\system32\tlntsvr.exe
2012-07-06 05:38 . 2011-01-08 09:28 89600 ----a-w- c:\windows\system32\smlogsvc.exe
2012-07-06 05:38 . 2001-08-23 12:00 95744 ----a-w- c:\windows\system32\scardsvr.exe
2012-07-06 05:38 . 2001-08-23 12:00 132608 ----a-w- c:\windows\system32\rsvp.exe
2012-07-06 05:38 . 2011-01-08 19:54 141312 ----a-w- c:\windows\system32\sessmgr.exe
2012-07-06 05:38 . 2011-01-08 09:28 111104 ----a-w- c:\windows\system32\netdde.exe
2012-07-06 05:38 . 2011-01-08 19:56 32768 ----a-w- c:\windows\system32\mnmsrvc.exe
2012-07-06 05:38 . 2011-01-08 09:28 150528 ----a-w- c:\windows\system32\imapi.exe
2012-07-06 05:38 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\clipsrv.exe
2012-07-06 05:38 . 2001-08-23 12:00 224768 ----a-w- c:\windows\system32\dmadmin.exe
2012-07-06 05:38 . 2001-08-23 12:00 5632 ----a-w- c:\windows\system32\cisvc.exe
2012-07-06 05:38 . 2002-08-29 11:41 146432 ------w- c:\windows\regedit.exe
2012-07-06 05:38 . 2011-01-08 10:07 13824 ----a-w- c:\windows\system32\wscntfy.exe
2012-07-06 05:38 . 2011-01-29 06:07 65536 ----a-w- c:\windows\wanmpsvc.exe
2012-06-17 18:14 . 2012-06-17 18:16 4142392 ----a-w- c:\windows\uninst.exe
2012-07-19 21:41 . 2012-05-25 17:45 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-06 . ED877BA2E645B2BA67BED88BFA3B0336 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-14 . 767C78C8F10EE2D66E3899D12D3A001E . 65024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . FA3F98C2044902FDB864AC065126DF4B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
.
[-] 2012-07-06 . 24D35D4D49B6022A5433124A5F9BF733 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 24D35D4D49B6022A5433124A5F9BF733 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2002-08-29 . 1A295C9CD125081DC8075F5256DD5D4B . 29184 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . B516F82688F68AF669E5EC73585A23AB . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 34103FF33E1717A930A1DE3475982DC4 . 1040896 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-08-29 . 7FE0D25AC6EA8D5F2B535683B12F4A23 . 1011200 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2012-07-06 . A821B1D2C96C2A0CF4870199F7965C88 . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . DA5DBD2A0B69089A202F7287D2DA4E6C . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2002-08-29 . C3CC841147F118C78743F2FDECB91714 . 141312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2012-07-06 . A4833C0AA7FFC553BE677B9C5A8FA129 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 . 1BE484DD7DA493630808220BF4B24249 . 22528 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . D459F2A955DDC55572402EE0BB1FED73 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2012-07-06 . 55B85B6A88AC6D42DB875B969B1302DF . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . 78D97BDF73383EE515FFFE28DE628833 . 20992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
.
[-] 2012-07-06 . 59C459C622662B0A357F0DCDC000F0DB . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2002-08-29 . A8D1A4739C3074E04DF2CED8EFE41E63 . 98304 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"RunSpellCheckAnywhere"="c:\program files\Spell Check Anywhere\sastarter.exe" [2009-04-23 73728]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\WINDOWS\\System32\\wbem\\wmiprvse.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/28/2012 11:46 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/28/2012 11:46 AM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/28/2012 11:46 AM 21256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/28/2012 12:23 PM 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/28/2012 12:23 PM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2012 11:46 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2012 11:46 AM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/25/2012 11:46 AM 113120]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [1/8/2011 7:23 PM 13064]
S4 Psmanages;Protected Storage Manage Support;"c:\windows\system\smsc.exe" --> c:\windows\system\smsc.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-28 16:21]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-28 17:46]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-28 17:46]
.
2012-08-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-12-14 22:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bigcharts.com/
TCP: DhcpNameServer = 192.168.0.1 205.171.2.65
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\nxwcprxv.default\
FF - prefs.js: browser.startup.homepage - hxxp://bigcharts.marketwatch.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6851a895-bb90-4084-8311-97a3165e2728%7D&mid=9f8d73e4728047d1b3bfd14acce4e9e6-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=ts025&v=11.1.0.12&lang=en&pr=sa&d=2012-07-10%2009%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112049&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 68d49a7a000000000000000c7661288c
FF - user.js: extensions.BabylonToolbar_i.hardId - 68d49a7a000000000000000c7661288c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15497
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:02
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-C-Media Audio - c:\windows\CMIUnInstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 23:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-05 23:16:29
ComboFix-quarantined-files.txt 2012-08-06 05:16
.
Pre-Run: 108,968,083,456 bytes free
Post-Run: 109,083,713,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=signature(2ea02ea)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
signature(2ea02ea)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 0FB5A1E1D55CECF02A26DF1A8E616A90


= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:37 PM

Posted 06 August 2012 - 07:47 AM

There are a few infected core files that we need to find replacements for, please run the following:



Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run. Please RENAME this log to FFS1.txt as we have to re-run the tool and the info doesn't append, it overwrites
  • Please copy and paste the log to your reply.

NEXT


Please re-run Farbar Service Scanner.
Type the following in the edit box after "Search:".

spoolsv.exe;userinit.exe;explorer.exe;regedit.exe;ctfmon.exe;wscntfy.exe;iexplore.exe

Click Search Files button and post the log (FSS.txt) it makes to your reply.


NEXT


go to Start > Control panel >add/remove programs > scroll down to see if you can find an entry there called "Babylon Toolbar", if it is there, REMOVE it.

let me know if you find it

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Post

Post
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 06 August 2012 - 04:13 PM

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

I checked. There is no "Babylon Toolbar" in the Add or Remove Programs.

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =


FFS1.txt


Farbar Service Scanner Version: 06-08-2012
Ran by Robert (administrator) on 06-08-2012 at 14:59:18
Running from "C:\Documents and Settings\Robert\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B0000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =


= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =


Farbar Service Scanner Version: 06-08-2012
Ran by Robert (administrator) on 06-08-2012 at 15:03:28
Microsoft Windows XP Service Pack 3 (X86)

************************************************
======== Search: "spoolsv.exe;userinit.exe;explorer.exe;regedit.exe;ctfmon.exe;wscntfy.exe;iexplore.exe" =========

C:\WINDOWS\explorer.exe
[2011-01-08 03:28] - [2008-04-14 07:42] - 1033728 ____A (Microsoft Corporation) B516F82688F68AF669E5EC73585A23AB

C:\WINDOWS\regedit.exe
[2002-08-29 05:41] - [2012-07-05 23:38] - 0146432 ____N (Microsoft Corporation) A821B1D2C96C2A0CF4870199F7965C88

C:\WINDOWS\system32\ctfmon.exe
[2011-01-08 03:28] - [2008-04-14 07:42] - 0015360 ____A (Microsoft Corporation) D459F2A955DDC55572402EE0BB1FED73

C:\WINDOWS\system32\spoolsv.exe
[2001-08-23 06:00] - [2008-04-14 07:42] - 0057856 ____A (Microsoft Corporation) FA3F98C2044902FDB864AC065126DF4B

C:\WINDOWS\system32\userinit.exe
[2001-08-23 06:00] - [2008-04-14 07:42] - 0026112 ____A (Microsoft Corporation) 24D35D4D49B6022A5433124A5F9BF733

C:\WINDOWS\system32\wscntfy.exe
[2011-01-08 04:07] - [2012-07-05 23:38] - 0013824 ____A (Microsoft Corporation) 55B85B6A88AC6D42DB875B969B1302DF

C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2011-01-08 03:29] - [2008-04-14 07:42] - 0022528 ____N () 1BE484DD7DA493630808220BF4B24249

C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2011-01-08 03:29] - [2008-04-14 07:42] - 1040896 ____N () 34103FF33E1717A930A1DE3475982DC4

C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2011-01-08 03:29] - [2012-07-05 23:44] - 0093184 ____A (Microsoft Corporation) 59C459C622662B0A357F0DCDC000F0DB

C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2002-08-29 05:41] - [2008-04-14 07:42] - 0153600 ____N () DA5DBD2A0B69089A202F7287D2DA4E6C

C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2011-01-08 04:06] - [2008-04-14 07:42] - 0065024 ____N () 767C78C8F10EE2D66E3899D12D3A001E

C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011-01-08 03:29] - [2012-07-05 23:43] - 0026112 ____A (Microsoft Corporation) 24D35D4D49B6022A5433124A5F9BF733

C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
[2011-01-08 04:07] - [2008-04-14 07:42] - 0020992 ____N () 78D97BDF73383EE515FFFE28DE628833

C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2011-01-08 04:04] - [2012-07-05 23:46] - 0013312 ___AC (Microsoft Corporation) A4833C0AA7FFC553BE677B9C5A8FA129

C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2011-01-08 04:04] - [2002-08-29 05:41] - 1011200 ____C () 7FE0D25AC6EA8D5F2B535683B12F4A23

C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
[2011-01-08 04:04] - [2002-08-29 05:41] - 0098304 ____C () A8D1A4739C3074E04DF2CED8EFE41E63

C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2011-01-08 04:04] - [2002-08-29 05:41] - 0141312 ____C () C3CC841147F118C78743F2FDECB91714

C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2011-01-08 04:03] - [2012-07-05 23:41] - 0051200 ___AC (Microsoft Corporation) ED877BA2E645B2BA67BED88BFA3B0336

C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2011-01-08 04:03] - [2002-08-29 05:41] - 0029184 ____C () 1A295C9CD125081DC8075F5256DD5D4B

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012-07-28 12:23] - [2012-07-03 13:46] - 0217672 ____A () 8A7F34F0BBD076EC3815680A7309114F

C:\Program Files\Internet Explorer\iexplore.exe
[2011-01-08 03:28] - [2012-07-05 23:38] - 0093184 ____A (Microsoft Corporation) 59C459C622662B0A357F0DCDC000F0DB

====== End Of Search ======

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:37 PM

Posted 06 August 2012 - 04:43 PM

do you have access to your installation disk?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Post

Post
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 07 August 2012 - 01:57 PM

Posted Yesterday, 03:43 PM
do you have access to your installation disk?

Not for a long time now. It use to be in the pile of originals we
keep in the closet. I've only been able to find, maybe half of them.

So, no. I'm unable to find the original CD.

Are there any suggestions you can offer?

Robert / Post

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:37 PM

Posted 07 August 2012 - 02:56 PM

reinstall SP3 over top of the installation that you have

then re-run ComboFix to see if it can replace the infected files

download SP3 from the following link, (it says IT pro version, but it is fine for you)

http://www.microsoft.com/en-us/download/details.aspx?id=24

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Post

Post
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 08 August 2012 - 03:55 PM

Ok, that seemed to go well. I looked, didn't scour but looked at the report... Can you tell me, thumb-nail what it said? And would you tell me what books I can read to gain understand as to what the report is saying? I'll do the work, the reading, just point me in the right direction, please.

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

ComboFix 12-08-05.02 - Robert 08/08/2012 14:30:20.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1029 [GMT -6:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 19:53 . 2008-04-14 11:42 73728 ------w- c:\program files\Windows Media Player\wmplayer.exe
2012-08-08 19:53 . 2008-04-14 11:42 774144 ------w- c:\program files\Windows Media Player\setup_wm.exe
2012-08-08 19:53 . 2008-04-14 11:42 4639 ------w- c:\program files\Windows Media Player\mplayer2.exe
2012-08-08 19:53 . 2008-04-14 11:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-08-08 19:53 . 2008-04-14 11:42 218112 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2012-08-08 19:53 . 2008-04-14 11:42 123392 ------w- c:\windows\system32\mplay32.exe
2012-08-08 19:52 . 2006-12-29 06:31 19569 ----a-w- c:\windows\000002_.tmp
2012-08-03 23:50 . 2012-08-03 23:50 -------- d-----w- c:\windows\Spell Check Anywhere
2012-07-28 18:24 . 2012-07-28 18:24 -------- d-----w- c:\documents and settings\Robert\Application Data\Malwarebytes
2012-07-28 18:23 . 2012-07-28 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-28 18:23 . 2012-07-28 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 18:23 . 2012-07-03 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 17:46 . 2012-07-28 17:46 -------- d-----w- c:\program files\Google
2012-07-28 17:46 . 2012-07-28 17:46 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\Google
2012-07-28 17:46 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-28 17:46 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-28 17:46 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-28 17:46 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-28 17:46 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-28 17:46 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-28 17:46 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-28 17:46 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-28 17:45 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-28 17:45 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-28 17:44 . 2012-07-28 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-28 17:44 . 2012-07-28 17:44 -------- d-----w- c:\program files\AVAST Software
2012-07-27 19:48 . 2012-07-28 22:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 19:48 . 2012-07-27 19:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-10 15:37 . 2012-07-10 15:37 -------- d-----w- c:\documents and settings\Robert\Application Data\AVG Secure Search
2012-07-10 15:36 . 2012-07-10 15:37 -------- d-----w- c:\documents and settings\Robert\Application Data\FixCleaner
2012-07-10 15:36 . 2012-07-10 16:01 -------- d-----w- c:\program files\FixCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 05:45 . 2012-01-11 20:24 233472 ----a-w- c:\windows\system32\cmirmdrv.exe
2012-07-06 05:44 . 2011-01-08 09:28 77824 ----a-w- c:\windows\system32\wmpstub.exe
2012-07-06 05:44 . 2012-01-11 20:25 1458176 ----a-w- c:\windows\system\SmWizard.exe
2012-07-06 05:43 . 2011-01-08 19:56 35328 ----a-w- c:\windows\pchealth\HELPCTR\Binaries\notiflag.exe
2012-07-06 05:43 . 2011-01-08 19:55 5632 ----a-w- c:\windows\system32\write.exe
2012-07-06 05:43 . 2001-08-23 12:00 40448 ----a-w- c:\windows\system32\osuninst.exe
2012-07-06 05:43 . 2001-08-17 22:37 69632 ----a-w- c:\windows\system32\usrshuta.exe
2012-07-06 05:43 . 2001-08-17 22:37 61440 ----a-w- c:\windows\system32\usrprbda.exe
2012-07-06 05:43 . 2001-08-17 22:37 77824 ----a-w- c:\windows\system32\usrmlnka.exe
2012-07-06 05:43 . 2001-08-23 12:00 15360 ----a-w- c:\windows\system32\pentnt.exe
2012-07-06 05:43 . 2001-08-23 12:00 51712 ----a-w- c:\windows\system32\migpwd.exe
2012-07-06 05:43 . 2001-08-23 12:00 11776 ----a-w- c:\windows\system32\winmsd.exe
2012-07-06 05:43 . 2001-08-23 12:00 25600 ----a-w- c:\windows\twunk_32.exe
2012-07-06 05:43 . 2001-08-23 12:00 31744 ----a-w- c:\windows\system32\tracert6.exe
2012-07-06 05:42 . 2001-08-23 12:00 16896 ----a-w- c:\windows\system32\tftp.exe
2012-07-06 05:42 . 2001-08-23 12:00 19456 ----a-w- c:\windows\system32\tcpsvcs.exe
2012-07-06 05:42 . 2001-08-23 12:00 15360 ----a-w- c:\windows\system32\taskman.exe
2012-07-06 05:42 . 2001-08-23 12:00 51200 ----a-w- c:\windows\system32\syncapp.exe
2012-07-06 05:42 . 2011-01-08 19:54 13312 ----a-w- c:\windows\system32\wbem\winmgmt.exe
2012-07-06 05:42 . 2001-08-23 12:00 49152 ----a-w- c:\windows\system32\rsmui.exe
2012-07-06 05:42 . 2001-08-23 12:00 24576 ----a-w- c:\windows\system32\rsmsink.exe
2012-07-06 05:42 . 2001-08-23 12:00 49152 ----a-w- c:\windows\system32\rsm.exe
2012-07-06 05:42 . 2001-08-23 12:00 25600 ----a-w- c:\windows\system32\routemon.exe
2012-07-06 05:42 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\regwiz.exe
2012-07-06 05:42 . 2001-08-23 12:00 3584 ----a-w- c:\windows\system32\regedt32.exe
2012-07-06 05:42 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\ping6.exe
2012-07-06 05:42 . 2001-08-23 12:00 126464 ----a-w- c:\windows\system32\nwscript.exe
2012-07-06 05:42 . 2001-08-23 12:00 31744 ----a-w- c:\windows\system32\ntsd.exe
2012-07-06 05:42 . 2001-08-23 12:00 6656 ----a-w- c:\windows\system32\msswchx.exe
2012-07-06 05:42 . 2011-01-08 11:46 15360 ----a-w- c:\windows\TASKMAN.EXE
2012-07-06 05:42 . 2011-01-08 19:54 33792 ----a-w- c:\windows\system32\regini.exe
2012-07-06 05:42 . 2001-08-23 12:00 6144 ----a-w- c:\windows\system32\lpq.exe
2012-07-06 05:42 . 2001-08-23 12:00 8192 ----a-w- c:\windows\system32\lpr.exe
2012-07-06 05:42 . 2001-08-23 12:00 29696 ----a-w- c:\windows\system32\lights.exe
2012-07-06 05:42 . 2001-08-23 12:00 44032 ----a-w- c:\windows\system32\ipsec6.exe
2012-07-06 05:42 . 2001-08-23 12:00 45568 ----a-w- c:\windows\system32\drwtsn32.exe
2012-07-06 05:41 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\dllhst3g.exe
2012-07-06 05:41 . 2001-08-23 12:00 13824 ----a-w- c:\windows\system32\convert.exe
2012-07-06 05:41 . 2001-08-23 12:00 8192 ----a-w- c:\windows\system32\cidaemon.exe
2012-07-06 05:41 . 2001-08-23 12:00 7680 ----a-w- c:\windows\system32\ckcnv.exe
2012-07-06 05:41 . 2012-02-17 18:17 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-06 05:41 . 2011-01-08 19:54 16896 ----a-w- c:\windows\system32\tsshutdn.exe
2012-07-06 05:41 . 2001-08-23 12:00 5120 ----a-w- c:\windows\system32\bootvrfy.exe
2012-07-06 05:41 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\bootok.exe
2012-07-06 05:41 . 2001-08-23 12:00 32256 ----a-w- c:\windows\system32\asr_ldm.exe
2012-07-06 05:41 . 2011-01-08 19:54 16896 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2012-07-06 05:38 . 2001-08-23 12:00 132608 ----a-w- c:\windows\system32\rsvp.exe
2012-07-06 05:38 . 2011-01-29 06:07 65536 ----a-w- c:\windows\wanmpsvc.exe
2012-06-17 18:14 . 2012-06-17 18:16 4142392 ----a-w- c:\windows\uninst.exe
2012-06-02 21:19 . 2009-08-07 03:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2011-01-08 10:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2011-01-08 10:07 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2011-01-08 10:07 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2011-01-08 10:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2011-01-08 09:28 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2011-01-08 09:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2009-08-07 03:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2009-08-07 03:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2011-01-08 10:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2011-01-08 09:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-19 21:41 . 2012-05-25 17:45 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_05.12.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 13:42 . 2008-04-14 13:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2011-01-08 10:07 . 2008-04-14 11:42 13824 c:\windows\system32\wscntfy.exe
- 2011-01-08 10:07 . 2012-07-06 05:38 13824 c:\windows\system32\wscntfy.exe
- 2001-08-23 12:00 . 2012-07-06 05:46 11264 c:\windows\system32\wpnpinst.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 11264 c:\windows\system32\wpnpinst.exe
- 2001-08-23 12:00 . 2012-07-06 05:47 32256 c:\windows\system32\wpabaln.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 32256 c:\windows\system32\wpabaln.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 65024 c:\windows\system32\wextract.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 65024 c:\windows\system32\wextract.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 28672 c:\windows\system32\verclsid.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 50176 c:\windows\system32\utilman.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 50176 c:\windows\system32\utilman.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 26112 c:\windows\system32\userinit.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 26112 c:\windows\system32\userinit.exe
- 2011-01-08 09:28 . 2012-07-06 05:38 18432 c:\windows\system32\ups.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 18432 c:\windows\system32\ups.exe
- 2001-08-23 12:00 . 2012-07-06 05:47 16896 c:\windows\system32\upnpcont.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 16896 c:\windows\system32\upnpcont.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 60416 c:\windows\system32\tzchange.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 12288 c:\windows\system32\tracert.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 12288 c:\windows\system32\tracert.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 73216 c:\windows\system32\tlntsvr.exe
- 2011-01-08 09:29 . 2012-07-06 05:38 73216 c:\windows\system32\tlntsvr.exe
- 2002-08-29 11:41 . 2012-07-06 05:47 75776 c:\windows\system32\telnet.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 75776 c:\windows\system32\telnet.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 77824 c:\windows\system32\tasklist.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 77824 c:\windows\system32\tasklist.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 76288 c:\windows\system32\taskkill.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 76288 c:\windows\system32\taskkill.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 71680 c:\windows\system32\systeminfo.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 71680 c:\windows\system32\systeminfo.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 14848 c:\windows\system32\stimon.exe
- 2001-08-23 12:00 . 2012-07-06 05:47 14848 c:\windows\system32\stimon.exe
+ 2008-04-14 11:42 . 2008-04-14 11:42 20992 c:\windows\system32\spupdwxp.exe
+ 2011-01-08 10:04 . 2007-08-11 02:46 26488 c:\windows\system32\spupdsvc.exe
- 2011-01-08 10:04 . 2007-08-11 04:46 26488 c:\windows\system32\spupdsvc.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 57856 c:\windows\system32\spoolsv.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 57856 c:\windows\system32\spoolsv.exe
+ 2008-04-14 11:42 . 2008-04-14 11:42 11264 c:\windows\system32\spnpinst.exe
+ 2011-01-08 09:27 . 2007-08-11 02:46 17272 c:\windows\system32\spmsg.dll
- 2011-01-08 09:27 . 2007-08-11 04:46 17272 c:\windows\system32\spmsg.dll
+ 2012-08-08 19:54 . 2008-04-14 06:13 12800 c:\windows\system32\spiisupd.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 24576 c:\windows\system32\sort.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 24576 c:\windows\system32\sort.exe
+ 2012-08-06 20:40 . 2012-06-02 21:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-08-06 20:40 . 2012-06-02 21:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2012-08-08 19:54 . 2008-04-14 11:42 10752 c:\windows\system32\smtpapi.dll
- 2011-01-08 09:28 . 2012-07-06 05:38 89600 c:\windows\system32\smlogsvc.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 89600 c:\windows\system32\smlogsvc.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 73796 c:\windows\system32\slserv.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 32866 c:\windows\system32\slrundll.exe
- 2011-01-08 09:28 . 2012-07-06 05:47 26112 c:\windows\system32\skeys.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 26112 c:\windows\system32\skeys.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 70144 c:\windows\system32\sigverif.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 70144 c:\windows\system32\sigverif.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 19456 c:\windows\system32\shutdown.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 19456 c:\windows\system32\shutdown.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 77824 c:\windows\system32\shrpubw.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 77824 c:\windows\system32\shrpubw.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 32768 c:\windows\system32\setupn.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 23040 c:\windows\system32\setup.exe
- 2011-01-08 09:28 . 2012-07-06 05:47 23040 c:\windows\system32\setup.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 31232 c:\windows\system32\sethc.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 31232 c:\windows\system32\sethc.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 18944 c:\windows\system32\secedit.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 18944 c:\windows\system32\secedit.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 77312 c:\windows\system32\sdbinst.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 77312 c:\windows\system32\sdbinst.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 95744 c:\windows\system32\scardsvr.exe
- 2001-08-23 12:00 . 2012-07-06 05:38 95744 c:\windows\system32\scardsvr.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 13312 c:\windows\system32\savedump.exe
- 2001-08-23 12:00 . 2012-07-06 05:46 13312 c:\windows\system32\savedump.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 14336 c:\windows\system32\runonce.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 14336 c:\windows\system32\runonce.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 33280 c:\windows\system32\rundll32.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 33280 c:\windows\system32\rundll32.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 14848 c:\windows\system32\rsh.exe
- 2001-08-23 12:00 . 2012-07-06 05:43 14848 c:\windows\system32\rsh.exe
- 2001-08-23 12:00 . 2012-07-06 05:47 13824 c:\windows\system32\rexec.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 13824 c:\windows\system32\rexec.exe
+ 2012-08-08 19:52 . 2008-04-14 08:01 36352 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\intelppm.sys
+ 2012-08-08 19:52 . 2008-04-14 08:06 42368 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\AGP440.SYS
+ 2012-08-08 19:52 . 2008-04-14 08:06 37248 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\isapnp.sys
+ 2001-08-23 12:00 . 2008-04-14 11:42 11776 c:\windows\system32\regsvr32.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 11776 c:\windows\system32\regsvr32.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 50176 c:\windows\system32\reg.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 50176 c:\windows\system32\reg.exe
- 2011-01-08 09:28 . 2012-07-06 05:46 13824 c:\windows\system32\rdsaddin.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 13824 c:\windows\system32\rdsaddin.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 62976 c:\windows\system32\rdpclip.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 62976 c:\windows\system32\rdpclip.exe
- 2001-08-23 12:00 . 2012-07-06 05:47 21504 c:\windows\system32\rcp.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 21504 c:\windows\system32\rcp.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 56832 c:\windows\system32\rasphone.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 56832 c:\windows\system32\rasphone.exe
+ 2011-01-08 19:54 . 2008-04-14 11:42 19968 c:\windows\system32\qprocess.exe
- 2011-01-08 19:54 . 2008-04-14 13:42 19968 c:\windows\system32\qprocess.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 50176 c:\windows\system32\proquota.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 50176 c:\windows\system32\proquota.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 49152 c:\windows\system32\powercfg.exe
- 2011-01-08 10:07 . 2008-04-14 13:42 49152 c:\windows\system32\powercfg.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 17920 c:\windows\system32\ping.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 17920 c:\windows\system32\ping.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 15872 c:\windows\system32\perfmon.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 15872 c:\windows\system32\perfmon.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 67584 c:\windows\system32\openfiles.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 67584 c:\windows\system32\openfiles.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 69632 c:\windows\system32\odbcconf.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 69632 c:\windows\system32\odbcconf.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 32768 c:\windows\system32\odbcad32.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 32768 c:\windows\system32\odbcad32.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 76800 c:\windows\system32\nslookup.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 76800 c:\windows\system32\nslookup.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 15360 c:\windows\system32\npp\nppagent.exe
- 2011-01-08 09:28 . 2012-07-06 05:47 15360 c:\windows\system32\npp\nppagent.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 69120 c:\windows\system32\notepad.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 69120 c:\windows\system32\notepad.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 36864 c:\windows\system32\netstat.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 36864 c:\windows\system32\netstat.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 86016 c:\windows\system32\netsh.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 86016 c:\windows\system32\netsh.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 42496 c:\windows\system32\net.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 42496 c:\windows\system32\net.exe
- 2011-01-08 09:28 . 2012-07-06 05:46 12288 c:\windows\system32\mstinit.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 12288 c:\windows\system32\mstinit.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 78848 c:\windows\system32\msiexec.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 78848 c:\windows\system32\msiexec.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 29184 c:\windows\system32\mshta.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 29184 c:\windows\system32\mshta.exe
+ 2011-01-08 19:56 . 2008-04-14 11:42 32768 c:\windows\system32\mnmsrvc.exe
- 2011-01-08 19:56 . 2012-07-06 05:38 32768 c:\windows\system32\mnmsrvc.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 33792 c:\windows\system32\mmcperf.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 72704 c:\windows\system32\magnify.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 72704 c:\windows\system32\magnify.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 59392 c:\windows\system32\logman.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 59392 c:\windows\system32\logman.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 75264 c:\windows\system32\locator.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 75264 c:\windows\system32\locator.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 55808 c:\windows\system32\ipconfig.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 55808 c:\windows\system32\ipconfig.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 34304 c:\windows\system32\ie4uinit.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 34304 c:\windows\system32\ie4uinit.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 15872 c:\windows\system32\help.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 15872 c:\windows\system32\help.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 39424 c:\windows\system32\grpconv.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 39424 c:\windows\system32\grpconv.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 59904 c:\windows\system32\getmac.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 59904 c:\windows\system32\getmac.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 42496 c:\windows\system32\ftp.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 42496 c:\windows\system32\ftp.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 20992 c:\windows\system32\fontview.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 20992 c:\windows\system32\fontview.exe
- 2011-01-08 10:07 . 2008-04-14 13:42 23040 c:\windows\system32\fltmc.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 23040 c:\windows\system32\fltmc.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 27136 c:\windows\system32\findstr.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 27136 c:\windows\system32\findstr.exe
+ 2008-04-14 11:42 . 2008-04-14 11:42 20992 c:\windows\system32\faxpatch.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 24064 c:\windows\system32\extrac32.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 24064 c:\windows\system32\extrac32.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 82944 c:\windows\system32\eventtriggers.exe
- 2001-08-23 12:00 . 2012-07-06 05:44 82944 c:\windows\system32\eventtriggers.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 50688 c:\windows\system32\eventcreate.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 50688 c:\windows\system32\eventcreate.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 17920 c:\windows\system32\dvdupgrd.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 17920 c:\windows\system32\dvdupgrd.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 62976 c:\windows\system32\driverquery.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 62976 c:\windows\system32\driverquery.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 17920 c:\windows\system32\dpnsvr.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 17920 c:\windows\system32\dpnsvr.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 29696 c:\windows\system32\dplaysvr.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 29696 c:\windows\system32\dplaysvr.exe
- 2001-08-23 12:00 . 2012-07-06 05:43 15872 c:\windows\system32\dmremote.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 15872 c:\windows\system32\dmremote.exe
+ 2011-01-08 10:07 . 2012-06-02 21:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2011-01-08 09:28 . 2012-06-02 21:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 73728 c:\windows\system32\dllcache\wmplayer.exe
+ 2011-01-08 09:28 . 2012-06-02 21:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2011-01-08 09:28 . 2008-04-14 11:42 82944 c:\windows\system32\dfrgfat.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 82944 c:\windows\system32\dfrgfat.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 25088 c:\windows\system32\defrag.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 25088 c:\windows\system32\defrag.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 30208 c:\windows\system32\ddeshare.exe
- 2001-08-23 12:00 . 2012-07-06 05:43 30208 c:\windows\system32\ddeshare.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 15360 c:\windows\system32\ctfmon.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 15360 c:\windows\system32\ctfmon.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 63488 c:\windows\system32\cmstp.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 63488 c:\windows\system32\cmstp.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 39936 c:\windows\system32\cmmon32.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 39936 c:\windows\system32\cmmon32.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 25600 c:\windows\system32\cmdl32.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 25600 c:\windows\system32\cmdl32.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 33280 c:\windows\system32\clipsrv.exe
- 2001-08-23 12:00 . 2012-07-06 05:38 33280 c:\windows\system32\clipsrv.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 20480 c:\windows\system32\cliconfg.exe
- 2001-08-23 12:00 . 2012-07-06 05:43 20480 c:\windows\system32\cliconfg.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 64000 c:\windows\system32\cleanmgr.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 64000 c:\windows\system32\cleanmgr.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 56832 c:\windows\system32\cipher.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 56832 c:\windows\system32\cipher.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 19968 c:\windows\system32\cacls.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 19968 c:\windows\system32\cacls.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 71680 c:\windows\system32\blastcln.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 14336 c:\windows\system32\auditusr.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 12288 c:\windows\system32\attrib.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 12288 c:\windows\system32\attrib.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 11264 c:\windows\system32\atmadm.exe
- 2001-08-23 12:00 . 2012-07-06 05:47 11264 c:\windows\system32\atmadm.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 25088 c:\windows\system32\at.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 25088 c:\windows\system32\at.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 32768 c:\windows\system32\asr_pfu.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 44544 c:\windows\system32\alg.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 44544 c:\windows\system32\alg.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 32866 c:\windows\slrundll.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 30720 c:\windows\ServicePackFiles\i386\xcopy.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 13824 c:\windows\ServicePackFiles\i386\wscntfy.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 11264 c:\windows\ServicePackFiles\i386\wpnpinst.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 32256 c:\windows\ServicePackFiles\i386\wpabaln.exe
- 2011-01-08 09:29 . 2012-07-06 05:44 65024 c:\windows\ServicePackFiles\i386\wextract.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 65024 c:\windows\ServicePackFiles\i386\wextract.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 30208 c:\windows\ServicePackFiles\i386\wabmig.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 46080 c:\windows\ServicePackFiles\i386\wab.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 28672 c:\windows\ServicePackFiles\i386\verclsid.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 50176 c:\windows\ServicePackFiles\i386\utilman.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 26112 c:\windows\ServicePackFiles\i386\userinit.exe
- 2011-01-08 09:29 . 2012-07-06 05:43 26112 c:\windows\ServicePackFiles\i386\userinit.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 18432 c:\windows\ServicePackFiles\i386\ups.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 16896 c:\windows\ServicePackFiles\i386\upnpcont.exe
- 2011-01-08 10:07 . 2012-07-06 05:43 60416 c:\windows\ServicePackFiles\i386\tzchange.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 60416 c:\windows\ServicePackFiles\i386\tzchange.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 12288 c:\windows\ServicePackFiles\i386\tracert.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 82944 c:\windows\ServicePackFiles\i386\tp4mon.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 73216 c:\windows\ServicePackFiles\i386\tlntsvr.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 78336 c:\windows\ServicePackFiles\i386\tlntsess.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 61440 c:\windows\ServicePackFiles\i386\tlntadmn.exe
- 2011-01-08 09:29 . 2012-07-06 05:41 61440 c:\windows\ServicePackFiles\i386\tlntadmn.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 75776 c:\windows\ServicePackFiles\i386\telnet.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 32827 c:\windows\ServicePackFiles\i386\tcptest.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 77824 c:\windows\ServicePackFiles\i386\tasklist.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 76288 c:\windows\ServicePackFiles\i386\taskkill.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 71680 c:\windows\ServicePackFiles\i386\sysinfo.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 14336 c:\windows\ServicePackFiles\i386\svchost.exe
- 2011-01-08 10:06 . 2012-07-06 05:47 14336 c:\windows\ServicePackFiles\i386\svchost.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 65601 c:\windows\ServicePackFiles\i386\stub_fpsrvwin.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 16449 c:\windows\ServicePackFiles\i386\stub_fpsrvadm.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 14848 c:\windows\ServicePackFiles\i386\stimon.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 14336 c:\windows\ServicePackFiles\i386\ssstars.scr
+ 2011-01-08 09:29 . 2008-04-14 11:42 18944 c:\windows\ServicePackFiles\i386\ssmyst.scr
- 2011-01-08 10:06 . 2012-07-06 05:41 47104 c:\windows\ServicePackFiles\i386\ssmypics.scr
+ 2011-01-08 10:06 . 2008-04-14 11:42 47104 c:\windows\ServicePackFiles\i386\ssmypics.scr
+ 2011-01-08 09:29 . 2008-04-14 11:42 20992 c:\windows\ServicePackFiles\i386\ssmarque.scr
+ 2011-01-08 09:29 . 2008-04-14 11:42 19968 c:\windows\ServicePackFiles\i386\ssbezier.scr
- 2011-01-08 09:29 . 2012-07-06 05:43 19968 c:\windows\ServicePackFiles\i386\ssbezier.scr
+ 2008-04-14 13:42 . 2008-04-14 11:42 20992 c:\windows\ServicePackFiles\i386\spupdwxp.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 57856 c:\windows\ServicePackFiles\i386\spoolsv.exe
+ 2008-04-14 13:42 . 2008-04-14 11:42 11264 c:\windows\ServicePackFiles\i386\spnpinst.exe
- 2008-04-14 13:42 . 2012-07-06 05:43 11264 c:\windows\ServicePackFiles\i386\spnpinst.exe
- 2011-01-08 09:29 . 2012-07-06 05:44 12800 c:\windows\ServicePackFiles\i386\spiisupd.exe
+ 2011-01-08 09:29 . 2008-04-14 06:13 12800 c:\windows\ServicePackFiles\i386\spiisupd.exe
- 2011-01-08 10:07 . 2012-07-06 05:41 24576 c:\windows\ServicePackFiles\i386\sort.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 24576 c:\windows\ServicePackFiles\i386\sort.exe
- 2011-01-08 09:29 . 2012-07-06 05:43 33280 c:\windows\ServicePackFiles\i386\snmp.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 33280 c:\windows\ServicePackFiles\i386\snmp.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 89600 c:\windows\ServicePackFiles\i386\smlogsvc.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 73796 c:\windows\ServicePackFiles\i386\slserv.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 32866 c:\windows\ServicePackFiles\i386\slrundll.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 26112 c:\windows\ServicePackFiles\i386\skeys.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 70144 c:\windows\ServicePackFiles\i386\sigverif.exe
- 2011-01-08 09:29 . 2012-07-06 05:45 70144 c:\windows\ServicePackFiles\i386\sigverif.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 19456 c:\windows\ServicePackFiles\i386\shutdown.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 16437 c:\windows\ServicePackFiles\i386\shtml.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 77824 c:\windows\ServicePackFiles\i386\shrpubw.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 45056 c:\windows\ServicePackFiles\i386\shmgrate.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 32768 c:\windows\ServicePackFiles\i386\setupn.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 73216 c:\windows\ServicePackFiles\i386\setup50.exe
- 2011-01-08 09:29 . 2012-07-06 05:42 23040 c:\windows\ServicePackFiles\i386\setup.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 23040 c:\windows\ServicePackFiles\i386\setup.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 31232 c:\windows\ServicePackFiles\i386\sethc.exe
- 2011-01-08 10:06 . 2012-07-06 05:43 31232 c:\windows\ServicePackFiles\i386\sethc.exe
- 2011-01-08 10:07 . 2012-07-06 05:44 18944 c:\windows\ServicePackFiles\i386\secedit.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 18944 c:\windows\ServicePackFiles\i386\secedit.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 77312 c:\windows\ServicePackFiles\i386\sdbinst.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 36352 c:\windows\ServicePackFiles\i386\scrcons.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 95744 c:\windows\ServicePackFiles\i386\scardsvr.exe
- 2011-01-08 10:07 . 2012-07-06 05:43 95744 c:\windows\ServicePackFiles\i386\scardsvr.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 13312 c:\windows\ServicePackFiles\i386\savedump.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 14336 c:\windows\ServicePackFiles\i386\runonce.exe
- 2011-01-08 09:29 . 2012-07-06 05:42 14336 c:\windows\ServicePackFiles\i386\runonce.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 33280 c:\windows\ServicePackFiles\i386\rundll32.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 77312 c:\windows\ServicePackFiles\i386\rtcshare.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 14848 c:\windows\ServicePackFiles\i386\rsh.exe
- 2011-01-08 10:06 . 2012-07-06 05:46 14848 c:\windows\ServicePackFiles\i386\rsh.exe
- 2011-01-08 10:07 . 2012-07-06 05:42 13824 c:\windows\ServicePackFiles\i386\rexec.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 13824 c:\windows\ServicePackFiles\i386\rexec.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 11776 c:\windows\ServicePackFiles\i386\regsvr32.exe
+ 2007-06-28 02:27 . 2007-06-28 00:27 11264 c:\windows\ServicePackFiles\i386\regsvcs.exe
- 2007-06-28 02:27 . 2012-07-06 05:43 28672 c:\windows\ServicePackFiles\i386\regasm.exe
+ 2007-06-28 02:27 . 2007-06-28 00:27 28672 c:\windows\ServicePackFiles\i386\regasm.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 50176 c:\windows\ServicePackFiles\i386\reg.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 67072 c:\windows\ServicePackFiles\i386\rdshost.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 13824 c:\windows\ServicePackFiles\i386\rdsaddin.exe
- 2011-01-08 09:29 . 2012-07-06 05:43 13824 c:\windows\ServicePackFiles\i386\rdsaddin.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 62976 c:\windows\ServicePackFiles\i386\rdpclip.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 21504 c:\windows\ServicePackFiles\i386\rcp.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 35840 c:\windows\ServicePackFiles\i386\rcimlby.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 56832 c:\windows\ServicePackFiles\i386\rasphone.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 19968 c:\windows\ServicePackFiles\i386\qprocess.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 50176 c:\windows\ServicePackFiles\i386\proquota.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 49152 c:\windows\ServicePackFiles\i386\powercfg.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 17920 c:\windows\ServicePackFiles\i386\ping.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 15872 c:\windows\ServicePackFiles\i386\perfmon.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 58368 c:\windows\ServicePackFiles\i386\packager.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 67584 c:\windows\ServicePackFiles\i386\opnfiles.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 51200 c:\windows\ServicePackFiles\i386\oobebaln.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 60416 c:\windows\ServicePackFiles\i386\oemig50.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 69632 c:\windows\ServicePackFiles\i386\odbcconf.exe
- 2011-01-08 09:29 . 2012-07-06 05:44 32768 c:\windows\ServicePackFiles\i386\odbcad32.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 32768 c:\windows\ServicePackFiles\i386\odbcad32.exe
- 2011-01-08 10:07 . 2012-07-06 05:43 76800 c:\windows\ServicePackFiles\i386\nslookup.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 76800 c:\windows\ServicePackFiles\i386\nslookup.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 15360 c:\windows\ServicePackFiles\i386\nppagent.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 69120 c:\windows\ServicePackFiles\i386\notepad.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 36864 c:\windows\ServicePackFiles\i386\netstat.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 86016 c:\windows\ServicePackFiles\i386\netsh.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 42496 c:\windows\ServicePackFiles\i386\net.exe
- 2011-01-08 09:29 . 2012-07-06 05:45 42496 c:\windows\ServicePackFiles\i386\net.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 53760 c:\windows\ServicePackFiles\i386\narrator.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 90624 c:\windows\ServicePackFiles\i386\muisetup.exe
- 2011-01-08 09:29 . 2012-07-06 05:44 90624 c:\windows\ServicePackFiles\i386\muisetup.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 12288 c:\windows\ServicePackFiles\i386\mstinit.exe
- 2011-01-08 09:29 . 2012-07-06 05:47 12288 c:\windows\ServicePackFiles\i386\mstinit.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 29184 c:\windows\ServicePackFiles\i386\msoobe.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 40960 c:\windows\ServicePackFiles\i386\msiregmv.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 60416 c:\windows\ServicePackFiles\i386\msimn.exe
- 2011-01-08 09:29 . 2012-07-06 05:44 78848 c:\windows\ServicePackFiles\i386\msiexec.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 78848 c:\windows\ServicePackFiles\i386\msiexec.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 29184 c:\windows\ServicePackFiles\i386\mshta.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 19968 c:\windows\ServicePackFiles\i386\mqbkup.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 16384 c:\windows\ServicePackFiles\i386\mofcomp.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 32768 c:\windows\ServicePackFiles\i386\mnmsrvc.exe
- 2011-01-08 10:07 . 2012-07-06 05:44 33792 c:\windows\ServicePackFiles\i386\mmcperf.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 33792 c:\windows\ServicePackFiles\i386\mmcperf.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 57344 c:\windows\ServicePackFiles\i386\makecab.exe
- 2011-01-08 10:07 . 2012-07-06 05:44 72704 c:\windows\ServicePackFiles\i386\magnify.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 72704 c:\windows\ServicePackFiles\i386\magnify.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 13312 c:\windows\ServicePackFiles\i386\lsass.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 59392 c:\windows\ServicePackFiles\i386\logman.exe
- 2011-01-08 10:07 . 2012-07-06 05:44 59392 c:\windows\ServicePackFiles\i386\logman.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 75264 c:\windows\ServicePackFiles\i386\locator.exe
- 2011-01-08 10:07 . 2012-07-06 05:45 75264 c:\windows\ServicePackFiles\i386\locator.exe
- 2011-01-08 09:29 . 2012-07-06 05:46 44032 c:\windows\ServicePackFiles\i386\lang\tintlphr.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 44032 c:\windows\ServicePackFiles\i386\lang\tintlphr.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 70144 c:\windows\ServicePackFiles\i386\lang\pintlphr.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 59392 c:\windows\ServicePackFiles\i386\lang\imscinst.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 57399 c:\windows\ServicePackFiles\i386\lang\cplexe.exe
+ 2007-06-28 02:24 . 2007-06-28 00:24 40960 c:\windows\ServicePackFiles\i386\jsc.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 23552 c:\windows\ServicePackFiles\i386\ipxroute.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 53248 c:\windows\ServicePackFiles\i386\ipv6.exe
- 2011-01-08 09:29 . 2012-07-06 05:42 53248 c:\windows\ServicePackFiles\i386\ipv6.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 55808 c:\windows\ServicePackFiles\i386\ipconfig.exe
- 2007-06-28 02:24 . 2012-07-06 05:44 24576 c:\windows\ServicePackFiles\i386\installutil.exe
+ 2007-06-28 02:24 . 2007-06-28 00:24 24576 c:\windows\ServicePackFiles\i386\installutil.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 20480 c:\windows\ServicePackFiles\i386\inetwiz.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 15360 c:\windows\ServicePackFiles\i386\inetin51.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 30720 c:\windows\ServicePackFiles\i386\iisrstas.exe
- 2011-01-08 09:29 . 2012-07-06 05:44 93184 c:\windows\ServicePackFiles\i386\iexplore.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 93184 c:\windows\ServicePackFiles\i386\iexplore.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 18432 c:\windows\ServicePackFiles\i386\iedw.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 34304 c:\windows\ServicePackFiles\i386\ie4uinit.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 24576 c:\windows\ServicePackFiles\i386\icwrmind.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 86016 c:\windows\ServicePackFiles\i386\icwconn2.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 18432 c:\windows\ServicePackFiles\i386\hscupd.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 10752 c:\windows\ServicePackFiles\i386\hh.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 15872 c:\windows\ServicePackFiles\i386\help.exe
- 2011-01-08 10:07 . 2012-07-06 05:47 15872 c:\windows\ServicePackFiles\i386\help.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 39424 c:\windows\ServicePackFiles\i386\grpconv.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 59904 c:\windows\ServicePackFiles\i386\getmac.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 42496 c:\windows\ServicePackFiles\i386\ftp.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 28728 c:\windows\ServicePackFiles\i386\fpsrvadm.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 20538 c:\windows\ServicePackFiles\i386\fpremadm.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 24632 c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 15120 c:\windows\ServicePackFiles\i386\fp98sadm.exe
- 2011-01-08 09:29 . 2012-07-06 05:42 20992 c:\windows\ServicePackFiles\i386\fontview.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 20992 c:\windows\ServicePackFiles\i386\fontview.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 23040 c:\windows\ServicePackFiles\i386\fltmc.exe
- 2011-01-08 10:06 . 2012-07-06 05:42 23040 c:\windows\ServicePackFiles\i386\fltmc.exe
- 2011-01-08 10:06 . 2012-07-06 05:42 27136 c:\windows\ServicePackFiles\i386\findstr.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 27136 c:\windows\ServicePackFiles\i386\findstr.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 20992 c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 24064 c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 82944 c:\windows\ServicePackFiles\i386\evtrig.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 92160 c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 24064 c:\windows\ServicePackFiles\i386\evntcmd.exe
- 2011-01-08 10:07 . 2012-07-06 05:42 24064 c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 50688 c:\windows\ServicePackFiles\i386\evcreate.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 17920 c:\windows\ServicePackFiles\i386\dvdupgrd.exe
- 2011-01-08 10:07 . 2012-07-06 05:42 17920 c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 10752 c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 62976 c:\windows\ServicePackFiles\i386\drvqry.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 83456 c:\windows\ServicePackFiles\i386\dpvsetup.exe
- 2011-01-08 09:29 . 2012-07-06 05:45 83456 c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 17920 c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 29696 c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 15872 c:\windows\ServicePackFiles\i386\dmremote.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 87040 c:\windows\ServicePackFiles\i386\diantz.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 82944 c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 25088 c:\windows\ServicePackFiles\i386\defrag.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 30208 c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 42496 c:\windows\ServicePackFiles\i386\davcdata.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 15360 c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 05:40 . 2008-04-14 03:40 49152 c:\windows\ServicePackFiles\i386\csc.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 27648 c:\windows\ServicePackFiles\i386\conime.exe
- 2011-01-08 09:29 . 2012-07-06 05:43 27648 c:\windows\ServicePackFiles\i386\conime.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 63488 c:\windows\ServicePackFiles\i386\cmstp.exe
- 2011-01-08 10:06 . 2012-07-06 05:43 63488 c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 39936 c:\windows\ServicePackFiles\i386\cmmon32.exe
- 2011-01-08 10:07 . 2012-07-06 05:45 39936 c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 25600 c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 33280 c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 20480 c:\windows\ServicePackFiles\i386\cliconfg.exe
- 2011-01-08 10:06 . 2012-07-06 05:44 20480 c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 64000 c:\windows\ServicePackFiles\i386\cleanmgr.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 56832 c:\windows\ServicePackFiles\i386\cipher.exe
+ 2007-06-28 02:23 . 2007-06-28 00:23 94208 c:\windows\ServicePackFiles\i386\caspol.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 19968 c:\windows\ServicePackFiles\i386\cacls.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 71680 c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 16439 c:\windows\ServicePackFiles\i386\author.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 14336 c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 12288 c:\windows\ServicePackFiles\i386\attrib.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 11264 c:\windows\ServicePackFiles\i386\atmadm.exe
- 2011-01-08 10:06 . 2012-07-06 05:47 11264 c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 25088 c:\windows\ServicePackFiles\i386\at.exe
- 2011-01-08 09:29 . 2012-07-06 05:42 25088 c:\windows\ServicePackFiles\i386\at.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 32768 c:\windows\ServicePackFiles\i386\asr_pfu.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 30208 c:\windows\ServicePackFiles\i386\asr_fmt.exe
+ 2008-04-14 05:40 . 2008-04-14 03:40 32768 c:\windows\ServicePackFiles\i386\aspnet_wp.exe
+ 2008-04-14 05:40 . 2008-04-14 03:40 32768 c:\windows\ServicePackFiles\i386\aspnet_state.exe
- 2008-04-14 05:40 . 2012-07-06 05:43 24576 c:\windows\ServicePackFiles\i386\aspnet_regiis.exe
+ 2008-04-14 05:40 . 2008-04-14 03:40 24576 c:\windows\ServicePackFiles\i386\aspnet_regiis.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 44544 c:\windows\ServicePackFiles\i386\alg.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 98304 c:\windows\ServicePackFiles\i386\ahui.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 16439 c:\windows\ServicePackFiles\i386\admin.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 18432 c:\windows\PCHEALTH\HELPCTR\Binaries\hscupd.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 58368 c:\windows\ehome\medctrro.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 5632 c:\windows\system32\winver.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 5632 c:\windows\system32\winver.exe
- 2008-04-14 13:42 . 2012-07-06 05:46 7680 c:\windows\system32\spdwnwxp.exe
+ 2008-04-14 13:42 . 2008-04-14 11:42 7680 c:\windows\system32\spdwnwxp.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 8192 c:\windows\system32\smbinst.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 9216 c:\windows\system32\scrnsave.scr
- 2011-01-08 09:28 . 2008-04-14 13:42 9216 c:\windows\system32\scrnsave.scr
+ 2012-08-08 19:54 . 2008-04-14 11:42 9728 c:\windows\system32\rwnh.dll
+ 2001-08-23 12:00 . 2008-04-14 11:42 9216 c:\windows\system32\proxycfg.exe
- 2001-08-23 12:00 . 2012-07-06 05:47 9216 c:\windows\system32\proxycfg.exe
- 2001-08-23 12:00 . 2012-07-06 05:46 4096 c:\windows\system32\nddeapir.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 4096 c:\windows\system32\nddeapir.exe
- 2011-01-08 19:54 . 2008-04-14 13:42 6144 c:\windows\system32\msdtc.exe
+ 2011-01-08 19:54 . 2008-04-14 11:42 6144 c:\windows\system32\msdtc.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 4608 c:\windows\system32\mqsvc.exe
- 2001-08-23 12:00 . 2012-07-06 05:47 4608 c:\windows\system32\mqsvc.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 7680 c:\windows\system32\forcedos.exe
- 2001-08-23 12:00 . 2012-07-06 05:46 7680 c:\windows\system32\forcedos.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 5120 c:\windows\system32\dllhost.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 5120 c:\windows\system32\dllhost.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 4639 c:\windows\system32\dllcache\mplayer2.exe
+ 2011-01-08 19:54 . 2008-04-14 11:42 6144 c:\windows\system32\dcomcnfg.exe
- 2011-01-08 19:54 . 2008-04-14 13:42 6144 c:\windows\system32\dcomcnfg.exe
+ 2012-08-08 19:54 . 2008-04-14 06:13 9728 c:\windows\system32\comsdupd.exe
+ 2011-01-08 19:54 . 2008-04-14 11:42 6144 c:\windows\system32\Com\comrereg.exe
- 2011-01-08 19:54 . 2012-07-06 05:46 6144 c:\windows\system32\Com\comrereg.exe
+ 2011-01-08 19:54 . 2008-04-14 11:42 9728 c:\windows\system32\Com\comrepl.exe
- 2011-01-08 19:54 . 2012-07-06 05:46 9728 c:\windows\system32\Com\comrepl.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 5632 c:\windows\system32\cisvc.exe
- 2001-08-23 12:00 . 2012-07-06 05:38 5632 c:\windows\system32\cisvc.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 4096 c:\windows\system32\actmovie.exe
- 2001-08-23 12:00 . 2012-07-06 05:46 4096 c:\windows\system32\actmovie.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 5632 c:\windows\ServicePackFiles\i386\winver.exe
- 2008-04-14 13:42 . 2012-07-06 05:44 7680 c:\windows\ServicePackFiles\i386\spdwnwxp.exe
+ 2008-04-14 13:42 . 2008-04-14 11:42 7680 c:\windows\ServicePackFiles\i386\spdwnwxp.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 8704 c:\windows\ServicePackFiles\i386\snmptrap.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 8192 c:\windows\ServicePackFiles\i386\smbinst.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 9216 c:\windows\ServicePackFiles\i386\scrnsave.scr
+ 2011-01-08 10:07 . 2008-04-14 11:42 9216 c:\windows\ServicePackFiles\i386\proxycfg.exe
- 2011-01-08 10:07 . 2012-07-06 05:43 9216 c:\windows\ServicePackFiles\i386\proxycfg.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 4096 c:\windows\ServicePackFiles\i386\nddeapir.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 6144 c:\windows\ServicePackFiles\i386\msdtc.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 4608 c:\windows\ServicePackFiles\i386\mqsvc.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 7680 c:\windows\ServicePackFiles\i386\migregdb.exe
+ 2007-12-18 01:28 . 2007-12-17 23:28 8192 c:\windows\ServicePackFiles\i386\ieexec.exe
- 2011-01-08 10:06 . 2012-07-06 05:47 7680 c:\windows\ServicePackFiles\i386\forcedos.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 7680 c:\windows\ServicePackFiles\i386\forcedos.exe
- 2011-01-08 10:07 . 2012-07-06 05:44 5120 c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 5120 c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 6144 c:\windows\ServicePackFiles\i386\dcomcnfg.exe
- 2011-01-08 10:06 . 2012-07-06 05:47 6144 c:\windows\ServicePackFiles\i386\dcomcnfg.exe
+ 2011-01-08 10:07 . 2008-04-14 06:13 9728 c:\windows\ServicePackFiles\i386\comsdupd.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 6144 c:\windows\ServicePackFiles\i386\comrereg.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 9728 c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 5632 c:\windows\ServicePackFiles\i386\cisvc.exe
- 2011-01-08 10:06 . 2012-07-06 05:43 5632 c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 4096 c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 05:56 . 2008-04-14 05:56 132096 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
- 2008-04-14 07:56 . 2008-04-14 07:56 132096 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 991232 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 991232 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 853504 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 853504 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 343040 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 343040 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 401462 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 401462 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 995383 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 995383 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2012-08-08 19:54 . 2008-04-14 11:42 165888 c:\windows\system32\wuauclt1.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 155648 c:\windows\system32\wscript.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 155648 c:\windows\system32\wscript.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 433664 c:\windows\system32\wiaacmgr.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 433664 c:\windows\system32\wiaacmgr.exe
- 2011-01-08 19:54 . 2008-04-14 13:42 126464 c:\windows\system32\wbem\wmiapsrv.exe
+ 2011-01-08 19:54 . 2008-04-14 11:42 126464 c:\windows\system32\wbem\wmiapsrv.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 289792 c:\windows\system32\vssvc.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 289792 c:\windows\system32\vssvc.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 241152 c:\windows\system32\usmt\migwiza.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 103936 c:\windows\system32\usmt\migload.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 259584 c:\windows\system32\tracerpt.exe
- 2011-01-08 09:29 . 2008-04-14 13:42 259584 c:\windows\system32\tracerpt.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 135680 c:\windows\system32\taskmgr.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 135680 c:\windows\system32\taskmgr.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 679936 c:\windows\system32\sstext3d.scr
- 2011-01-08 09:28 . 2008-04-14 13:42 679936 c:\windows\system32\sstext3d.scr
- 2011-01-08 19:54 . 2012-07-06 05:38 141312 c:\windows\system32\sessmgr.exe
+ 2011-01-08 19:54 . 2008-04-14 11:42 141312 c:\windows\system32\sessmgr.exe
- 2011-01-08 09:29 . 2008-04-14 13:42 121856 c:\windows\system32\schtasks.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 121856 c:\windows\system32\schtasks.exe
- 2001-08-23 12:00 . 2012-07-06 05:46 109568 c:\windows\system32\progman.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 109568 c:\windows\system32\progman.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 215552 c:\windows\system32\osk.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 215552 c:\windows\system32\osk.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 111104 c:\windows\system32\netdde.exe
- 2011-01-08 09:28 . 2012-07-06 05:38 111104 c:\windows\system32\netdde.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 124928 c:\windows\system32\net1.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 124928 c:\windows\system32\net1.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 176640 c:\windows\system32\napstat.exe
- 2011-01-08 10:07 . 2008-04-14 13:42 176640 c:\windows\system32\napstat.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 677888 c:\windows\system32\mstsc.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 677888 c:\windows\system32\mstsc.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 343040 c:\windows\system32\mspaint.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 343040 c:\windows\system32\mspaint.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 514560 c:\windows\system32\logonui.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 514560 c:\windows\system32\logonui.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 220672 c:\windows\system32\logon.scr
+ 2011-01-08 09:28 . 2008-04-14 11:42 220672 c:\windows\system32\logon.scr
+ 2011-01-08 09:28 . 2008-04-14 11:42 103936 c:\windows\system32\logagent.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 103936 c:\windows\system32\logagent.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 189440 c:\windows\system32\inetsrv\smtpadm.dll
+ 2012-08-08 19:54 . 2008-04-14 11:42 221696 c:\windows\system32\inetsrv\seo.dll
+ 2011-01-08 09:28 . 2008-04-14 11:42 150528 c:\windows\system32\imapi.exe
- 2011-01-08 09:28 . 2012-07-06 05:38 150528 c:\windows\system32\imapi.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 114688 c:\windows\system32\iexpress.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 114688 c:\windows\system32\iexpress.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 120832 c:\windows\system32\gpresult.exe
- 2011-01-08 09:29 . 2008-04-14 13:42 120832 c:\windows\system32\gpresult.exe
- 2011-01-08 10:07 . 2008-04-14 13:42 193024 c:\windows\system32\fsquirt.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 193024 c:\windows\system32\fsquirt.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 193024 c:\windows\system32\eudcedit.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 193024 c:\windows\system32\eudcedit.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 180224 c:\windows\system32\dwwin.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 180224 c:\windows\system32\dwwin.exe
- 2001-08-23 12:00 . 2012-07-06 05:38 224768 c:\windows\system32\dmadmin.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 224768 c:\windows\system32\dmadmin.exe
+ 2011-01-08 10:07 . 2012-06-02 21:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2011-01-08 10:07 . 2012-06-02 21:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2011-01-08 10:07 . 2012-06-02 21:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2011-01-08 10:06 . 2008-04-14 11:42 208896 c:\windows\system32\dllcache\unregmp2.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 774144 c:\windows\system32\dllcache\setup_wm.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 123392 c:\windows\system32\dllcache\mplay32.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 786432 c:\windows\system32\dllcache\migrate.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 103936 c:\windows\system32\dllcache\logagent.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 294912 c:\windows\system32\dllcache\dlimport.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 163840 c:\windows\system32\diskpart.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 163840 c:\windows\system32\diskpart.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 105472 c:\windows\system32\dfrgntfs.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 105472 c:\windows\system32\dfrgntfs.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 139264 c:\windows\system32\cscript.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 139264 c:\windows\system32\cscript.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 389120 c:\windows\system32\cmd.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 389120 c:\windows\system32\cmd.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 142848 c:\windows\system32\bootcfg.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 142848 c:\windows\system32\bootcfg.exe
- 2011-01-08 10:06 . 2012-07-06 05:44 558080 c:\windows\ServicePackFiles\i386\xpnetdg.exe
+ 2011-01-08 10:06 . 2008-04-14 06:23 558080 c:\windows\ServicePackFiles\i386\xpnetdg.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 165888 c:\windows\ServicePackFiles\i386\wuauclt1.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 111104 c:\windows\ServicePackFiles\i386\wuauclt.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 155648 c:\windows\ServicePackFiles\i386\wscript.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 214528 c:\windows\ServicePackFiles\i386\wordpad.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 218112 c:\windows\ServicePackFiles\i386\wmiprvse.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 358912 c:\windows\ServicePackFiles\i386\wmic.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 126464 c:\windows\ServicePackFiles\i386\wmiapsrv.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 196608 c:\windows\ServicePackFiles\i386\wmiadap.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 507904 c:\windows\ServicePackFiles\i386\winlogon.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 283648 c:\windows\ServicePackFiles\i386\winhlp32.exe
- 2011-01-08 10:06 . 2012-07-06 05:41 433664 c:\windows\ServicePackFiles\i386\wiaacmgr.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 433664 c:\windows\ServicePackFiles\i386\wiaacmgr.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 116224 c:\windows\ServicePackFiles\i386\wbemtest.exe
- 2011-01-08 10:06 . 2012-07-06 05:42 116224 c:\windows\ServicePackFiles\i386\wbemtest.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 289792 c:\windows\ServicePackFiles\i386\vssvc.exe
+ 2007-06-28 02:30 . 2007-06-28 00:30 716800 c:\windows\ServicePackFiles\i386\vbc.exe
- 2011-01-08 10:06 . 2012-07-06 05:41 150528 c:\windows\ServicePackFiles\i386\uploadm.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 150528 c:\windows\ServicePackFiles\i386\uploadm.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 259584 c:\windows\ServicePackFiles\i386\tracerpt.exe
- 2011-01-08 10:06 . 2012-07-06 05:46 347136 c:\windows\ServicePackFiles\i386\tourstrt.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 347136 c:\windows\ServicePackFiles\i386\tourstrt.exe
- 2011-01-08 09:29 . 2012-07-06 05:45 135680 c:\windows\ServicePackFiles\i386\taskmgr.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 135680 c:\windows\ServicePackFiles\i386\taskmgr.exe
- 2011-01-08 10:06 . 2012-07-06 05:43 106496 c:\windows\ServicePackFiles\i386\sysocmgr.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 106496 c:\windows\ServicePackFiles\i386\sysocmgr.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 679936 c:\windows\ServicePackFiles\i386\sstext3d.scr
+ 2011-01-08 09:29 . 2008-04-14 11:42 610304 c:\windows\ServicePackFiles\i386\sspipes.scr
+ 2011-01-08 09:29 . 2008-04-14 11:42 393216 c:\windows\ServicePackFiles\i386\ssflwbox.scr
+ 2011-01-08 09:29 . 2008-04-14 11:42 704512 c:\windows\ServicePackFiles\i386\ss3dfo.scr
- 2011-01-08 09:29 . 2012-07-06 05:44 704512 c:\windows\ServicePackFiles\i386\ss3dfo.scr
+ 2011-01-08 09:29 . 2008-04-14 11:42 538624 c:\windows\ServicePackFiles\i386\spider.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 131584 c:\windows\ServicePackFiles\i386\sndrec32.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 236544 c:\windows\ServicePackFiles\i386\smi2smir.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 141312 c:\windows\ServicePackFiles\i386\sessmgr.exe
- 2011-01-08 09:29 . 2012-07-06 05:42 141312 c:\windows\ServicePackFiles\i386\sessmgr.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 108544 c:\windows\ServicePackFiles\i386\services.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 121856 c:\windows\ServicePackFiles\i386\sctasks.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 380416 c:\windows\ServicePackFiles\i386\rstrui.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 107520 c:\windows\ServicePackFiles\i386\rsnotify.exe
+ 2008-04-14 11:42 . 2008-04-14 11:42 146432 c:\windows\ServicePackFiles\i386\regedit.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 109568 c:\windows\ServicePackFiles\i386\progman.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 281088 c:\windows\ServicePackFiles\i386\pinball.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 215552 c:\windows\ServicePackFiles\i386\osk.exe
- 2011-01-08 09:29 . 2012-07-06 05:42 420864 c:\windows\ServicePackFiles\i386\ntvdm.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 420864 c:\windows\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-14 05:41 . 2008-04-14 03:41 147456 c:\windows\ServicePackFiles\i386\ngen.exe
+ 2002-08-29 11:48 . 2008-04-14 11:46 329728 c:\windows\ServicePackFiles\i386\netsetup.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 111104 c:\windows\ServicePackFiles\i386\netdde.exe
- 2011-01-08 09:29 . 2012-07-06 05:44 124928 c:\windows\ServicePackFiles\i386\net1.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 124928 c:\windows\ServicePackFiles\i386\net1.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 176640 c:\windows\ServicePackFiles\i386\napstat.exe
- 2011-01-08 10:06 . 2012-07-06 05:43 119808 c:\windows\ServicePackFiles\i386\mtstocom.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 119808 c:\windows\ServicePackFiles\i386\mtstocom.exe
- 2011-01-08 09:29 . 2012-07-06 05:43 343040 c:\windows\ServicePackFiles\i386\mspaint.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 343040 c:\windows\ServicePackFiles\i386\mspaint.exe
- 2011-01-08 09:29 . 2012-07-06 05:44 169984 c:\windows\ServicePackFiles\i386\msconfig.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 169984 c:\windows\ServicePackFiles\i386\msconfig.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 117248 c:\windows\ServicePackFiles\i386\mqtgsvc.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 123392 c:\windows\ServicePackFiles\i386\mplay32.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 143360 c:\windows\ServicePackFiles\i386\mobsync.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 241152 c:\windows\ServicePackFiles\i386\migwiza.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 245248 c:\windows\ServicePackFiles\i386\migwiz.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 103936 c:\windows\ServicePackFiles\i386\migload.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 514560 c:\windows\ServicePackFiles\i386\logonui.exe
- 2011-01-08 09:29 . 2012-07-06 05:42 514560 c:\windows\ServicePackFiles\i386\logonui.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 220672 c:\windows\ServicePackFiles\i386\logon.scr
+ 2011-01-08 10:07 . 2008-04-14 11:42 677888 c:\windows\ServicePackFiles\i386\lhmstsc.exe
- 2011-01-08 10:07 . 2012-07-06 05:45 677888 c:\windows\ServicePackFiles\i386\lhmstsc.exe
- 2011-01-08 09:29 . 2012-07-06 05:46 455168 c:\windows\ServicePackFiles\i386\lang\tintsetp.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 455168 c:\windows\ServicePackFiles\i386\lang\tintsetp.exe
+ 2011-01-08 09:29 . 2008-04-14 04:14 262200 c:\windows\ServicePackFiles\i386\lang\imjputy.exe
+ 2011-01-08 09:29 . 2008-04-14 04:14 233527 c:\windows\ServicePackFiles\i386\lang\imjprw.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 208952 c:\windows\ServicePackFiles\i386\lang\imjpmig.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 196665 c:\windows\ServicePackFiles\i386\lang\imjpinst.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 155705 c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 307257 c:\windows\ServicePackFiles\i386\lang\imjpdct.exe
- 2011-01-08 09:29 . 2012-07-06 05:45 480256 c:\windows\ServicePackFiles\i386\lang\cintsetp.exe
+ 2011-01-08 09:29 . 2008-04-14 04:13 480256 c:\windows\ServicePackFiles\i386\lang\cintsetp.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 151552 c:\windows\ServicePackFiles\i386\irftp.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 150528 c:\windows\ServicePackFiles\i386\imapi.exe
+ 2008-04-14 05:40 . 2008-04-14 03:40 184320 c:\windows\ServicePackFiles\i386\ilasm.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 114688 c:\windows\ServicePackFiles\i386\iexpress.exe
- 2011-01-08 09:29 . 2012-07-06 05:45 214528 c:\windows\ServicePackFiles\i386\icwconn1.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 214528 c:\windows\ServicePackFiles\i386\icwconn1.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 744448 c:\windows\ServicePackFiles\i386\helpsvc.exe
- 2011-01-08 09:29 . 2012-07-06 05:41 744448 c:\windows\ServicePackFiles\i386\helpsvc.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 769024 c:\windows\ServicePackFiles\i386\helpctr.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 120832 c:\windows\ServicePackFiles\i386\gprslt.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 267776 c:\windows\ServicePackFiles\i386\fxssvc.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 229376 c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 142848 c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 193024 c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 188494 c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 109840 c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 193024 c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 180224 c:\windows\ServicePackFiles\i386\dwwin.exe
- 2011-01-08 10:07 . 2012-07-06 05:44 224768 c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 224768 c:\windows\ServicePackFiles\i386\dmadmin.exe
- 2011-01-08 10:06 . 2012-07-06 05:43 163840 c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 163840 c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 539136 c:\windows\ServicePackFiles\i386\dialer.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 105472 c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 139264 c:\windows\ServicePackFiles\i386\cscript.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 389120 c:\windows\ServicePackFiles\i386\cmd.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 102912 c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 188480 c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 142848 c:\windows\ServicePackFiles\i386\bootcfg.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 256512 c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 184320 c:\windows\ServicePackFiles\i386\accwiz.exe
- 2002-08-29 11:41 . 2012-07-06 05:38 146432 c:\windows\regedit.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 146432 c:\windows\regedit.exe
+ 2011-01-08 19:56 . 2008-04-14 11:42 150528 c:\windows\PCHEALTH\UploadLB\Binaries\uploadm.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 169984 c:\windows\PCHEALTH\HELPCTR\Binaries\msconfig.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 744448 c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 769024 c:\windows\PCHEALTH\HELPCTR\Binaries\helpctr.exe
+ 2011-01-08 10:07 . 2008-04-14 06:23 558080 c:\windows\network diagnostic\xpnetdiag.exe
+ 2001-08-23 12:00 . 2008-04-14 11:42 256512 c:\windows\msagent\agentsvr.exe
+ 2012-08-08 19:53 . 2008-04-14 11:42 208896 c:\windows\inf\unregmp2.exe
+ 2008-04-14 11:42 . 2008-04-14 11:42 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
- 2008-04-14 13:42 . 2008-04-14 13:42 1011774 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 1011774 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2008-04-14 13:42 . 2008-04-14 13:42 1054208 c:\windows\WinSxS\InstallTemp\2045112\comctl32.dll
+ 2008-04-14 13:42 . 2008-04-14 13:42 1724416 c:\windows\WinSxS\InstallTemp\2038988\GdiPlus.dll
+ 2012-08-08 19:52 . 2008-04-14 06:04 1897408 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\nv4_mini.sys
+ 2012-08-08 19:52 . 2008-04-14 13:42 4274816 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\nv4_disp.dll
+ 2001-08-23 12:00 . 2008-04-14 11:42 1414656 c:\windows\system32\mmc.exe
- 2001-08-23 12:00 . 2008-04-14 13:42 1414656 c:\windows\system32\mmc.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 1298432 c:\windows\system32\dxdiag.exe
+ 2011-01-08 09:28 . 2012-06-02 21:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2008-04-14 13:42 . 2008-04-14 11:42 1695232 c:\windows\ServicePackFiles\ServicePackCache\i386\msmsgs.exe
+ 2011-01-08 10:07 . 2008-04-14 11:42 1200640 c:\windows\ServicePackFiles\i386\ntbackup.exe
+ 2002-08-29 11:41 . 2008-04-14 11:42 1695232 c:\windows\ServicePackFiles\i386\msmsgs.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 3558912 c:\windows\ServicePackFiles\i386\moviemk.exe
+ 2011-01-08 10:06 . 2008-04-14 11:42 1414656 c:\windows\ServicePackFiles\i386\mmc.exe
+ 2012-08-08 19:54 . 2008-04-14 11:42 1033728 c:\windows\ServicePackFiles\i386\explorer.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 1298432 c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2011-01-08 09:29 . 2008-04-14 11:42 1032192 c:\windows\ServicePackFiles\i386\conf.exe
+ 2011-01-08 09:28 . 2008-04-14 11:42 1033728 c:\windows\explorer.exe
- 2011-01-08 09:28 . 2008-04-14 13:42 1033728 c:\windows\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"RunSpellCheckAnywhere"="c:\program files\Spell Check Anywhere\sastarter.exe" [2009-04-23 73728]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\WINDOWS\\System32\\wbem\\wmiprvse.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/28/2012 11:46 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/28/2012 11:46 AM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/28/2012 11:46 AM 21256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/28/2012 12:23 PM 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/28/2012 12:23 PM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2012 11:46 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2012 11:46 AM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/25/2012 11:46 AM 113120]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [1/8/2011 7:23 PM 13064]
S4 Psmanages;Protected Storage Manage Support;"c:\windows\system\smsc.exe" --> c:\windows\system\smsc.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-28 16:21]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-28 17:46]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-28 17:46]
.
2012-08-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-12-14 22:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bigcharts.com/
TCP: DhcpNameServer = 192.168.0.1 205.171.2.65
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\nxwcprxv.default\
FF - prefs.js: browser.startup.homepage - hxxp://bigcharts.marketwatch.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6851a895-bb90-4084-8311-97a3165e2728%7D&mid=9f8d73e4728047d1b3bfd14acce4e9e6-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=ts025&v=11.1.0.12&lang=en&pr=sa&d=2012-07-10%2009%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112049&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 68d49a7a000000000000000c7661288c
FF - user.js: extensions.BabylonToolbar_i.hardId - 68d49a7a000000000000000c7661288c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15497
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:02
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-08 14:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-08 14:41:52
ComboFix-quarantined-files.txt 2012-08-08 20:41
ComboFix2.txt 2012-08-06 05:16
.
Pre-Run: 108,544,598,016 bytes free
Post-Run: 108,524,589,056 bytes free
.
- - End Of File - - 48B23A7183002A7ECF4BB893B1879A79

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:37 PM

Posted 08 August 2012 - 04:09 PM

yes, that went very well,

look in your Add/Remove programs for the Babylon Toolbar and remove it.

unfortunately there is no instruction publicly available for ComboFix it is a very powerful tool and the developer of the tool does not want it public. It takes a great deal of training to learn how to use our malware removal tools properly through the classrooms that are run by the various forums, it is quite a time commitment and an expectation that you will assist in the forums to help people clean their machines. If you are interested, check out the various forums that offer training.

http://www.uniteagainstmalware.com/schools.php

we just have a couple more scans to complete to make sure there are no leftovers

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT




Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Post

Post
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 10 August 2012 - 11:03 AM

= = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = =

I must apologize for the delay. I was unable to send even partial files
as the ESETSCAN.txt is so large.

I checked. There is no "Babylon Toolbar" in the Add/Remove programs list.

The MalwareBytes AntiMalware Program didn't generate any Results to view. There
was no "Selected" to click on Remove

.....

In the -Quarantine- I found 23 entries. One (1)...

PUP.BundleInstaller.BT
File
C:\documents and Settings\Robert\Desktop\installer_ewido_anti-spyware.exe

The other 22 entries are all

PUP.Blabbers

One...
PUP.Blabbers
Folder
C:\Program Files\BrowserCompanion

Eleven (11)
C:\Program Files\BrowserCompanion\with-a-file-name

And the other Ten (10) are all Registry Key or Registry Value entries.

.....

Again, if you are receiving this, its the largest part of the ESETSCAN.txt file
I have been able to send. I'll send the next part as soon as I can.


Robert / Post


ESETSCAN.txt: Part 1 of ??

.....


C:\Program Files\America Online 9.0\accdef.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\aol.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\aolphx.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\aoltray.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\aolwbspd.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\RBM.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\shellmon.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\shellrestart.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\waol.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\Jiti\Real.exe Win32/Virut.AV virus
C:\Program Files\America Online 9.0\Jiti\real_upd.exe Win32/Virut.AV virus
C:\Program Files\AOL Companion\companion.exe Win32/Virut.AV virus
C:\Program Files\C-Media 3D Audio\Driver\Win\CMIRMDRV.EXE Win32/Virut.AV virus
C:\Program Files\C-Media 3D Audio\Driver\Win\Setup.exe Win32/Virut.AV virus
C:\Program Files\C-Media 3D Audio\Driver\Win\SmWizard.exe Win32/Virut.AV virus
C:\Program Files\C-Media 3D Audio\Play3D\CmiPlay3D.exe Win32/Virut.AV virus
C:\Program Files\Common Files\AOL\ACS\fix_vcrt.exe Win32/Virut.AV virus
C:\Program Files\Common Files\AOL\ACS\ospath.exe Win32/Virut.AV virus
C:\Program Files\Common Files\AOL\ACS\wanmpsvc.exe Win32/Virut.AV virus
C:\Program Files\Common Files\aolshare\Coach\ab3.exe Win32/Virut.AV virus
C:\Program Files\Common Files\aolshare\Coach\Player\AOLNySEV.exe Win32/Virut.AV virus
C:\Program Files\Common Files\aolshare\sysinfo\sinf.exe Win32/Virut.AV virus
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Win32/Virut.AV virus
C:\Program Files\Common Files\Nullsoft\ActiveX\AOLMediaPlaybackControl.exe Win32/Virut.AV virus
C:\Program Files\DAZZLE\MovieStar\moviestar.exe Win32/Virut.AV virus
C:\Program Files\EASEUS\EASEUS Partition Recovery 5.0.1\bin\epr0.exe Win32/Virut.AV virus
C:\Program Files\EASEUS\EASEUS Partition Recovery 5.0.1\bin\ErrorReport.exe Win32/Virut.AV virus
C:\Program Files\EASEUS\EASEUS Partition Recovery 5.0.1\bin\Main.exe Win32/Virut.AV virus
C:\Program Files\ewido anti-spyware 4.0\ewido.exe Win32/Virut.AV virus
C:\Program Files\InstallShield Installation Information\{F8766B65-4B9C-11D6-830E-0050DABBB449}\Setup.exe Win32/Virut.AV virus
C:\Program Files\Learn2.com\StRunner\STRunner.exe Win32/Virut.AV virus
C:\Program Files\Learn2.com\StRunner\stuninst.exe Win32/Virut.AV virus
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe Win32/Virut.AV virus
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe Win32/Virut.AV virus
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe Win32/Virut.AV virus
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe Win32/Virut.AV virus
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe Win32/Virut.AV virus
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe Win32/Virut.AV virus
C:\Program Files\QuickTime\QTTask.exe Win32/Virut.AV virus
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Win32/Virut.AV virus
C:\Program Files\Spybot - Search & Destroy\SDShred.exe Win32/Virut.AV virus
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062389.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062395.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062399.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062401.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062402.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062404.exe multiple threats
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062405.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062406.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062407.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062408.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062409.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062410.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062411.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062412.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062414.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062415.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062418.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062419.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062420.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062422.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062423.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062425.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062426.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062427.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062428.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062429.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062430.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062432.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062444.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062446.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062447.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062448.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062450.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062451.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062453.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062454.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062471.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062473.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062474.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062475.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062478.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062479.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062480.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062481.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062482.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062484.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062485.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062488.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062489.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062491.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062492.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062494.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062495.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062496.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062497.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062498.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062500.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062501.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062502.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062503.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062504.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062505.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062506.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062507.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062508.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062509.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062510.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062511.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062514.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062515.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062523.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062524.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062529.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062531.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062532.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062533.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062534.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062535.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062536.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062542.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062543.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062544.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062545.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062546.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062550.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062551.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062553.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062554.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062555.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062557.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062558.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062559.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062560.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062562.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062563.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062564.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062565.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062566.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062567.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062568.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062569.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062570.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062571.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062572.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062573.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062574.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062575.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062576.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062577.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062578.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062579.EXE Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062580.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062581.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062582.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062583.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062588.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062589.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062591.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062592.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062593.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062594.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062595.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062596.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062597.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062598.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062599.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062600.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062602.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062603.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062604.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062606.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062607.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062608.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062609.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062610.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062611.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062612.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062613.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062614.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062615.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062617.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062618.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062619.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062620.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062621.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062622.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062623.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062624.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062625.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062626.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062627.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062628.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062629.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062630.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062631.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062632.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062633.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062634.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062635.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062636.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062637.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062638.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062639.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062640.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062641.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062642.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062644.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062646.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062647.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062648.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062649.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062650.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062651.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062652.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062653.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062654.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062655.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062656.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062658.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062659.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062660.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062661.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062662.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062663.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062665.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062666.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062667.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062668.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062669.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062670.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062671.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062672.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062673.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062674.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062675.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062676.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062677.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062678.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062679.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062680.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062681.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062682.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062683.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062684.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062685.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062686.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062689.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062690.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062691.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062692.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062693.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062694.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062695.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062697.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062698.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062699.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062700.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062701.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062702.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062703.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062704.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062705.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062706.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062707.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062708.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062709.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062710.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062711.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062712.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062713.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062714.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062715.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062718.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062719.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062720.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062721.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062722.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062723.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062724.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062725.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062726.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062727.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062728.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062729.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062730.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062731.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062732.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062733.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062734.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062735.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062736.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062737.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062738.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062739.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062740.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062741.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062742.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062743.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062744.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062745.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062746.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062747.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062748.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062749.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062750.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062751.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062752.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062753.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062754.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062755.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062756.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062757.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062758.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062759.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062760.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062761.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062762.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062763.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062764.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062766.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062767.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062768.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062769.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062770.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062771.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062772.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062773.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062774.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062775.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062776.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062777.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062778.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062779.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062780.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062781.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062782.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062783.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062784.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062785.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062786.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062787.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062788.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062790.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062791.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062792.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062793.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062795.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062797.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062798.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062799.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062800.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062801.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062802.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062803.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062804.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062805.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062806.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062807.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062808.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062809.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062810.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062812.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062813.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062814.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062815.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062817.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062818.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062819.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062820.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062821.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062822.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062823.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062824.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062825.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062826.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062827.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062828.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062829.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062830.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062831.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062832.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062833.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062835.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062836.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062837.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062838.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062839.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062840.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062841.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062842.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062843.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062845.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062846.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062847.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062848.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062849.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062850.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062852.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062853.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062854.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062855.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062856.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062857.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062858.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062859.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062860.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062861.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062862.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062863.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062864.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062865.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062866.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062867.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062868.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062869.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062870.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062871.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062872.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062873.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062874.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062875.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062876.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062877.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062879.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062880.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062881.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062882.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062883.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062884.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062885.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062886.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062887.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062888.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062889.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062890.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062892.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062893.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062894.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062895.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062896.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062897.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062900.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062901.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062902.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062903.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062904.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062905.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062906.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062907.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062908.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062909.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062910.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062912.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062913.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062914.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062916.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062917.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062918.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062919.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062920.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062921.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062922.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062923.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062924.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062925.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062929.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062930.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062931.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062932.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062933.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062934.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062935.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062936.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062937.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062938.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062939.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062940.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062941.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062942.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062943.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062944.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062945.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062946.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062948.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062949.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062950.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062951.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062952.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062953.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062954.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062955.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062956.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062957.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062958.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062959.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062960.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062961.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062962.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062963.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062964.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062965.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062966.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062967.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062968.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062969.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062970.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062971.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062972.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062973.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062974.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062975.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062976.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062977.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062978.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062982.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062984.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062986.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062987.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062996.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0062998.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063000.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063003.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063005.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063006.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063007.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063008.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063009.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063011.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063012.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063013.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063014.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063015.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063016.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063017.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063018.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063019.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063020.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063021.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063022.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063023.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063024.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063025.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063026.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063027.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063028.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063029.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063031.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063033.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063034.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063035.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063036.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063037.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063038.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063039.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063040.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063041.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063042.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063043.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063044.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063045.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063046.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063047.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063048.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063049.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063050.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063051.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063052.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063053.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063054.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063055.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063056.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063057.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063059.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063060.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063061.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063062.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063063.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063064.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063065.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063066.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063070.exe multiple threats
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063080.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP66\A0063081.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063090.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063094.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063096.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063097.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063099.exe multiple threats
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063100.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063101.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063102.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063103.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063104.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063105.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063106.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063107.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063108.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063109.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063110.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063111.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063113.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063114.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063117.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063118.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063121.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063125.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063127.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063131.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063133.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063135.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063137.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063138.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063140.exe multiple threats
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063142.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063143.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063147.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063148.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063149.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063154.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063155.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063161.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063163.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063164.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063166.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063167.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063169.exe multiple threats
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063170.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063171.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063172.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063173.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063174.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063175.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063177.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063178.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063179.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063180.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063181.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063182.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063184.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063185.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063190.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063192.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063196.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063198.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063199.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063201.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063202.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063203.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063205.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063206.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063207.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063208.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063209.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063210.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063211.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063212.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063213.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063214.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063215.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063216.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063217.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063218.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063219.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063220.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063221.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063222.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063223.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063225.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063226.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063229.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063230.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063231.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063235.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063236.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063237.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063239.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063240.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063242.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063244.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063246.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063247.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063248.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063249.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063250.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063251.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063252.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063253.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063254.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063255.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063256.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063257.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063258.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063259.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063260.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063261.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063262.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063263.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063264.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063265.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063266.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063267.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063268.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063269.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063270.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063271.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063272.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063273.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063274.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063277.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063278.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063279.EXE Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063280.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063281.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063282.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063284.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063285.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063286.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063287.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063288.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063289.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063290.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063291.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063292.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063293.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063294.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063295.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063296.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063297.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063300.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063302.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063303.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063305.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063306.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063307.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063308.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063309.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063310.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063311.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063312.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063313.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063314.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063315.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063316.scr Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063317.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063321.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063322.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063324.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063325.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063328.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063329.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063330.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP67\A0063331.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063336.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063337.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063338.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063339.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063343.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063345.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063346.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063348.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063350.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063351.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063352.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063353.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063354.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063355.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063356.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063357.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063358.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063359.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063360.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063361.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063362.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063363.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063364.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063365.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063366.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063367.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063368.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063370.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063371.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063374.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063375.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063379.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063381.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063382.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063386.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063391.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063393.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063394.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063396.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063397.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063398.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063399.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063400.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063402.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063403.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063404.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063405.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063406.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063407.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063408.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063409.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063410.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063411.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063412.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063413.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063417.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063419.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063420.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063422.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063423.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063424.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063425.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063426.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063427.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063428.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063429.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063430.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063431.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063433.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063434.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063435.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063436.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063437.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063438.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063439.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063440.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063442.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063443.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063446.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063447.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063449.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063451.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063452.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063454.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063455.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063456.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063457.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063458.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063460.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063461.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063462.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063463.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063464.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063465.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063466.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063467.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063468.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063469.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063470.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063471.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063474.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063476.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063481.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063482.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063487.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063497.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063507.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063509.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063514.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063516.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063517.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063518.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063520.exe multiple threats
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063521.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063522.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063524.exe Win32/Virut.AV virus
C:\System Volume Information\_restore{831B05D0-C476-4F41-8AE0-EED189456218}\RP68\A0063525.exe Win32/Virut.AV virus


.....

#12 Post

Post
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 10 August 2012 - 12:58 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Robert (administrator) on 09-08-2012 at 23:52:48
Running from "C:\Documents and Settings\Robert\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B0000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:37 PM

Posted 10 August 2012 - 01:31 PM

oh dear, very bad news I'm afraid, you are infected with a polymorphic file infector


this is the information I have on this infection

VIRUT FILE INFECTOR


VIRUT
is a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously.

Unfortunately, the cleaning of this virus is not possible.

The only thing we recommend is to do a full reformat and install.

We have an excellent tutorial on how to reformat here

and for a Vista reformat re-install HERE

We do not recommend trying to save any files from this machine as they could all be infected and will simply re-infect your system again, there is no way of being certain what this infection can do.

It may be possible to save documents, pictures and music files, but I cannot guarantee that they won't be infected.

You could try scanning those files with an online scanner such as Eset:

Only scan the files, not the whole computer or you will be there forever.

Read more about the VIRUT FILE INFECTOR HERE

If you don't have a Windows Installation Disk (if this came with Windows pre-installed), you may have a Manufacturer restore disk to restore the computer to its original state - this depends on the Manufacturer though. Otherwise, give the Manufacturer a call and ask them to send you a restore disk or Windows installation CD.

Should you have any questions, please feel free to ask.

I am sorry there is nothing more that we can do.


More information:

http://free.avg.com/66558
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.

http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)



Miekiemoes
, a highly regarded expert in malware removal, and an MS-MVP,
has an extremely informative blog post about Virut. - she only ever recommends a total reformat.

At least this way, you have the best chance of having a clean machine once more.

For future protection read this very well written article Think Prevention.

Edited by CatByte, 10 August 2012 - 01:32 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Post

Post
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 10 August 2012 - 04:25 PM

Ok, just a couple of questions before I nuke & pave,

"It spreads all around the drive and infects ..."


Is the virus likly to spread to other drives, I have two (2) other drives, one is
NTSB and the other DOS... on the same machine...

Again, thank you for all your time and effort.
I believe in getting the bad news out, early rather than late.

Robert / Post

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:37 PM

Posted 10 August 2012 - 04:48 PM

there is always the possibility that it could spread to other drives, with this infection it's very hard to predict what it can do, that's why we don't try to clean it.

The ESET on line scanner should be able to detect it if it has spread, I believe you can choose what drives to scan.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users