Jump to content

I am infected


JHDals

Recommended Posts

I have run Spybot Search and Destroy as well as Malwarebytes' Anti-Malware and both have found problems. After fixing them, the problems return. One of the problems appears to be "reader_s.exe". Anyway, I am sure my logs will better explain my problem than I can with words. I appreciate any help that you are able to provide me in resolving these issues.

Here are my logs:

Malwarebytes' Anti-Malware 1.34

Database version: 1795

Windows 5.1.2600 Service Pack 3

2/23/2009 7:58:57 PM

mbam-log-2009-02-23 (19-58-57).txt

Scan type: Quick Scan

Objects scanned: 76860

Time elapsed: 14 minute(s), 3 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e38c37b1-0c18-42c3-afc3-d09a61aaa12d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vhdemypt (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e38c37b1-0c18-42c3-afc3-d09a61aaa12d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nudeoixc (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nudeoixc (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nudeoixc (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e38c37b1-0c18-42c3-afc3-d09a61aaa12d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\wppfeml.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\undname.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:21:59 PM, on 2/24/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\DigitalPersona\Bin\DPWinLct.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\DigitalPersona\Bin\DpHost.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\VBTUCopy\VBTUCopy.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\NewTech Infosystems\NTI Shadow\Shadow.exe

C:\Program Files\WinTV\Ir.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Jack & Hannah

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [VBTUCopy] C:\Program Files\VBTUCopy\VBTUCopy.exe /a /f

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [shadow] C:\Program Files\NewTech Infosystems\NTI Shadow\Shadow.exe --minimize

O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe

O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')

O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HauppaugeTVServer - Unknown owner - C:\PROGRA~1\WinTV\HCWTVS~1.EXE (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 10836 bytes

Link to post
Share on other sites

  • Root Admin

That file "reader_s" is an indicator of the Win32.Virut virus which is very destructive.

Please attempt to run this AV scanner if you can.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

I am not sure if I should use the "reply" or "add reply button". I hope this gets to you. If not, I will use the "reply" for my next response.

Thanks for your prompt reply to my post.

I followed your instructions and now have an additional problem. I can now only get to my desktop which is void of any icons - start, desktop, etc. I cannot access any programs, the DrWeb.csv, etc. All I can access is the Task Manager via control, alt, delete.

I don't know what to do now.

Hopefully, you can get me out of this delema.

Thanks for any help you can provide me.

Link to post
Share on other sites

  • Root Admin

Click on the Task Manager File, New Task (Run...) and type in EXPLORER and hit enter and see if it will launch or you get an error.

As I had mentioned before it sounds like you may have the Win32.Virut which destroys ALL the executable files on your system.

If you can burn a CD from another Computer that would be good, you could boot with a Virus Scanner CD and verify what it finds for sure.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from
    here
  • Place a blank CD in your burner and double-click on the downloaded file.

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files
    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Screen resolution problems

Please see the post
here
if you're unable to view the entire screen of Avira.
Link to post
Share on other sites

First of all, let me thank you for the help that you are providing me. It is good to know, that even though there are malicious people out there creating these viruses, there are people such as yourself providing help for us that are infected. I appreciate that your instructions are very clear and easy to understand. Again, thank you.

I do have access to another computer.

I did get an error when I ran EXPLORER.

Avira AntiVir Rescue System results: Records = 93; Suspect Files = 0; Warnings = 5; Renamed = 93

Looking forward to the next step

Link to post
Share on other sites

  • Root Admin

Are you able to log onto the desktop now or just the Task Manager running still?

Did any of those file moves list a word named: VIRUT ?

If you can't get to a normal desktop, then try to click on the File Run from Task Manager again and type in CONTROL and try to create a NEW User Account and then try to log onto that one.

Link to post
Share on other sites

I can get to the desktop, but it is void of the 'start' buttons, icons, and task bar. I can access task manager via ctrl, alt, delete. From the task manager I can access most programs, control panel, etc. From the control panel I cannot access 'Taskbar and Start Menu'; cannot enable 'Local Area Connection' (ie, the Internet). In addition to control panel, I can also access 'my computer', all drives (except network drives), etc.

Using Spybot Search and Destroy, tools, system startup, it appears reader_s is still starting up. I cannot find the DrWeb.csv report that was previously created - using 'new task (run) under file in task manager.

I don't know if any of those file moves list a word named: VIRUT. I would have to run Avira AntiVir Rescue System to determine that. I didn't run it at this time, since maybe the above information and computer access possibilities might provide you with a different available alternative. If need be, I will run it again.

A NEW User Account just created another blank desktop - same as the orignal user account desktop.

I hope some of this new information helps

Link to post
Share on other sites

  • Root Admin

Are you sure it's reader_s and not reader_sl ? reader_s is an indicator of VIRUT

Please try to run Dr Web CureIT if you can then or the Avira Rescue CD.

Try to run it from the TASK MANAGER - otherwise you're going to probably have to do a boot CD of Avira or similar.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

I have run both hijack this and DrWeb. I saved the logs to a flash drive from the affected computer. However, I can't seem to attach them to this email using another computer. Can you suggest how I can do this. I get the message: Upload failed. You are not permitted to upload this type of file. I tried using Notepad and Exel.

Thanks

Link to post
Share on other sites

I apologize for the previous message - please disregard it. I was able to cut and paste the requested information. I will have to send the information in separte postings, as I get a message that it is too large.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:41:33 AM, on 3/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\DigitalPersona\Bin\DPWinLct.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\DigitalPersona\Bin\DpHost.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Jack & Hannah

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [VBTUCopy] C:\Program Files\VBTUCopy\VBTUCopy.exe /a /f

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [shadow] C:\Program Files\NewTech Infosystems\NTI Shadow\Shadow.exe --minimize

O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')

O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HauppaugeTVServer - Unknown owner - C:\PROGRA~1\WinTV\HCWTVS~1.EXE (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9640 bytes

Link to post
Share on other sites

Part 1

mainserv.exe;c:\program files\apc\apc powerchute personal edition;Win32.Virut.56;Cured.;

idrivert.exe;c:\program files\common files\installshield\driver\1150\intel 32;Win32.Virut.56;Cured.;

mscsptisrv.exe;c:\program files\common files\sony shared\avlib;Win32.Virut.56;Cured.;

pacsptisvr.exe;c:\program files\common files\sony shared\avlib;Win32.Virut.56;Cured.;

sptisrv.exe;c:\program files\common files\sony shared\avlib;Win32.Virut.56;Cured.;

iexplore.exe;c:\program files\internet explorer;Win32.Virut.56;Cured.;

itouch.exe;c:\program files\logitech\itouch;Win32.Virut.56;Cured.;

msmsgs.exe;c:\program files\messenger;Win32.Virut.56;Cured.;

setup50.exe;c:\program files\outlook express;Win32.Virut.56;Cured.;

psi.exe;c:\program files\secunia\psi;Win32.Virut.56;Cured.;

mediaserver.exe;c:\program files\tversity\media server;Win32.Virut.56;Cured.;

vbtucopy.exe;c:\program files\vbtucopy;Win32.Virut.56;Cured.;

wlsetupsvc.exe;c:\program files\windows live\installer;Win32.Virut.56;Cured.;

wmpnetwk.exe;c:\program files\windows media player;Win32.Virut.56;Cured.;

ir.exe;c:\program files\wintv;Win32.Virut.56;Cured.;

explorer.exe;c:\windows;Win32.Virut.56;Incurable.Moved.;

unregmp2.exe;c:\windows\inf;Win32.Virut.56;Cured.;

khalmnpr.exe;c:\windows;Win32.Virut.56;Cured.;

xpnetdiag.exe;c:\windows\network diagnostic;Win32.Virut.56;Cured.;

services.exe;c:\windows;Win32.Virut.56;Cured.;

services.exe;c:\windows;Win32.Virut.56;Incurable.Moved.;

alg.exe;c:\windows\system32;Win32.Virut.56;Cured.;

cisvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

clipsrv.exe;c:\windows\system32;Win32.Virut.56;Cured.;

cmd.exe;c:\windows\system32;Win32.Virut.56;Cured.;

reader_s.exe;c:\windows\system32\config\systemprofile;Trojan.DownLoad.29459;Deleted.;

dllhost.exe;c:\windows\system32;Win32.Virut.56;Cured.;

dmadmin.exe;c:\windows\system32;Win32.Virut.56;Cured.;

protect.sys;c:\windows\system32\drivers;Trojan.NtRootKit.429;Deleted.;

ie4uinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;

imapi.exe;c:\windows\system32;Win32.Virut.56;Cured.;

locator.exe;c:\windows\system32;Win32.Virut.56;Cured.;

logon.scr;c:\windows\system32;Win32.Virut.56;Cured.;

logonui.exe;c:\windows\system32;Win32.Virut.56;Cured.;

mnmsrvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

msdtc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

msiexec.exe;c:\windows\system32;Win32.Virut.56;Cured.;

netdde.exe;c:\windows\system32;Win32.Virut.56;Cured.;

nmssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

ntsd.exe;c:\windows\system32;Win32.Virut.56;Cured.;

nvsvc32.exe;c:\windows\system32;Win32.Virut.56;Cured.;

reader_s.exe;c:\windows\system32;Trojan.DownLoad.29459;Deleted.;

regsvr32.exe;c:\windows\system32;Win32.Virut.56;Cured.;

rsvp.exe;c:\windows\system32;Win32.Virut.56;Cured.;

rundll32.exe;c:\windows\system32;Win32.Virut.56;Cured.;

scardsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;

sessmgr.exe;c:\windows\system32;Win32.Virut.56;Cured.;

shmgrate.exe;c:\windows\system32;Win32.Virut.56;Cured.;

hpztsb09.exe;c:\windows\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;

spoolsv.exe;c:\windows\system32;Win32.Virut.56;Cured.;

ssstars.scr;c:\windows\system32;Win32.Virut.56;Cured.;

tcpsvcs.exe;c:\windows\system32;Win32.Virut.56;Cured.;

tlntsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.;

ups.exe;c:\windows\system32;Win32.Virut.56;Cured.;

userinit.exe;c:\windows\system32;Win32.Virut.56;Cured.;

vssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.;

winmgmt.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;

wmiapsrv.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.;

PINSTALL.EXE;C:\CABS\Apps\DOCTOR;Win32.Virut.56;Cured.;

SETUP.EXE;C:\CABS\Apps\DOCTOR;Win32.Virut.56;Cured.;

SETUP.EXE;C:\CABS\Apps\DOCTOR\CUI;Win32.Virut.56;Cured.;

SETUP.EXE;C:\CABS\Apps\DOCTOR\DIAGNOSTICS;Win32.Virut.56;Cured.;

SETUP.EXE;C:\CABS\Apps\DOCTOR\SERVICES;Win32.Virut.56;Cured.;

8255XDEL.EXE;C:\CABS\Netcard\Kinerth4;Win32.Virut.56;Cured.;

Prounstl.exe;C:\CABS\Netcard\Kinerth4;Win32.Virut.56;Cured.;

Prounstl.exe;C:\CABS\Netcard\Kinerth4\Windows\Drivers\IA32;Win32.Virut.56;Cured.;

Prounstl.exe;C:\CABS\Netcard\Kinerth4\Windows\Drivers\Itanium;Win32.Virut.56;Cured.;

PROMon.exe;C:\CABS\Netcard\Kinerth4\Windows\PROSET2\IA32;Win32.Virut.56;Cured.;

ProNT4.exe;C:\CABS\Netcard\Kinerth4\Windows\PROSET2\IA32;Win32.Virut.56;Cured.;

PROSet.exe;C:\CABS\Netcard\Kinerth4\Windows\PROSET2\IA32;Win32.Virut.56;Cured.;

_ISDel.exe;C:\CABS\Netcard\Kinerth4\Windows\PROSET2\IA32;Win32.Virut.56;Cured.;

PROMon.exe;C:\CABS\Netcard\Kinerth4\Windows\PROSET2\Itanium;Win32.Virut.56;Cured.;

PROSet.exe;C:\CABS\Netcard\Kinerth4\Windows\PROSET2\Itanium;Win32.Virut.56;Cured.;

install.exe;C:\CABS\Winxp\Audio\Soundmax\SMAXWDM\W2K_XP;Win32.Virut.56;Cured.;

Remove.exe;C:\CABS\Winxp\Audio\Soundmax\SMAXWDM\W2K_XP;Win32.Virut.56;Cured.;

bigLba.EXE;C:\CABS\Winxp\Utility\48LBA;Win32.Virut.56;Cured.;

Setup.exe;C:\CABS\Winxp\Utility\82xxx;Win32.Virut.56;Cured.;

GWBMPMAN.exe;C:\CABS\Winxp\Utility\Deskmng;Win32.Virut.56;Cured.;

DOMOBIZ6.EXE;C:\CABS\Winxp\Utility\DOMORE\Pro;Win32.Virut.56;Cured.;

IEProj.exe;C:\CABS\Winxp\Utility\IECustm;Win32.Virut.56;Cured.;

Grnstar.exe;C:\CABS\Winxp\Utility\Power;Win32.Virut.56;Cured.;

PINSTALL.EXE;C:\CABS\Winxp\Utility\Power;Win32.Virut.56;Cured.;

PowerSet.exe;C:\CABS\Winxp\Utility\Power;Win32.Virut.56;Cured.;

set2000.EXE;C:\CABS\Winxp\Utility\Power;Win32.Virut.56;Cured.;

setXP.EXE;C:\CABS\Winxp\Utility\Power;Win32.Virut.56;Cured.;

pinstall.exe;C:\CABS\Winxp\Utility\Usb2;Win32.Virut.56;Cured.;

pinstall.exe;C:\CABS\Winxp\Utility\video;Win32.Virut.56;Cured.;

vidset.exe;C:\CABS\Winxp\Utility\video;Win32.Virut.56;Cured.;

Marker.exe;C:\CABS\Winxp\Utility\XPHOTFIX;Win32.Virut.56;Cured.;

pinstall.exe;C:\CABS\Winxp\Utility\XPHOTFIX;Win32.Virut.56;Cured.;

srcdmark.exe;C:\CABS\Winxp\Utility\XPHOTFIX;Win32.Virut.56;Cured.;

srcdmark.exe;C:\CABS\Winxp\Utility\XPHOTFIX;Win32.HLLW.Autoruner.origin;Incurable.Moved.;

CANOIT32.EXE;C:\CanoScan\CNQ3000\CNQSG83;Win32.Virut.56;Cured.;

TWUNK_32.EXE;C:\CanoScan\CNQ3000\CNQSG83;Win32.Virut.56;Cured.;

RegUBP2b-Jack.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

reader_s.exe;C:\Documents and Settings\Jack;Win32.Virut.56;Cured.;

reader_s.exe;C:\Documents and Settings\Jack;Trojan.DownLoad.29459;Deleted.;

tarsier.exe;C:\Documents and Settings\Jack\Desktop;Win32.Virut.56;Cured.;

easy_search_utility_4400.exe;C:\Documents and Settings\Jack\Desktop\Easy Search 4.4.0.0;Win32.Virut.56;Cured.;

FirewallTest.exe;C:\Documents and Settings\Jack\Desktop\NAS200 Firmware\NAS200-Setup;Win32.Virut.56;Cured.;

SetupSecondDrive.exe;C:\Documents and Settings\Jack\Desktop\NAS200 Firmware\NAS200-Setup;Win32.Virut.56;Cured.;

SetupUtility.exe;C:\Documents and Settings\Jack\Desktop\NAS200 Firmware\NAS200-Setup;Win32.Virut.56;Incurable.Moved.;

SharedFolderMapping.exe;C:\Documents and Settings\Jack\Desktop\NAS200 Firmware\NAS200-Setup;Win32.Virut.56;Cured.;

DelNetworkShortcut.exe;C:\Documents and Settings\Jack\Desktop\NAS200 Firmware\NAS200-Setup\PnpX;Win32.Virut.56;Cured.;

qt2006.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\QuickTax 2006\QT2006;Win32.Virut.56;Cured.;

qtpatch.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\QuickTax 2006\QT2006\inet;Win32.Virut.56;Cured.;

qtdownld.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\QuickTax 2006\QT2006\Resource;Win32.Virut.56;Cured.;

diagnose.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\QuickTax 2006\QT2006\Utils;Win32.Virut.56;Cured.;

tpf1u.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\QuickTax 2006\QT2006\Utils;Win32.Virut.56;Cured.;

dtwinf.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\UFile 2007;Win32.Virut.56;Cured.;

dtwsmtp.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\UFile 2007;Win32.Virut.56;Cured.;

ub1x3_07.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\UFile 2007;Win32.Virut.56;Incurable.Moved.;

ubxupdater.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\UFile 2007;Win32.Virut.56;Incurable.Moved.;

ufile.exe;C:\Documents and Settings\Jack\My Documents\Backup Information\Income Tax\UFile 2007;Win32.Virut.56;Incurable.Moved.;

setup.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Hauppauge - Version 3.4D1 with WinTV version 6\hauppauge_cd_3.4D1;Win32.Virut.56;Cured.;

hcwemmon.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Hauppauge - Version 3.4D1 with WinTV version 6\hauppauge_cd_3.4D1\Drivers\H;Win32.Virut.56;Cured.;

hcwemmon.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Hauppauge - Version 3.4D1 with WinTV version 6\hauppauge_cd_3.4D1\Drivers\H;Win32.Virut.56;Incurable.Moved.;

DDCHECK.EXE;C:\Documents and Settings\Jack\My Documents\Drivers\Hauppauge - Version 3.4D1 with WinTV version 6\hauppauge_cd_3.4D1\MISC\UTIL;Win32.Virut.56;Cured.;

PNPSCAN.EXE;C:\Documents and Settings\Jack\My Documents\Drivers\Hauppauge - Version 3.4D1 with WinTV version 6\hauppauge_cd_3.4D1\MISC\UTIL;Win32.Virut.56;Cured.;

loaddll.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Hauppauge - Version 3.4D1 with WinTV version 6\hauppauge_cd_3.4D1\MISC\UTIL;Win32.Virut.56;Cured.;

Setup.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Rocketfish Bluetooth Driver;Win32.Virut.56;Cured.;

BtserverSpylite.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Rocketfish Bluetooth Driver\Win32;Win32.Virut.56;Cured.;

Inst.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Rocketfish Bluetooth Driver\Win32;Win32.Virut.56;Incurable.Moved.;

Setup.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Rocketfish Bluetooth Driver\Win32;Win32.Virut.56;Cured.;

BtserverSpylite.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Rocketfish Bluetooth Driver\Win64;Win32.Virut.56;Cured.;

Inst.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Rocketfish Bluetooth Driver\Win64;Win32.Virut.56;Cured.;

Setup.exe;C:\Documents and Settings\Jack\My Documents\Drivers\Rocketfish Bluetooth Driver\Win64;Win32.Virut.56;Cured.;

twonkymediaserver.exe;C:\Documents and Settings\Jack\My Documents\My Torrents\Completed Downloads\PacketVideo TwonkyMedia 4.4.4\Crack;Win32.Virut.56;Incurable.Moved.;

Acrobat.com.exe;C:\Program Files\Adobe\Acrobat.com;Win32.Virut.56;Cured.;

LogTransport2.exe;C:\Program Files\Adobe\Reader 9.0\Reader;Win32.Virut.56;Cured.;

apcsystray.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

dac.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

Display.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

ehib.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

EventViewer.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

ExecuteProcess.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

force.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

potdata.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

PowerChute.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

worksafe.exe;C:\Program Files\APC\APC PowerChute Personal Edition;Win32.Virut.56;Cured.;

ArcRegister.exe;C:\Program Files\ArcSoft\MediaConverter 2;Win32.Virut.56;Cured.;

CheckUpdate.exe;C:\Program Files\ArcSoft\MediaConverter 2;Win32.Virut.56;Cured.;

MediaConverter.exe;C:\Program Files\ArcSoft\MediaConverter 2;Win32.Virut.56;Cured.;

PhotoStudio.exe;C:\Program Files\ArcSoft\PhotoStudio 5;Win32.Virut.56;Cured.;

ArcRegister.exe;C:\Program Files\ArcSoft\ShowBiz DVD 2;Win32.Virut.56;Cured.;

CancelAutoPlay.exe;C:\Program Files\ArcSoft\ShowBiz DVD 2;Win32.Virut.56;Cured.;

checkupdate.exe;C:\Program Files\ArcSoft\ShowBiz DVD 2;Win32.Virut.56;Cured.;

sbzSendMail.exe;C:\Program Files\ArcSoft\ShowBiz DVD 2;Win32.Virut.56;Cured.;

ShowBiz.exe;C:\Program Files\ArcSoft\ShowBiz DVD 2;Win32.Virut.56;Cured.;

Wizard.exe;C:\Program Files\ArcSoft\ShowBiz DVD 2;Win32.Virut.56;Cured.;

Print_Label.exe;C:\Program Files\ArcSoft\ShowBiz DVD 2\printlabel;Win32.Virut.56;Cured.;

FlvPlayer.exe;C:\Program Files\ArcSoft\Video Downloader;Win32.Virut.56;Cured.;

chreg.exe;C:\Program Files\Canon\CanoScan Toolbox Ver4.1;Win32.Virut.56;Cured.;

template.exe;C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources;Win32.Virut.56;Cured.;

IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Virut.56;Incurable.Moved.;

IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Virut.56;Cured.;

IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Virut.56;Cured.;

IKernel.exe;C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32;Win32.Virut.56;Cured.;

knlwrap.exe;C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32;Win32.Virut.56;Cured.;

DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32;Win32.Virut.56;Cured.;

DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32;Win32.Virut.56;Cured.;

DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32;Win32.Virut.56;Cured.;

DotNetInstaller.exe;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32;Win32.Virut.56;Cured.;

KHALMNPR.EXE;C:\Program Files\Common Files\Logishrd\CDDRV2;Win32.Virut.56;Cured.;

CdlsHand.exe;C:\Program Files\Common Files\Logitech\CdlsHand;Win32.Virut.56;Cured.;

WebColct.exe;C:\Program Files\Common Files\Logitech\WebColct;Win32.Virut.56;Cured.;

ARTGALRY.EXE;C:\Program Files\Common Files\Microsoft Shared\Artgalry;Win32.Virut.56;Cured.;

msinfo32.exe;C:\Program Files\Common Files\Microsoft Shared\MSInfo;Win32.Virut.56;Cured.;

ORGCHART.EXE;C:\Program Files\Common Files\Microsoft Shared\Orgchart;Win32.Virut.56;Cured.;

Uninstal.exe;C:\Program Files\Common Files\Microsoft Shared\Proof;Win32.Virut.56;Cured.;

sapisvr.exe;C:\Program Files\Common Files\Microsoft Shared\Speech;Win32.Virut.56;Cured.;

unpack200.exe;C:\Program Files\Common Files\Remote Control Software Common\jre\bin;Win32.Virut.56;Cured.;

SWIZARD.exe;C:\Program Files\Common Files\ScanSoft Shared;Win32.Virut.56;Cured.;

SsDbConnection.exe;C:\Program Files\Common Files\Sony Shared\AVLib;Win32.Virut.56;Cured.;

omginit.exe;C:\Program Files\Common Files\Sony Shared\OpenMG;Win32.Virut.56;Cured.;

OmgStartup.exe;C:\Program Files\Common Files\Sony Shared\OpenMG;Win32.Virut.56;Cured.;

regsvr32.exe;C:\Program Files\Common Files\Sony Shared\OpenMG;Win32.Virut.56;Cured.;

setup.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup;Win32.Virut.56;Cured.;

CheckComponentRegister.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

GetOmgInfoForCS.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

InstallCheckTool.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

CheckComponentRegister.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\OmgCore4.7.00.12140\4.7-07-13-22-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

GetOmgInfoForCS.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\OmgCore4.7.00.12140\4.7-07-13-22-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

InstallCheckTool.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\OmgCore4.7.00.12140\4.7-07-13-22-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

CheckComponentRegister.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

GetOmgInfoForCS.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

InstallCheckTool.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

setup.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\LPTemp\OMGLP-07-14-05-01;Win32.Virut.56;Cured.;

CheckComponentRegister.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\LPTemp\OMGLP-07-14-05-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

GetOmgInfoForCS.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\LPTemp\OMGLP-07-14-05-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

InstallCheckTool.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\LPTemp\OMGLP-07-14-05-01\OpenMG\InstallChecker;Win32.Virut.56;Cured.;

udapp.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\updater;Win32.Virut.56;Cured.;

udconf.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\updater;Win32.Virut.56;Cured.;

udlaunch.exe;C:\Program Files\Common Files\Sony Shared\OpenMG\updater;Win32.Virut.56;Cured.;

StopMusicServer.exe;C:\Program Files\Common Files\Sony Shared\StopMusicServer;Win32.Virut.56;Cured.;

FreeRARExtractFrog.exe;C:\Program Files\Free RAR Extract Frog;Win32.Virut.56;Cured.;

browser.exe;C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin;Win32.Virut.56;Cured.;

printpcl.exe;C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin;Win32.Virut.56;Cured.;

prnconf.exe;C:\Program Files\Hewlett-Packard\HP Print Screen\HP Print Screen;Win32.Virut.56;Cured.;

prnsys.exe;C:\Program Files\Hewlett-Packard\HP Print Screen\HP Print Screen;Win32.Virut.56;Cured.;

DoReboot.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;

enum.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;

HPUpdateUtility.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;

hpwuSchd.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;

shellExWin.exe;C:\Program Files\Hewlett-Packard\HP Software Update;Win32.Virut.56;Cured.;

hpzglu09.exe;C:\Program Files\Hewlett-Packard\hpz\glue;Win32.Virut.56;Cured.;

hpfpdi09.exe;C:\Program Files\Hewlett-Packard\hpz\glue\util\common;Win32.Virut.56;Cured.;

hpzghl09.exe;C:\Program Files\Hewlett-Packard\hpz\glue\util\common;Win32.Virut.56;Cured.;

hpzpin09.exe;C:\Program Files\Hewlett-Packard\hpz\glue\util\common;Win32.Virut.56;Cured.;

hpqtax08.exe;C:\Program Files\Hewlett-Packard\webreg\bin;Win32.Virut.56;Cured.;

hpqwrg.exe;C:\Program Files\Hewlett-Packard\webreg\bin;Win32.Virut.56;Cured.;

launch.exe;C:\Program Files\HP DVD\ARS;Win32.Virut.56;Cured.;

Uninstall.exe;C:\Program Files\HP DVD\Support;Win32.Virut.56;Cured.;

HPInfo.exe;C:\Program Files\HP DVD\Troubleshooting;Win32.Virut.56;Cured.;

tslaunch.exe;C:\Program Files\HP DVD\Troubleshooting;Win32.Virut.56;Cured.;

DVDBitSet.exe;C:\Program Files\HP DVD\Umbrella;Win32.Virut.56;Cured.;

DVDCheck.exe;C:\Program Files\HP DVD\Umbrella;Win32.Virut.56;Cured.;

DVDFormat.exe;C:\Program Files\HP DVD\Umbrella;Win32.Virut.56;Cured.;

DVDTray.exe;C:\Program Files\HP DVD\Umbrella;Win32.Virut.56;Cured.;

MyDrive.exe;C:\Program Files\HP DVD\Umbrella;Win32.Virut.56;Cured.;

stoptray.exe;C:\Program Files\HP DVD\Umbrella;Win32.Virut.56;Cured.;

PrintManual.exe;C:\Program Files\HP DVD\UsersGuide;Win32.Virut.56;Cured.;

PINSTALL.EXE;C:\Program Files\InstallShield Installation Information\PC-Doctor;Win32.Virut.56;Cured.;

SETUP.EXE;C:\Program Files\InstallShield Installation Information\PC-Doctor;Win32.Virut.56;Cured.;

SETUP.EXE;C:\Program Files\InstallShield Installation Information\PC-Doctor\CUI;Win32.Virut.56;Cured.;

SETUP.EXE;C:\Program Files\InstallShield Installation Information\PC-Doctor\Diagnostics;Win32.Virut.56;Cured.;

SETUP.EXE;C:\Program Files\InstallShield Installation Information\PC-Doctor\Services;Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{067D27FF-720F-421F-80E9-CF724DC5E072};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{6332AE1B-FD23-4448-B237-A63900602D72};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{7C21EEE0-E6FD-11D4-BD19-00D0B702AEC0};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350};Win32.Virut.56;Cured.;

shutdown.exe;C:\Program Files\InstallShield Installation Information\{CCD663AE-610D-4BDF-AAB0-E914B044527D};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{CE636486-7E13-4051-9067-AFC4E1B8F54E};Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\InstallShield Installation Information\{CFF08881-43E4-4082-91C4-0E17F82E849D};Win32.Virut.56;Cured.;

setup.exe;C:\Program Files\InstallShield Installation Information\{EB010408-D6F4-453E-AA83-96E0EAA65D53};Win32.Virut.56;Cured.;

icwconn1.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

icwconn2.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

icwrmind.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

icwtutor.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

isignup.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.;

ac3config.exe;C:\Program Files\K-Lite Codec Pack\Filters;Win32.Virut.56;Cured.;

gdsmux.exe;C:\Program Files\K-Lite Codec Pack\Filters\Haali;Win32.Virut.56;Cured.;

mplayerc.exe;C:\Program Files\K-Lite Codec Pack\Media Player Classic;Win32.Virut.56;Cured.;

mpclauncher.exe;C:\Program Files\K-Lite Codec Pack\Real;Win32.Virut.56;Cured.;

settings.exe;C:\Program Files\K-Lite Codec Pack\Real;Win32.Virut.56;Cured.;

CodecTweakTool.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Virut.56;Cured.;

dsconfig.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Virut.56;Incurable.Moved.;

graphstudio.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Virut.56;Cured.;

mediainfo.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Virut.56;Cured.;

StatsReader.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Virut.56;Cured.;

VobSubStrip.exe;C:\Program Files\K-Lite Codec Pack\Tools;Win32.Virut.56;Cured.;

gspot.exe;C:\Program Files\K-Lite Codec Pack\Tools\gspot;Win32.Virut.56;Cured.;

bwUnin.exe;C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install;Win32.Virut.56;Cured.;

LiteInst.exe;C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install;Win32.Virut.56;Cured.;

register.exe;C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program;Win32.Virut.56;Cured.;

Restart.exe;C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program;Win32.Virut.56;Cured.;

Sprite6.exe;C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program;Win32.Virut.56;Cured.;

wtsisctd.exe;C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program;Win32.Virut.56;Cured.;

iTouchcf.exe;C:\Program Files\Logitech\iTouch;Win32.Virut.56;Cured.;

lcamera.exe;C:\Program Files\Logitech\iTouch;Win32.Virut.56;Cured.;

regupdt.exe;C:\Program Files\Logitech\iTouch;Win32.Virut.56;Cured.;

secloc.exe;C:\Program Files\Logitech\iTouch;Win32.Virut.56;Cured.;

java.exe;C:\Program Files\Logitech\Logitech Harmony Remote Software 7\jre\bin;Win32.Virut.56;Cured.;

pack200.exe;C:\Program Files\Logitech\Logitech Harmony Remote Software 7\jre\bin;Win32.Virut.56;Cured.;

IeEmbed.exe;C:\Program Files\Logitech\Logitech Harmony Remote Software 7\lib\jdic\windows\x86;Win32.Virut.56;Cured.;

MozEmbed.exe;C:\Program Files\Logitech\Logitech Harmony Remote Software 7\lib\jdic\windows\x86;Win32.Virut.56;Cured.;

ProdEnum.exe;C:\Program Files\Logitech\QuickCamWebInstall\Redist\MSI31;Win32.Virut.56;Cured.;

LvAudInfo.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt;Win32.Virut.56;Cured.;

amcap8.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\CaptureTest;Win32.Virut.56;Cured.;

CleanupDS9.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\CleanupDS9;Win32.Virut.56;Cured.;

CleanupIS6.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\CleanupIS6;Win32.Virut.56;Cured.;

CleanupQC10_32.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\CleanupQC10;Win32.Virut.56;Cured.;

CleanupQC10_64.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\CleanupQC10;Win32.Virut.56;Cured.;

CleanupQC9.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\CleanupQCam9;Win32.Virut.56;Cured.;

lvcomt.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\HWTools;Win32.Virut.56;Cured.;

LVtest.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\HWTools;Win32.Virut.56;Cured.;

knlwrap.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\IS6Engine;Win32.Virut.56;Cured.;

Setup.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\IS6Engine;Win32.Virut.56;Cured.;

CleanINF.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\MiscTools;Win32.Virut.56;Cured.;

MSIZap.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\MiscTools;Win32.Virut.56;Cured.;

ShutDown.exe;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\MiscTools;Win32.Virut.56;Cured.;

RemoveAEC32.EXE;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\RemoveAEC;Win32.Virut.56;Cured.;

RemoveAEC64.EXE;C:\Program Files\Logitech\QuickCamWebInstall\techsupt\RemoveAEC;Win32.Virut.56;Cured.;

Connect.exe;C:\Program Files\Logitech\SetPoint;Win32.Virut.56;Cured.;

mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.Virut.56;Cured.;

msmsgsin.exe;C:\Program Files\Messenger;Win32.Virut.56;Cured.;

EXCEL.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

FINDER.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

FINDFAST.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

GRAPH8.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

MSACCESS.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

MSOFFICE.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

OSA.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

OUTLOOK.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

POWERPNT.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

SCHDPL32.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

SENDFILE.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

WINWORD.EXE;C:\Program Files\Microsoft Office\Office;Win32.Virut.56;Cured.;

moviemk.exe;C:\Program Files\Movie Maker;Win32.Virut.56;Incurable.Moved.;

bckgzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

chkrzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

hrtzzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

Rvsezm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

shvlzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

zClientm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.;

mpegmux.exe;C:\Program Files\nanoPEG for WinTV\nanoPEG Editor;Win32.Virut.56;Cured.;

nanoEdit.exe;C:\Program Files\nanoPEG for WinTV\nanoPEG Editor;Win32.Virut.56;Cured.;

cb32.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;

conf.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;

wb32.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.;

msimn.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;

oemig50.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;

wab.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;

wabmig.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.;

Pcdrw32.exe;C:\Program Files\PC-Doctor for Windows;Win32.Virut.56;Cured.;

DeviceReferenceServer.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDr2D3DVideo.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrAvi.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PcDrCdDrive.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Incurable.Moved.;

PCDrCdRw.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrCMOS.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrCPU.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrDvdDrive.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrDvdRamDrive.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrDvdRw.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrFloppy.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PcDrHardDrive.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrJoystick.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrKeyboard.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PcDrLSDrive.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrMemory.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrMicrophone.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrModem.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Incurable.Moved.;

PCDrMonitor.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrMouse.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrNetwork.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrParallelPort.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrPCCard.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Incurable.Moved.;

PCDrPCI.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrPrinter.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrSCSI.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrSerialPort.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrSmart.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PcdrSystemBoard.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Incurable.Moved.;

PCDrUSB.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PCDrWav.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

PcDrZipDrive.exe;C:\Program Files\PC-Doctor for Windows\Diagnostics;Win32.Virut.56;Cured.;

java.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

javaw.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

jinstall.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

keytool.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

orbd.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

policytool.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

rmid.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

servertool.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

tnameserv.exe;C:\Program Files\PC-Doctor for Windows\Java\jre\bin;Win32.Virut.56;Cured.;

EventsPublisherServer.exe;C:\Program Files\PC-Doctor for Windows\Services;Win32.Virut.56;Cured.;

PCDrCMD.exe;C:\Program Files\PC-Doctor for Windows\Services;Win32.Virut.56;Incurable.Moved.;

PCDrEngine.exe;C:\Program Files\PC-Doctor for Windows\Services;Win32.Virut.56;Cured.;

RegRGS.exe;C:\Program Files\PC-Doctor for Windows\Services;Win32.Virut.56;Cured.;

pg2.exe;C:\Program Files\PeerGuardian2;Win32.Virut.56;Cured.;

pgfix.exe;C:\Program Files\PeerGuardian2;Win32.Virut.56;Cured.;

OmniPage.exe;C:\Program Files\ScanSoft\OmniPageSE;Win32.Virut.56;Cured.;

opware32.exe;C:\Program Files\ScanSoft\OmniPageSE;Win32.Virut.56;Cured.;

Schedule.exe;C:\Program Files\ScanSoft\OmniPageSE;Win32.Virut.56;Cured.;

ScheduleTimer.exe;C:\Program Files\ScanSoft\OmniPageSE;Win32.Virut.56;Cured.;

SetRgOP.exe;C:\Program Files\ScanSoft\OmniPageSE;Win32.Virut.56;Cured.;

SetRgScn.exe;C:\Program Files\ScanSoft\OmniPageSE;Win32.Virut.56;Cured.;

xocr32b.exe;C:\Program Files\ScanSoft\OmniPageSE;Win32.Virut.56;Cured.;

IEHost.exe;C:\Program Files\ScanSoft\OmniPageSE\EregEng;Win32.Virut.56;Cured.;

NAVBrowser.exe;C:\Program Files\ScanSoft\OmniPageSE\EregEng;Win32.Virut.56;Incurable.Moved.;

passwordgenerator.exe;C:\Program Files\Siber Systems\AI RoboForm;Win32.Virut.56;Cured.;

CopyInf.exe;C:\Program Files\Sony\Personal Audio Driver;Win32.Virut.56;Cured.;

UnUsb.exe;C:\Program Files\Sony\Personal Audio Driver;Win32.Virut.56;Cured.;

JETCOMP.exe;C:\Program Files\Sony\SonicStage;Win32.Virut.56;Cured.;

SDShred.exe;C:\Program Files\Spybot - Search & Destroy;Win32.Virut.56;Cured.;

HijackThis.exe;C:\Program Files\Trend Micro\HijackThis;Win32.Virut.56;Cured.;

curl.exe;C:\Program Files\TVersity\Media Server;Win32.Virut.56;Cured.;

dcrawMS.exe;C:\Program Files\TVersity\Media Server;Win32.Virut.56;Incurable.Moved.;

GUILaunch.exe;C:\Program Files\TVersity\Media Server;Win32.Virut.56;Cured.;

MShare.exe;C:\Program Files\TVersity\Media Server;Win32.Virut.56;Cured.;

Dashboard.exe;C:\Program Files\Windows Live\installer;Win32.Virut.56;Cured.;

wmccds.exe;C:\Program Files\Windows Media Connect 2;Win32.Virut.56;Cured.;

WMCCFG.exe;C:\Program Files\Windows Media Connect 2;Win32.Virut.56;Cured.;

dlimport.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

migrate.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

mplayer2.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

setup_wm.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmdbexport.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmlaunch.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Incurable.Moved.;

wmpenc.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmplayer.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmpnscfg.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmpshare.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

wmsetsdk.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.;

EXCHNG32.EXE;C:\Program Files\Windows Messaging;Win32.Virut.56;Cured.;

NEWPROF.EXE;C:\Program Files\Windows Messaging;Win32.Virut.56;Cured.;

SCANPST.EXE;C:\Program Files\Windows Messaging;Win32.Virut.56;Cured.;

hypertrm.exe;C:\Program Files\Windows NT;Win32.Virut.56;Cured.;

wordpad.exe;C:\Program Files\Windows NT\Accessories;Win32.Virut.56;Cured.;

pinball.exe;C:\Program Files\Windows NT\Pinball;Win32.Virut.56;Cured.;

BGRecorder.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

exec.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

hcw.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWCaptureBase.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWPlugin23xxx.exe;C:\Program Files\WinTV;Win32.Virut.56;Incurable.Moved.;

HCWPlugin2402x.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWPlugin29xxx.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWPlugin652xx.exe;C:\Program Files\WinTV;Win32.Virut.56;Incurable.Moved.;

HCWPlugin70xxc.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWPlugin74xxx.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWPlugin93xxx.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWPlugin95001.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWPlugin96xxx.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

HCWPlugin99xxx.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

IRBlasterCfg.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

loaddll.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

pnpscan.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

Primary.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

UNir32.EXE;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

UNirblst.EXE;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

uniTvSrv.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

UNTV6.EXE;C:\Program Files\WinTV;Win32.Virut.56;Incurable.Moved.;

WinTV.exe;C:\Program Files\WinTV;Win32.Virut.56;Cured.;

pvrfile_applet.exe;C:\Program Files\WinTV\Scheduler;Win32.Virut.56;Cured.;

scheduler.exe;C:\Program Files\WinTV\Scheduler;Win32.Virut.56;Cured.;

StayAwake.exe;C:\Program Files\WinTV\Scheduler;Win32.Virut.56;Cured.;

TitanTV.exe;C:\Program Files\WinTV\Scheduler;Win32.Virut.56;Cured.;

uniSCHED.exe;C:\Program Files\WinTV\Scheduler;Win32.Virut.56;Cured.;

bwUnin-8.1.1.50-8876480SL.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

hh.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

IsUninst.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

notepad.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

regedit.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

slrundll.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

TASKMAN.EXE;C:\WINDOWS;Win32.Virut.56;Cured.;

twunk_32.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

winhlp32.exe;C:\WINDOWS;Win32.Virut.56;Cured.;

tzchange.exe;C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE;Win32.Virut.56;Cured.;

cscript.exe;C:\WINDOWS\$hf_mig$\KB951978\SP3QFE;Win32.Virut.56;Cured.;

wscript.exe;C:\WINDOWS\$hf_mig$\KB951978\SP3QFE;Win32.Virut.56;Cured.;

tzchange.exe;C:\WINDOWS\$hf_mig$\KB955839\SP3QFE;Win32.Virut.56;Cured.;

accwiz.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

actmovie.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

admin.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

agentsvr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

ahui.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

alg.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

aspnet_regiis.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

aspnet_wp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

asr_fmt.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

asr_pfu.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

at.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

atmadm.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

attrib.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

auditusr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

author.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

blastcln.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

bootcfg.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cacls.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cfgwiz.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cipher.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cisvc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cleanmgr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cliconfg.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

clipbrd.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

clipsrv.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cmd.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cmdl32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cmmon32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cmstp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

comrepl.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

comrereg.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

comsdupd.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

conf.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

conime.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

cscript.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ctfmon.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

davcdata.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dcomcnfg.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ddeshare.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

defrag.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dfrgfat.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dfrgntfs.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dialer.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

diantz.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

diskpart.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dlimport.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dllhost.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dmadmin.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dmremote.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dplaysvr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dpnsvr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dpvsetup.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

driverquery.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

drvqry.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dumprep.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dvdupgrd.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dwwin.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

dxdiag.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

eudcedit.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

evcreate.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

eventcreate.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

eventtriggers.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

evntcmd.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

evntwin.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

evtrig.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

explorer.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

extrac32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

faxpatch.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

findstr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fltmc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fontview.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

forcedos.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fp98sadm.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fp98swin.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fpadmcgi.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fpcount.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fpremadm.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fpsrvadm.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fsquirt.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ftp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fxsclnt.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fxscover.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

fxssvc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

getmac.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

gpresult.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

gprslt.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

grpconv.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

help.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

helpctr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

helpsvc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

hh.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

hscupd.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

icwconn1.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

icwconn2.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

icwrmind.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ie4uinit.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

iedw.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ieexec.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

iexplore.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

iexpress.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

iisrstas.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

imapi.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

inetin51.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

inetwiz.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ipconfig.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ipv6.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ipxroute.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

irftp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

locator.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

logagent.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

logman.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

logon.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

logonui.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

lsass.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

magnify.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

makecab.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

migload.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

migrate.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

migregdb.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

migwiz.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mmc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mnmsrvc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mobsync.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mofcomp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

moviemk.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

mplay32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

mplayer2.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mqbkup.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mqsvc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mqtgsvc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

msconfig.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

msdtc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

Link to post
Share on other sites

Part 2

mshta.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

msiexec.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

msimn.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

msiregmv.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

msmsgs.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

msoobe.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mspaint.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mstinit.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mstsc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

mtstocom.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

muisetup.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

narrator.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

nddeapir.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

net.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

net1.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

netdde.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

netfxupdate.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

netsetup.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

netsh.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

netstat.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

notepad.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

nppagent.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

nslookup.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ntbackup.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ntvdm.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

odbcad32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

odbcconf.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

oemig50.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

oobebaln.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

openfiles.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

opnfiles.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

osk.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

packager.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

perfmon.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

pinball.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ping.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

pintlphr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

powercfg.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

progman.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

proquota.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

proxycfg.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

qprocess.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rasphone.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rcimlby.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rcp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rdpclip.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rdsaddin.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rdshost.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

reg.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

regedit.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

regsvr32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rexec.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rsh.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rsnotify.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rstrui.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rtcshare.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

rundll32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

runonce.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

savedump.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

scardsvr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

schtasks.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

scrcons.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

scrnsave.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sctasks.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sdbinst.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

secedit.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

services.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sessmgr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sethc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

setregni.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

setup.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

setup50.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

setup_wm.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

shmgrate.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

shrpubw.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

shtml.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

shutdown.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sigverif.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

skeys.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

slrundll.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

slserv.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

smbinst.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

smi2smir.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

smlogsvc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sndrec32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

snmp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

snmptrap.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sort.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

spdwnwxp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

spider.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

spiisupd.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

spnpinst.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

spoolsv.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

spupdwxp.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ss3dfo.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ssbezier.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ssflwbox.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ssmarque.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ssmypics.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ssmyst.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sspipes.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ssstars.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sstext3d.scr;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

stimon.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

stub_fpsrvadm.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

stub_fpsrvwin.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

svchost.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sysinfo.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

sysocmgr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

systeminfo.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

taskkill.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tasklist.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

taskmgr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tcptest.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

telnet.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tlntadmn.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tlntsess.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tlntsvr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

togac.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tourstart.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tourstrt.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tp4mon.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tracerpt.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

tracert.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

unregmp2.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

uploadm.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

upnpcont.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

ups.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

userinit.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

utilman.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

vssvc.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wab.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wabmig.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wbemtest.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wextract.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wiaacmgr.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

winhlp32.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

winlogon.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

winver.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wmiadap.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wmiapsrv.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wmic.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wmiprvse.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wmplayer.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wordpad.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Incurable.Moved.;

wpabaln.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wpnpinst.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wscntfy.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wscript.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wuauclt.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

wuauclt1.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

xcopy.exe;C:\WINDOWS\$NtServicePackUninstall$;Win32.Virut.56;Cured.;

unregmp2.exe;C:\WINDOWS\$NtUninstallKB939683$;Win32.Virut.56;Cured.;

tzchange.exe;C:\WINDOWS\$NtUninstallKB951072-v2$;Win32.Virut.56;Cured.;

cscript.exe;C:\WINDOWS\$NtUninstallKB951978$;Win32.Virut.56;Cured.;

wscript.exe;C:\WINDOWS\$NtUninstallKB951978$;Win32.Virut.56;Cured.;

logagent.exe;C:\WINDOWS\$NtUninstallKB952069_WM9$;Win32.Virut.56;Cured.;

tzchange.exe;C:\WINDOWS\$NtUninstallKB955839$;Win32.Virut.56;Cured.;

logagent.exe;C:\WINDOWS\$NtUninstallWMFDist11$;Win32.Virut.56;Cured.;

setup_wm.exe;C:\WINDOWS\$NtUninstallwmp11$;Win32.Virut.56;Cured.;

unregmp2.exe;C:\WINDOWS\$NtUninstallwmp11$;Win32.Virut.56;Cured.;

wmplayer.exe;C:\WINDOWS\$NtUninstallwmp11$;Win32.Virut.56;Cured.;

places.exe;C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227};Win32.Virut.56;Cured.;

_732A24CA4EEB_47FE_B264_4860EBF0B061.exe;C:\WINDOWS\Installer\{6249C22D-E6A8-407B-BA8B-40298848ED94};Win32.Virut.56;Cured.;

icon.exe;C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71};Win32.Virut.56;Cured.;

NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe;C:\WINDOWS\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2};Win32.Virut.56;Cured.;

NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe;C:\WINDOWS\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2};Win32.Virut.56;Cured.;

NETFXSBS10.exe;C:\WINDOWS\Microsoft.NET\Framework;Win32.Virut.56;Cured.;

aspnet_compiler.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

aspnet_regbrowsers.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

aspnet_regsql.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

CasPol.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

dfsvc.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

IEExec.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

InstallUtil.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

jsc.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

MSBuild.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

RegAsm.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

RegSvcs.exe;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;Win32.Virut.56;Cured.;

agentsvr.exe;C:\WINDOWS\msagent;Win32.Virut.56;Cured.;

muisetup.exe;C:\WINDOWS\mui;Win32.Virut.56;Cured.;

helpctr.exe;C:\WINDOWS\PCHealth\HelpCtr\Binaries;Win32.Virut.56;Cured.;

HelpHost.exe;C:\WINDOWS\PCHealth\HelpCtr\Binaries;Win32.Virut.56;Cured.;

helpsvc.exe;C:\WINDOWS\PCHealth\HelpCtr\Binaries;Win32.Virut.56;Cured.;

hscupd.exe;C:\WINDOWS\PCHealth\HelpCtr\Binaries;Win32.Virut.56;Cured.;

msconfig.exe;C:\WINDOWS\PCHealth\HelpCtr\Binaries;Win32.Virut.56;Cured.;

notiflag.exe;C:\WINDOWS\PCHealth\HelpCtr\Binaries;Win32.Virut.56;Cured.;

uploadm.exe;C:\WINDOWS\PCHealth\UploadLB\Binaries;Win32.Virut.56;Cured.;

accwiz.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

actmovie.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

admin.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

agentsvr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

ahui.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

alg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

aspnet_regiis.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

aspnet_state.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

aspnet_wp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

asr_fmt.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

asr_pfu.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

at.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

atmadm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

attrib.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

auditusr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

author.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

blastcln.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

bootcfg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cacls.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

caspol.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cfgwiz.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cipher.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cisvc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cleanmgr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cliconfg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

clipbrd.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

clipsrv.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cmd.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cmdl32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cmmon32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cmstp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

comrepl.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

comrereg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

comsdupd.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

conf.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

conime.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

csc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cscript.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ctfmon.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

davcdata.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dcomcnfg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ddeshare.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

defrag.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dfrgfat.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dfrgntfs.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dialer.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

diantz.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

diskpart.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dlimport.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dllhost.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dmadmin.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dmremote.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dplaysvr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dpnsvr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dpvsetup.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

drvqry.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dumprep.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dvdupgrd.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dwwin.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

dxdiag.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

eudcedit.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

evcreate.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

evntcmd.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

evntwin.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

evtrig.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

explorer.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

extrac32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

faxpatch.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

findstr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fltmc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fontview.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

forcedos.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fp98sadm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fp98swin.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fpadmcgi.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fpcount.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fpremadm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fpsrvadm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fsquirt.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ftp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fxsclnt.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fxscover.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

fxssvc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

getmac.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

gprslt.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

grpconv.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

help.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

helpctr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

helpsvc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

hh.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

hscupd.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

icwconn1.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

icwconn2.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

icwrmind.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ie4uinit.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

iedw.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ieexec.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

iexplore.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

iexpress.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

iisrstas.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ilasm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

imapi.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

inetin51.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

inetwiz.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

installutil.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ipconfig.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ipv6.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ipxroute.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

irftp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

jsc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

lhmstsc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

locator.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

logagent.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

logman.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

logon.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

logonui.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

lsass.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

magnify.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

makecab.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

migload.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

migrate.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

migregdb.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

migwiz.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

migwiza.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

migwiz_a.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mmc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

mmcperf.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mnmsrvc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mobsync.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mofcomp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

moviemk.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

mplay32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mplayer2.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mqbkup.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mqsvc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mqtgsvc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

msconfig.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

msdtc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mshta.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

msiexec.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

msimn.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

msiregmv.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

msmsgs.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

msoobe.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mspaint.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mstinit.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

mstsc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

mtstocom.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

muisetup.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

napstat.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

narrator.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

nddeapir.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

net.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

net1.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

netdde.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

netsetup.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

netsh.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

netstat.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ngen.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

notepad.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

nppagent.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

nslookup.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ntbackup.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ntvdm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

odbcad32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

odbcconf.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

oemig50.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

oobebaln.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

opnfiles.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

osk.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

packager.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

perfmon.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

pinball.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ping.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

powercfg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

progman.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

proquota.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

proxycfg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

qprocess.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rasphone.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rcimlby.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rcp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rdpclip.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rdsaddin.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rdshost.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

reg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

regasm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

regedit.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

regsvcs.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

regsvr32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rexec.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rsh.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rsnotify.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rstrui.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rtcshare.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

rundll32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

runonce.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

savedump.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

scardsvr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

scrcons.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

scrnsave.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sctasks.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sdbinst.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

secedit.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

services.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sessmgr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sethc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

setup.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

setup50.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

setupn.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

setup_wm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

shmgrate.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

shrpubw.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

shtml.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

shutdown.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sigverif.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

skeys.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

slrundll.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

slserv.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

smbinst.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

smi2smir.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

smlogsvc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sndrec32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

snmp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

snmptrap.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sort.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

spdwnwxp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

spider.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

spiisupd.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

spnpinst.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

spoolsv.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

spupdwxp.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ss3dfo.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

ssbezier.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ssflwbox.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ssmarque.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ssmypics.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ssmyst.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sspipes.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ssstars.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sstext3d.scr;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

stimon.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

stub_fpsrvadm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

stub_fpsrvwin.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

svchost.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sysinfo.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

sysocmgr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

taskkill.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tasklist.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

taskmgr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tcptest.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

telnet.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tlntadmn.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tlntsess.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tlntsvr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tourstrt.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tp4mon.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tracerpt.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

tracert.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tscupgrd.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

tzchange.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

unregmp2.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

uploadm.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

upnpcont.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

ups.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

userinit.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

utilman.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

vbc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

verclsid.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

vssvc.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wab.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wabmig.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wbemtest.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wextract.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wiaacmgr.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

winhlp32.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Incurable.Moved.;

winlogon.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

winver.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wmiadap.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wmiapsrv.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wmic.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wmiprvse.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wmplayer.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wordpad.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wpabaln.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wpnpinst.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wscntfy.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wscript.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wuauclt.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

wuauclt1.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

xcopy.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

xpnetdg.exe;C:\WINDOWS\ServicePackFiles\i386;Win32.Virut.56;Cured.;

cintsetp.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

cplexe.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

imjpdct.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Incurable.Moved.;

imjpdsvr.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

imjpinst.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

imjpmig.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

imjprw.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

imjputy.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

imscinst.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

pintlphr.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

tintlphr.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

tintsetp.exe;C:\WINDOWS\ServicePackFiles\i386\lang;Win32.Virut.56;Cured.;

msmsgs.exe;C:\WINDOWS\ServicePackFiles\ServicePackCache\i386;Win32.Virut.56;Cured.;

18.tmp;C:\WINDOWS\system32;Trojan.Spambot.3584;Deleted.;

1F.tmp;C:\WINDOWS\system32;Trojan.Spambot.4339;Deleted.;

22.tmp;C:\WINDOWS\system32;Trojan.Spambot.4339;Deleted.;

27.tmp;C:\WINDOWS\system32;Win32.Virut.56;Deleted.;

4.tm_;C:\WINDOWS\system32;Trojan.Spambot.4339;Deleted.;

42.tmp;C:\WINDOWS\system32;Trojan.Spambot.4339;Deleted.;

accwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

actmovie.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

arp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

asr_fmt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

asr_ldm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

asr_pfu.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

at.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

atmadm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

attrib.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

auditusr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

blastcln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

bootcfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

bootvrfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cacls.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

calc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

charmap.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

chkdsk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

chkntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cidaemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cipher.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ckcnv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cleanmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cliconfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

clipbrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

clspack.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cmd(2).exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cmdl32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cmmon32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

cmstp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

CNFNOT32.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

comp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

compact.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

comsdupd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

conime.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

CONVDSN.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

convert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

crsfld.dll;C:\WINDOWS\system32;Trojan.Juan.84;Deleted.;

cscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ctfmon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dcomcnfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ddeshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

defrag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dfrgfat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dfrgntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

diantz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

diskpart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

diskperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dllhst3g.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dmremote.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

doskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dplaysvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dpnsvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

driverquery.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

drmupgds.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dvdplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dvdupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dwwin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

dxdiag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

esentutl.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

eudcedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

eventcreate.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

eventtriggers.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

eventvwr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

expand.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

extrac32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

find.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

findstr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

finger.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fixmapi.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fltmc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fontview.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

forcedos.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

freecell.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fsquirt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

fsutil.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

gcc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

gcc.exe;C:\WINDOWS\system32;Trojan.Spambot.2424;Deleted.;

getmac.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

gpresult.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

gpupdate.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

grpconv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

help.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

hostname.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

iexpress.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ipconfig.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ipv6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ipxroute.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

jdbgmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

jview.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

KEYEX32.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

keystone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

label.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

lnkstub.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

lodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

logagent.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

logman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

logoff.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

lpq.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

lpr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

magnify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

MAPISP32.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

MAPISRVR.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

migpwd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mmc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mmcperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mountvol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mplay32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mpnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mqbkup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mqsvc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mqtgsvc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mrinfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

msg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mshearts.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mshta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mspaint.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

msswchx.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mstinit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

mstsc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

napstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

narrator.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nbtstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nddeapir.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

net.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

net1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

netsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

netsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

netstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

notepad.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nslookup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ntbackup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ntvdm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nvcolor.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nvdspsch.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

nwscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

odbcad32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

odbcconf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

openfiles.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

osk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

osuninst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

packager.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

pathping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

pekimevo.dll;C:\WINDOWS\system32;Trojan.Virtumod.1635;Deleted.;

pentnt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

perfmon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ping6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

powercfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

print.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

progman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

PROMon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

proquota.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

Prounstl.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

proxycfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

pururuha.dll;C:\WINDOWS\system32;Trojan.Juan.84;Deleted.;

qappsrv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

qprocess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

qwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rasautou.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rasdial.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rasphone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rcimlby.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rcp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rdpclip.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rdshost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

recover.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

reg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

regedt32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

regini.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

regwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

relog.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

replace.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

reset.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rexec.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

route.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

routemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsmsink.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsmui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rsopprov.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rtcshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

runas.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

runonce.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

rwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

savedump.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

schtasks.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

scrnsave.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sdbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

secedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sethc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

setup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

setupn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sfc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

shadow.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

shrpubw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

shutdown.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sigverif.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

skeys.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

slrundll.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

slserv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

smbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sndrec32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sndvol32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sort.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

spdwnwxp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

spider.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

spiisupd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

spnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

spupdwxp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ss3dfo.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssbezier.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssflwbox.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssmarque.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssmypics.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

ssmyst.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sspipes.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sstext3d.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

stimon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

subst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

syskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

sysocmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

systeminfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

systray.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

taskkill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tasklist.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

taskman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

taskmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tcmsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

telnet.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tlntadmn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tlntsess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tourstart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tracerpt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tracert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tracert6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tscupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tsdiscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tskill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tsshutdn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

typeperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

tzchange.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

unlodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

usrmlnka.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

usrprbda.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

usrshuta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

utilman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

uwdf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

verclsid.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

verifier.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

vssadmin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

w32tm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wdfmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wextract.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wiaacmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

winhlp32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

winmine.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

winmsd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

winver.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wjview.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wmpstub.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wotalape.dll;C:\WINDOWS\system32;Trojan.Virtumod.1643;Deleted.;

wpabaln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wpdshextautoplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wpnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

write.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

WRKGADM.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wscntfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wuauclt1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

WudfHost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

wupdmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

xcopy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.;

zicykma.dll;C:\WINDOWS\system32;Probably Trojan.Packed.196;;

comrepl.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;

comrereg.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.;

abb[1].txt;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\203H58IW;Trojan.DownLoad.29459;Deleted.;

ge[1].txt;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ROA1QOGD;Trojan.Spambot.3584;Deleted.;

arp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

asr_ldm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

bckgzm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

bootok.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

bootvrfy.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

calc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Incurable.Moved.;

cb32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

change.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

charmap.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

chglogon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

chgport.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

chgusr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

chkdsk.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

chkntfs.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

chkrzm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

cidaemon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

cintsetp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

ckcnv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

comp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

compact.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

control.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

convert.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

convlog.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

cplexe.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

cprofile.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

cscript.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

diskperf.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

dlimport.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

dllhst3g.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

doskey.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

drwtsn32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

esentutl.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

eventvwr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

EXCH_regtrace.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

expand.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

fc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

find.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

finger.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

fixmapi.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

flattemp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

freecell.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

fsutil.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

fxssend.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

gpupdate.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

helphost.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

hostname.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

hrtzzm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

icwtutor.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

iisreset.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

iissync.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imekrmig.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imepadsv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Incurable.Moved.;

imjpdadm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imjpdct.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imjpdsvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imjpinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imjpmig.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imjprw.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imjpuex.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imjputy.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Incurable.Moved.;

imkrinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

imscinst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

inetmgr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

ipsec6.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

isignup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

label.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

lights.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

lnkstub.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

lodctr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

logagent.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

logoff.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

lpq.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

lpr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

migisol.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

migrate.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

mountvol.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

mplay32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

mplayer2.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

mpnotify.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

mrinfo.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

msg.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

mshearts.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

msinfo32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

msswchx.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

nbtstat.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

ndis.sys;C:\WINDOWS\system32\dllcache;Trojan.NtRootKit.2670;Deleted.;

notiflag.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

ntsd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

nwscript.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Incurable.Moved.;

osuninst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

pathping.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

pentnt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

ping6.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

pintlphr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

print.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

qappsrv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

query.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

quser.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

qwinsta.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rasautou.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rasdial.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

recover.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

regedt32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

regini.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

register.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

regwiz.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

relog.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

replace.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

reset.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

route.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

routemon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rsm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rsmsink.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rsmui.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rsopprov.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rsvp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Incurable.Moved.;

runas.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rvsezm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

rwinsta.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

sapisvr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

sc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

setup_wm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

sfc.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

shadow.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

shvlzm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

sndvol32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

sol.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

srdiag.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

subst.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

syncapp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

syskey.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

systray.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

taskman.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tcmsetup.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tcpsvcs.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tftp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tintlphr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tintsetp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tracert6.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tscon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tsdiscon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tskill.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tsprof.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

tsshutdn.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

twunk_32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

typeperf.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

unlodctr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

unregmp2.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

unsecapp.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

verifier.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

vssadmin.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

w32tm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

wb32.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

winhstb.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

winmgmt.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

winmine.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

winmsd.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

wmplayer.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

wmpstub.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

write.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

wscript.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

wupdmgr.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

zclientm.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.;

ndis.sys;C:\WINDOWS\system32\drivers;Trojan.NtRootKit.2670;Deleted.;

genuinst.exe;C:\WINDOWS\system32\Macromed\Flash;Win32.Virut.56;Cured.;

nppagent.exe;C:\WINDOWS\system32\npp;Win32.Virut.56;Cured.;

msoobe.exe;C:\WINDOWS\system32\oobe;Win32.Virut.56;Cured.;

oobebaln.exe;C:\WINDOWS\system32\oobe;Win32.Virut.56;Cured.;

nvsvc32.exe;C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles;Win32.Virut.56;Cured.;

rstrui.exe;C:\WINDOWS\system32\Restore;Win32.Virut.56;Cured.;

srdiag.exe;C:\WINDOWS\system32\Restore;Win32.Virut.56;Cured.;

hpzcfg09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;

hpzeng09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;

hpzpre09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Incurable.Moved.;

hpzstc09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;

hpzstw09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;

hpztbu09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;

hpztbx09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\3;Win32.Virut.56;Cured.;

hpzcfg09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_58003bc1;Win32.Virut.56;Cured.;

hpzeng09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_58003bc1;Win32.Virut.56;Cured.;

hpzpre09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_58003bc1;Win32.Virut.56;Cured.;

hpzstc09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_58003bc1;Win32.Virut.56;Cured.;

hpzstw09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_58003bc1;Win32.Virut.56;Cured.;

hpztbu09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_58003bc1;Win32.Virut.56;Cured.;

hpztbx09.exe;C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_58003bc1;Win32.Virut.56;Cured.;

migload.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;

migwiz.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;

migwiza.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;

migwiz_a.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.;

mofcomp.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

scrcons.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

unsecapp.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

wbemtest.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

wmiadap.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

wmic.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

wmiprvse.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.;

BN1.tmp;C:\WINDOWS\Temp;Trojan.Packed.438;Deleted.;

CANOIT32.EXE;C:\WINDOWS\twain_32\CNQ3000;Win32.Virut.56;Cured.;

Setup.exe;E:\Torrent Software\Adobe PhotoShop CS3\Photoshop\Adobe CS3;Win32.Virut.56;Cured.;

MagicISO [Keygen].exe;E:\Torrent Software\MagicISO Maker 5.4;Win32.Virut.56;Cured.;

nero8x.exe;E:\Torrent Software\nero 8;Win32.Virut.56;Cured.;

Link to post
Share on other sites

  • Root Admin

Please disconnect this computer from any other computers. If any computers have been on the same network or shared a USB driver or CD then all those computers need to be scanned for infection. Make sure ALL systems are running Up To Date Anti-Virus software with live detection enabled.

The Virut virus is a file infector infection. Most experts suggest a format/reinstall.

Virut File Infector Warning

Your system is infected with the Win32.Virut virus.
Virus:Win32 VIRUT

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a clean reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only.
DO NOT
backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Disconnect it from any Network and do not share external USB drives or similar devices with any other computer as it can easily infect them as well if they're not protected from this Virus.
Link to post
Share on other sites

  • Root Admin

Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.