2015-06-23 02:19:02.734 Sophos Virus Removal Tool version 2.5.4 2015-06-23 02:19:02.734 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2015-06-23 02:19:02.734 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2015-06-23 02:19:02.734 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32 2015-06-23 02:19:02.734 Checking for updates... 2015-06-23 02:19:07.500 Update progress: proxy server not available 2015-06-23 02:19:07.890 Update error: failed to read remote metadata (error 4) Cannot locate server for http://dci.sophosupd.com/update/7/9c/79c7487d027bc7c3e182c8dd7fcfbca4.xml 2015-06-23 02:22:36.515 Option all = no 2015-06-23 02:22:36.703 Option recurse = yes 2015-06-23 02:22:36.734 Option archive = no 2015-06-23 02:22:36.734 Option service = yes 2015-06-23 02:22:36.734 Option confirm = yes 2015-06-23 02:22:36.734 Option sxl = yes 2015-06-23 02:22:36.734 Option max-data-age = 35 2015-06-23 02:22:36.734 Option EnableSafeClean = yes 2015-06-23 02:22:41.078 Option vdl-logging = yes 2015-06-23 02:22:41.796 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2015-06-23 02:22:41.796 Machine ID: 354113da4b2c4603850a3ba7be7da20e 2015-06-23 02:22:42.187 Component SVRTcli.exe version 2.5.4 2015-06-23 02:22:42.234 Component control.dll version 2.5.4 2015-06-23 02:22:42.250 Component SVRTservice.exe version 2.5.4 2015-06-23 02:22:42.296 Component engine\osdp.dll version 1.44.1.2200 2015-06-23 02:22:42.328 Component engine\veex.dll version 3.60.0.2200 2015-06-23 02:22:42.421 Component engine\savi.dll version 8.1.7.2200 2015-06-23 02:22:42.578 Component rkdisk.dll version 1.5.30.0 2015-06-23 02:22:43.015 Version info: Product version 2.5.4 2015-06-23 02:22:43.031 Version info: Detection engine 3.60.0 2015-06-23 02:22:43.031 Version info: Detection data 5.15 2015-06-23 02:22:43.031 Version info: Build date 5/26/2015 2015-06-23 02:22:43.031 Version info: Data files added 325 2015-06-23 02:22:43.031 Version info: Last successful update (not yet updated) 2015-06-23 02:23:00.031 Couldn't apply option 'SXLLiveProtection' to the detection engine. 2015-06-23 02:26:14.406 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\winlogon.exe:pid:00000ed4:file 2015-06-23 02:26:14.406 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\winlogon.exe 2015-06-23 02:26:14.406 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:26:14.437 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:26:14.437 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:26:14.437 >>> Virus 'W32/Brontok-BZ' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:26:14.453 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:26:14.468 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:26:14.468 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:26:14.468 >>> Virus 'W32/Brontok-BZ' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:26:44.031 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\services.exe:pid:00000e60:file 2015-06-23 02:26:44.046 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\services.exe 2015-06-23 02:26:44.046 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:26:44.046 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:26:44.062 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:26:44.062 >>> Virus 'W32/Brontok-BZ' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:26:44.078 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:26:44.078 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:26:44.093 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:26:44.093 >>> Virus 'W32/Brontok-BZ' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:27:06.453 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\lsass.exe:pid:00000eac:file 2015-06-23 02:27:06.453 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\lsass.exe 2015-06-23 02:27:06.453 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:27:06.453 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:27:06.484 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:27:06.609 >>> Virus 'W32/Brontok-BZ' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 2015-06-23 02:27:06.656 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:27:06.703 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:27:06.718 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:27:06.765 >>> Virus 'W32/Brontok-BZ' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions 2015-06-23 02:28:15.640 The following items will be cleaned up: 2015-06-23 02:28:15.703 W32/Brontok-BZ 2015-06-23 02:32:27.859 Threat 'W32/Brontok-BZ' has been cleaned up. 2015-06-23 02:32:27.859 Process "C:\Documents and Settings\anne schendel\Local Settings\Application Data\winlogon.exe:pid:00000ed4:file" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.859 Process "C:\Documents and Settings\anne schendel\Local Settings\Application Data\winlogon.exe:pid:00000ed4:file" has been cleaned up. 2015-06-23 02:32:27.859 Process "C:\Documents and Settings\anne schendel\Local Settings\Application Data\services.exe:pid:00000e60:file" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.859 Process "C:\Documents and Settings\anne schendel\Local Settings\Application Data\services.exe:pid:00000e60:file" has been cleaned up. 2015-06-23 02:32:27.859 Process "C:\Documents and Settings\anne schendel\Local Settings\Application Data\lsass.exe:pid:00000eac:file" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.859 Process "C:\Documents and Settings\anne schendel\Local Settings\Application Data\lsass.exe:pid:00000eac:file" has been cleaned up. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000ad8" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000ad8" has been cleaned up. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000b20" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000b20" has been cleaned up. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d20" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d20" has been cleaned up. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d40" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d40" has been cleaned up. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d48" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.875 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d48" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000ec4" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000ec4" has been cleaned up. 2015-06-23 02:32:27.890 File "C:\Documents and Settings\anne schendel\Local Settings\Application Data\winlogon.exe" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 File "C:\Documents and Settings\anne schendel\Local Settings\Application Data\winlogon.exe" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000260" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000260" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:0000074c" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:0000074c" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:000002a4" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:000002a4" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:000004dc" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:000004dc" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000c1c" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000c1c" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000264" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000264" has been cleaned up. 2015-06-23 02:32:27.890 File "C:\Documents and Settings\anne schendel\Local Settings\Application Data\services.exe" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 File "C:\Documents and Settings\anne schendel\Local Settings\Application Data\services.exe" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000758" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000758" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:0000007c" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:0000007c" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000f64" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000f64" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000fa0" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000fa0" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:0000070c" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:0000070c" has been cleaned up. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d00" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d00" has been cleaned up. 2015-06-23 02:32:27.890 File "C:\Documents and Settings\anne schendel\Local Settings\Application Data\lsass.exe" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 File "C:\Documents and Settings\anne schendel\Local Settings\Application Data\lsass.exe" has been cleaned up. 2015-06-23 02:32:27.890 Registry value "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Registry value "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" has been cleaned up. 2015-06-23 02:32:27.890 Registry value "HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.890 Registry value "HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" has been cleaned up. 2015-06-23 02:32:27.906 Registry value "HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.906 Registry value "HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" has been cleaned up. 2015-06-23 02:32:27.906 Registry value "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.906 Registry value "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions" has been cleaned up. 2015-06-23 02:32:27.906 Registry value "HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.906 Registry value "HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions" has been cleaned up. 2015-06-23 02:32:27.906 Registry value "HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions" belongs to 'W32/Brontok-BZ'. 2015-06-23 02:32:27.906 Registry value "HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions" has been cleaned up. 2015-06-23 02:32:27.906 Removal successful 2015-06-23 02:52:35.828 >>> Virus 'Troj/Kovter-M' found in file C:\Documents and Settings\All Users\Application Data\Microsoft\{165bd50a-2e1f-8237-1f37-9bbe817854ac}\{165bd50a-2e1f-8237-1f37-9bbe817854ac}.exe 2015-06-23 02:52:35.828 >>> Virus 'Troj/Kovter-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{165bd50a-2e1f-8237-1f37-9bbe817854ac} 2015-06-23 02:52:35.828 >>> Virus 'Troj/Kovter-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\{165bd50a-2e1f-8237-1f37-9bbe817854ac} 2015-06-23 02:53:01.562 >>> Virus 'Troj/Agent-ALRO' found in file C:\Documents and Settings\All Users\Application Data\Microsoft\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}.exe 2015-06-23 02:53:01.562 >>> Virus 'Troj/Agent-ALRO' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd} 2015-06-23 02:53:01.562 >>> Virus 'Troj/Agent-ALRO' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd} 2015-06-23 02:54:16.593 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\csrss.exe 2015-06-23 02:54:41.937 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\inetinfo.exe 2015-06-23 02:55:10.765 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Local Settings\Application Data\smss.exe 2015-06-23 02:55:10.781 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1007\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus 2015-06-23 02:55:56.234 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Start Menu\Programs\Startup\Empty.pif 2015-06-23 02:56:22.328 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\anne schendel\Templates\WowTumpeh.com 2015-06-23 02:56:22.328 >>> Virus 'W32/Brontok-BZ' found in file C:\WINDOWS\Tasks\At1.job 2015-06-23 03:02:49.703 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Local Settings\Application Data\csrss.exe 2015-06-23 03:03:28.500 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Local Settings\Application Data\inetinfo.exe 2015-06-23 03:04:00.328 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Local Settings\Application Data\lsass.exe 2015-06-23 03:04:26.468 >>> Virus 'Troj/Wonton-PF' found in file C:\Documents and Settings\ferrara\Local Settings\Application Data\luke\luke.exe 2015-06-23 03:04:26.468 >>> Virus 'Troj/Wonton-PF' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\luke 2015-06-23 03:04:26.468 >>> Virus 'Troj/Wonton-PF' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\luke 2015-06-23 03:05:01.281 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Local Settings\Application Data\services.exe 2015-06-23 03:05:26.109 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Local Settings\Application Data\smss.exe 2015-06-23 03:05:26.125 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-21-1552357735-3479602463-1512363160-1008\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus 2015-06-23 03:05:50.718 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Local Settings\Application Data\winlogon.exe 2015-06-23 03:10:32.421 >>> Virus 'Mal/ExpJS-BS' found in file C:\Documents and Settings\ferrara\Local Settings\Temporary Internet Files\Content.IE5\OVXJUPUW\dvu26h3e96[1].htm 2015-06-23 03:13:44.828 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\bberry\bberry.exe 2015-06-23 03:14:16.718 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\frp40\frp40.exe 2015-06-23 03:14:42.875 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\kts\kts.exe 2015-06-23 03:15:09.781 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\kts\VPN4.6\v4.6\v4.6`.exe 2015-06-23 03:15:35.781 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\kts\VPN4.6\VPN4.6`.exe 2015-06-23 03:16:03.140 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\law\law.exe 2015-06-23 03:16:29.546 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\moi\daytimer\daytimer.exe 2015-06-23 03:16:55.328 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\moi\daytimer\DTO\DTO.exe 2015-06-23 03:17:22.281 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\moi\kitties\kitties.exe 2015-06-23 03:17:48.859 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\moi\moi.exe 2015-06-23 03:18:16.187 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Albums\dilbert\dilbert.exe 2015-06-23 03:18:45.609 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Albums\grrr\grrr.exe 2015-06-23 03:19:11.609 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Albums\My Albums.exe 2015-06-23 03:19:37.796 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My eBooks\test\test.exe 2015-06-23 03:20:03.812 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Music\License Backup\License Backup.exe 2015-06-23 03:20:30.562 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Music\PictureProject samples\PictureProject samples.exe 2015-06-23 03:20:59.234 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\3kitties_2006\another\another.exe 2015-06-23 03:21:26.281 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\3kitties_2006\one\one.exe 2015-06-23 03:21:52.156 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\apt\apt.exe 2015-06-23 03:22:20.906 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\berry_cam\all\again\again.exe 2015-06-23 03:22:49.703 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\berry_cam\all\all.exe 2015-06-23 03:23:20.937 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\berry_cam\berry_cam.exe 2015-06-23 03:23:50.750 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\berry_cam\tom\tom.exe 2015-06-23 03:24:17.218 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\blizzard_12-2010\blizzard_12-28-2010\blizzard_12-28-2010.exe 2015-06-23 03:24:42.250 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\blizzard_12-2010\blizzard_12-29-2010\blizzard_12-29-2010.exe 2015-06-23 03:25:09.843 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\grr\grr.exe 2015-06-23 03:25:37.250 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\july2011\jul11_sportimes\jul11_sportimes.exe 2015-06-23 03:26:03.203 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\july2011\jul14_sportimes\jul14_sportimes.exe 2015-06-23 03:26:28.906 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\july2011\jul15_sportimes\jul15_sportimes.exe 2015-06-23 03:26:54.906 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\july2011\jul20_sportimes\jul20_sportimes.exe 2015-06-23 03:27:22.234 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\july2011\jul22\jul22.exe 2015-06-23 03:27:49.812 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\july2011\jul4_2011\jul4_2011.exe 2015-06-23 03:28:16.671 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\july2011\jul6_sportimes\jul6_sportimes.exe 2015-06-23 03:28:44.296 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0001\0001.exe 2015-06-23 03:29:16.078 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0002\0002.exe 2015-06-23 03:29:41.593 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0003\0003.exe 2015-06-23 03:30:07.453 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0004\0004.exe 2015-06-23 03:30:32.656 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0005\0005.exe 2015-06-23 03:30:58.359 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0006\0006.exe 2015-06-23 03:31:25.890 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0007\0007.exe 2015-06-23 03:31:52.750 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0008\0008.exe 2015-06-23 03:32:19.734 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0009\0009.exe 2015-06-23 03:32:49.421 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0010\0010.exe 2015-06-23 03:33:16.406 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0011\0011.exe 2015-06-23 03:33:46.218 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\0012\0012.exe 2015-06-23 03:34:12.531 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\Sample Images\Flower\Flower.exe 2015-06-23 03:34:37.171 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\Sample Images\Nature\Nature.exe 2015-06-23 03:35:02.687 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\PictureProject\Sample Images\Travel\Travel.exe 2015-06-23 03:35:30.687 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\WTT\WTT.exe 2015-06-23 03:35:56.640 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\WTT\wtt_072512a\wtt_072512a.exe 2015-06-23 03:36:22.640 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\wtt_071410a\wtt_071410a.exe 2015-06-23 03:36:47.531 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\wtt_071910a\wtt_071910a.exe 2015-06-23 03:37:12.046 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Pictures\wtt_072310a\wtt_072310a.exe 2015-06-23 03:37:36.921 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Received Files\cardinalicons\cardinalicons.exe 2015-06-23 03:38:11.718 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Received Files\Lou-Lou\Lou-Lou.exe 2015-06-23 03:38:37.093 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Received Files\My Received Files.exe 2015-06-23 03:39:01.656 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Received Files\NauticalIcons\NauticalIcons.exe 2015-06-23 03:39:26.687 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Received Files\shamicons\shamicons.exe 2015-06-23 03:39:55.328 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\My Received Files\working\working.exe 2015-06-23 03:40:21.671 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\new_vpn361\New_vpn361\New_vpn361.exe 2015-06-23 03:40:48.671 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\new_vpn361\new_vpn361.exe 2015-06-23 03:41:14.609 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\rats\rats.exe 2015-06-23 03:41:14.625 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Desktop\Shortcut to Rats.exe.lnk 2015-06-23 03:41:41.062 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\arl_vpn\arl_vpn.exe 2015-06-23 03:42:06.296 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\arl_vpn\SecureClient_R56\SecureClient_R56\SecureClient_R56.exe 2015-06-23 03:42:32.812 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\arl_vpn\ssh\ssh\ssh.exe 2015-06-23 03:42:59.546 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\TAS.exe 2015-06-23 03:43:24.437 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas2003\tas2003.exe 2015-06-23 03:43:50.218 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas2004\expenses_2004\expenses_2004.exe 2015-06-23 03:44:15.500 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas2004\tas2004.exe 2015-06-23 03:44:41.421 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas2006\tas2006.exe 2015-06-23 03:45:06.437 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas2015\tas2015.exe 2015-06-23 03:45:32.312 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2005\expenses_2005\expenses_2005.exe 2015-06-23 03:45:58.812 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2005\tas_2005.exe 2015-06-23 03:46:26.312 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2007\tas_2007.exe 2015-06-23 03:46:55.484 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2008\tas_2008.exe 2015-06-23 03:47:21.437 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\AgentWebRB.exe 2015-06-23 03:47:47.765 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\images\images.exe 2015-06-23 03:48:13.968 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\images\NavBar\NavBar.exe 2015-06-23 03:48:39.093 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\images\NavBar\_vti_cnf\_vti_cnf.exe 2015-06-23 03:49:04.203 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\images\NavBar2\NavBar2.exe 2015-06-23 03:49:30.953 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\images\NavBar2\_notes\_notes.exe 2015-06-23 03:50:00.921 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\images\NavBar2\_vti_cnf\_vti_cnf.exe 2015-06-23 03:50:26.578 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\images\_vti_cnf\_vti_cnf.exe 2015-06-23 03:50:51.781 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\SHJ Saved\SHJ Saved.exe 2015-06-23 03:51:18.640 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\AgentWebRB\_vti_cnf\_vti_cnf.exe 2015-06-23 03:51:44.078 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\RedBack.exe 2015-06-23 03:52:08.937 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\RedBack_4.2.5docs\docs\docs.exe 2015-06-23 03:52:35.156 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\RedBack\RedBack_4.2.5docs\RedBack_4.2.5docs`.exe 2015-06-23 03:53:01.031 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2009\tas_2009.exe 2015-06-23 03:53:26.562 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2010\Arl_hrs\Arl_hrs.exe 2015-06-23 03:53:53.531 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2010\tas_2010.exe 2015-06-23 03:54:22.203 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2011\klips\klips.exe 2015-06-23 03:54:50.578 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2011\tas_2011.exe 2015-06-23 03:55:22.515 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2012\tas_2012.exe 2015-06-23 03:55:50.390 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2013\may_2013\may_2013.exe 2015-06-23 03:56:17.328 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2013\tas_2013.exe 2015-06-23 03:56:42.765 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2014\NewCo\NewCo.exe 2015-06-23 03:57:09.687 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2014\OAC_SCRIPT\OAC_SCRIPT.exe 2015-06-23 03:57:36.187 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\tas_2014\tas_2014.exe 2015-06-23 03:58:01.093 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\touch_berry\touch_berry.exe 2015-06-23 03:58:27.390 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\uni7doc\uni7doc.exe 2015-06-23 03:58:53.109 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\TAS\Walker\Walker.exe 2015-06-23 03:59:19.156 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\Vodafone\vod1\vod1.exe 2015-06-23 03:59:44.812 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\Vodafone\vod2\vod2.exe 2015-06-23 04:00:11.203 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\Vodafone\vod3\vod3.exe 2015-06-23 04:00:36.437 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\Vodafone\vod4\vod4.exe 2015-06-23 04:01:01.328 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\Vodafone\Vodafone.exe 2015-06-23 04:01:28.203 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\Vodafone\voda_2005\voda_2005.exe 2015-06-23 04:01:55.171 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\My Documents\Vodafone\voda_no\voda_no.exe 2015-06-23 04:02:29.343 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Start Menu\Programs\Startup\Empty.pif 2015-06-23 04:02:54.484 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\ferrara\Templates\WowTumpeh.com 2015-06-23 04:03:20.062 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\NetworkService\Local Settings\Application Data\csrss.exe 2015-06-23 04:03:45.171 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\NetworkService\Local Settings\Application Data\inetinfo.exe 2015-06-23 04:04:14.562 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\NetworkService\Local Settings\Application Data\lsass.exe 2015-06-23 04:04:39.421 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\NetworkService\Local Settings\Application Data\services.exe 2015-06-23 04:05:04.656 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe 2015-06-23 04:05:04.656 >>> Virus 'W32/Brontok-BZ' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus 2015-06-23 04:05:04.671 >>> Virus 'W32/Brontok-BZ' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus 2015-06-23 04:05:29.781 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\NetworkService\Local Settings\Application Data\winlogon.exe 2015-06-23 04:05:56.781 >>> Virus 'W32/Brontok-BZ' found in file C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Empty.pif 2015-06-23 04:06:22.203 >>> Virus 'W32/Brontok-BZ' found in file C:\Empty.pif 2015-06-23 04:06:23.250 Could not open C:\hiberfil.sys 2015-06-23 04:37:42.093 >>> Virus 'W32/Brontok-BZ' found in file C:\RECYCLER\S-1-5-21-1552357735-3479602463-1512363160-1008\Dc11.scr 2015-06-23 04:38:07.578 >>> Virus 'W32/Brontok-BZ' found in file C:\RECYCLER\S-1-5-21-1552357735-3479602463-1512363160-1008\Dc12.scr 2015-06-23 04:38:32.859 >>> Virus 'W32/Brontok-BZ' found in file C:\RECYCLER\S-1-5-21-1552357735-3479602463-1512363160-1008\Dc16.pif 2015-06-23 04:43:20.156 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000005.exe 2015-06-23 04:43:45.515 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000006.exe 2015-06-23 04:44:11.296 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000007.exe 2015-06-23 04:44:37.031 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000009.exe 2015-06-23 04:45:03.234 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000010.exe 2015-06-23 04:45:32.531 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000012.exe 2015-06-23 04:45:58.015 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000014.pif 2015-06-23 04:46:22.593 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000015.com 2015-06-23 04:46:48.234 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP1\A0000016.scr 2015-06-23 04:47:14.296 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000023.exe 2015-06-23 04:47:39.281 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000024.exe 2015-06-23 04:48:04.078 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000025.exe 2015-06-23 04:48:28.937 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000026.exe 2015-06-23 04:49:44.187 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000039.exe 2015-06-23 04:50:10.218 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000040.exe 2015-06-23 04:50:37.593 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000041.exe 2015-06-23 04:51:03.593 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000042.exe 2015-06-23 04:51:29.546 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000043.exe 2015-06-23 04:51:58.000 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000044.exe 2015-06-23 04:52:23.843 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000045.exe 2015-06-23 04:52:50.062 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000046.pif 2015-06-23 04:53:15.859 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000047.com 2015-06-23 04:53:42.171 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000048.scr 2015-06-23 04:54:08.953 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000049.exe 2015-06-23 04:54:35.109 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000052.exe 2015-06-23 04:55:01.125 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000053.exe 2015-06-23 04:55:29.656 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000054.exe 2015-06-23 04:55:54.812 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000055.exe 2015-06-23 04:56:19.828 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000056.exe 2015-06-23 04:56:44.890 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000057.pif 2015-06-23 04:57:10.703 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000059.com 2015-06-23 04:57:35.890 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000060.scr 2015-06-23 04:58:01.250 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000073.exe 2015-06-23 04:58:26.203 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000074.exe 2015-06-23 04:58:52.515 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000075.exe 2015-06-23 04:59:19.578 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000076.exe 2015-06-23 04:59:48.843 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000077.exe 2015-06-23 05:00:13.562 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000078.exe 2015-06-23 05:00:40.031 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000080.exe 2015-06-23 05:01:05.812 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000081.exe 2015-06-23 05:01:31.500 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000083.pif 2015-06-23 05:01:56.093 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000084.com 2015-06-23 05:02:20.953 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000085.scr 2015-06-23 05:02:46.375 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000101.exe 2015-06-23 05:03:11.984 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000117.exe 2015-06-23 05:03:37.656 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000118.exe 2015-06-23 05:04:03.921 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000119.exe 2015-06-23 05:04:29.609 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000120.com 2015-06-23 05:04:56.453 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000121.scr 2015-06-23 05:05:22.750 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000135.pif 2015-06-23 05:05:49.156 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000136.scr 2015-06-23 05:06:16.218 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000142.exe 2015-06-23 05:06:43.937 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000143.exe 2015-06-23 05:07:09.031 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000144.exe 2015-06-23 05:07:34.187 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000145.exe 2015-06-23 05:07:59.078 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000146.exe 2015-06-23 05:08:23.781 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000147.pif 2015-06-23 05:08:49.546 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP2\A0000148.com 2015-06-23 05:09:15.921 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000149.exe 2015-06-23 05:09:41.140 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000150.exe 2015-06-23 05:10:06.078 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000151.exe 2015-06-23 05:10:31.078 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000152.exe 2015-06-23 05:10:56.968 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000153.exe 2015-06-23 05:11:24.234 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000160.exe 2015-06-23 05:11:50.234 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000161.exe 2015-06-23 05:12:17.171 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000162.exe 2015-06-23 05:12:43.046 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000164.pif 2015-06-23 05:13:09.093 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000165.com 2015-06-23 05:13:35.234 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000166.scr 2015-06-23 05:14:02.000 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000168.exe 2015-06-23 05:14:31.765 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000182.exe 2015-06-23 05:14:56.671 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000183.exe 2015-06-23 05:15:22.640 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000184.exe 2015-06-23 05:15:48.187 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000185.exe 2015-06-23 05:16:12.984 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000186.exe 2015-06-23 05:16:37.906 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000187.exe 2015-06-23 05:17:02.578 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000188.pif 2015-06-23 05:17:27.437 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000189.com 2015-06-23 05:17:52.203 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0000190.scr 2015-06-23 05:18:17.312 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002167.exe 2015-06-23 05:18:42.078 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002168.exe 2015-06-23 05:19:07.828 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002175.exe 2015-06-23 05:19:32.515 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002176.exe 2015-06-23 05:19:57.421 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002177.exe 2015-06-23 05:20:22.265 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002178.exe 2015-06-23 05:20:46.937 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002179.exe 2015-06-23 05:21:11.765 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002180.exe 2015-06-23 05:21:36.750 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002181.exe 2015-06-23 05:22:01.625 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002182.exe 2015-06-23 05:22:27.000 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002184.pif 2015-06-23 05:22:51.703 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0002185.com 2015-06-23 05:23:16.546 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003188.exe 2015-06-23 05:23:41.250 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003189.exe 2015-06-23 05:24:06.453 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003190.exe 2015-06-23 05:24:31.687 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003191.exe 2015-06-23 05:24:56.468 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003192.exe 2015-06-23 05:25:21.265 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003193.exe 2015-06-23 05:25:46.031 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003194.exe 2015-06-23 05:26:11.000 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003195.exe 2015-06-23 05:26:36.546 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003200.pif 2015-06-23 05:27:02.171 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003201.com 2015-06-23 05:27:27.140 >>> Virus 'W32/Brontok-BZ' found in file C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP3\A0003203.scr 2015-06-23 05:59:45.328 >>> Virus 'W32/Brontok-BZ' found in file C:\WINDOWS\eksplorasi.exe 2015-06-23 05:59:45.359 >>> Virus 'W32/Brontok-BZ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell 2015-06-23 06:17:50.343 >>> Virus 'W32/Brontok-BZ' found in file C:\WINDOWS\ShellNew\bronstab.exe 2015-06-23 06:17:50.343 >>> Virus 'W32/Brontok-BZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bron-Spizaetus 2015-06-23 06:19:35.734 >>> Virus 'W32/Brontok-BZ' found in file C:\WINDOWS\system32\anne schendel's Setting.scr 2015-06-23 06:21:59.765 >>> Virus 'W32/Brontok-BZ' found in file C:\WINDOWS\system32\drivers\etc\hosts-Denied By-System.com 2015-06-23 06:23:20.812 >>> Virus 'W32/Brontok-BZ' found in file C:\WINDOWS\system32\ferrara's Setting.scr 2015-06-23 06:27:24.625 >>> Virus 'W32/Brontok-BZ' found in file C:\WINDOWS\system32\System's Setting.scr 2015-06-23 06:29:07.093 >>> Virus 'W32/Brontok-BZ' found in file C:\WowTumpeh.com 2015-06-23 06:29:27.640 >>> Virus 'W32/Brontok-BZ' found in file E:\from_bberry\camera\camera.exe 2015-06-23 06:29:47.656 >>> Virus 'W32/Brontok-BZ' found in file E:\from_bberry\photos\Halloween\Halloween.exe 2015-06-23 06:30:05.187 >>> Virus 'W32/Brontok-BZ' found in file E:\from_bberry\photos\Stuff\Stuff.exe 2015-06-23 06:30:23.000 >>> Virus 'W32/Brontok-BZ' found in file E:\from_bberry\photos\Kitties\Kitties.exe 2015-06-23 06:30:40.468 >>> Virus 'W32/Brontok-BZ' found in file E:\from_bberry\photos\photos.exe 2015-06-23 06:30:57.718 >>> Virus 'W32/Brontok-BZ' found in file E:\from_bberry\downloads\downloads.exe 2015-06-23 06:31:13.687 >>> Virus 'W32/Brontok-BZ' found in file E:\to_print\to_print.exe 2015-06-23 06:31:29.937 >>> Virus 'W32/Brontok-BZ' found in file E:\TESTPIX\TESTPIX.exe 2015-06-23 06:31:47.484 >>> Virus 'W32/Brontok-BZ' found in file E:\forJan13\forJan13.exe 2015-06-23 06:32:07.093 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\music\music.exe 2015-06-23 06:32:32.609 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\photos\Hdays_2013\Hdays_2013.exe 2015-06-23 06:32:50.078 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\photos\Grumpy\Grumpy.exe 2015-06-23 06:33:09.062 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\photos\Peanuts\Peanuts.exe 2015-06-23 06:33:26.421 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\photos\Halloween\Halloween.exe 2015-06-23 06:33:43.718 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\photos\Stuff\Stuff.exe 2015-06-23 06:34:02.031 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\photos\Kitties\Kitties.exe 2015-06-23 06:34:20.531 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\photos\photos.exe 2015-06-23 06:34:45.187 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\camera\camera.exe 2015-06-23 06:35:04.500 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\downloads\downloads.exe 2015-06-23 06:35:22.968 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\documents\.legal\.legal`.exe 2015-06-23 06:35:40.343 >>> Virus 'W32/Brontok-BZ' found in file E:\xfer_bberry\documents\documents.exe 2015-06-23 06:35:57.484 >>> Virus 'W32/Brontok-BZ' found in file E:\a2015\a2015.exe 2015-06-23 06:36:15.078 >>> Virus 'W32/Brontok-BZ' found in file E:\Data FERRARA.exe 2015-06-23 06:36:31.562 >>> Virus 'W32/Brontok-BZ' found in file E:\Data SYSTEM.exe 2015-06-23 06:36:48.218 >>> Virus 'W32/Brontok-BZ' found in file E:\Data ANNE SCHENDEL.exe 2015-06-23 06:36:49.171 The following items will be cleaned up: 2015-06-23 06:36:49.171 Troj/Kovter-M 2015-06-23 06:36:49.171 Troj/Agent-ALRO 2015-06-23 06:36:49.171 W32/Brontok-BZ 2015-06-23 06:36:49.171 Troj/Wonton-PF 2015-06-23 06:36:49.171 Mal/ExpJS-BS 2015-06-23 06:37:57.656 Threat 'Troj/Kovter-M' was not cleaned up. (error 0xa0040208) 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:00000ff8" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:00000ff8" has been cleaned up. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:0000029c" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:0000029c" has been cleaned up. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:00000bb8" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:00000bb8" has been cleaned up. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d98" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d98" has been cleaned up. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:000009c0" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:000009c0" has been cleaned up. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:00000ac4" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.656 Process "C:\WINDOWS\system32\svchost.exe:pid:00000ac4" has been cleaned up. 2015-06-23 06:37:57.656 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{165bd50a-2e1f-8237-1f37-9bbe817854ac}" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.656 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{165bd50a-2e1f-8237-1f37-9bbe817854ac}" has been cleaned up. 2015-06-23 06:37:57.656 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\{165bd50a-2e1f-8237-1f37-9bbe817854ac}" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.656 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\{165bd50a-2e1f-8237-1f37-9bbe817854ac}" has been cleaned up. 2015-06-23 06:37:57.687 File "C:\Documents and Settings\All Users\Application Data\Microsoft\{165bd50a-2e1f-8237-1f37-9bbe817854ac}\{165bd50a-2e1f-8237-1f37-9bbe817854ac}.exe" belongs to 'Troj/Kovter-M'. 2015-06-23 06:37:57.765 File "C:\Documents and Settings\All Users\Application Data\Microsoft\{165bd50a-2e1f-8237-1f37-9bbe817854ac}\{165bd50a-2e1f-8237-1f37-9bbe817854ac}.exe" was not cleaned up. (32: The process cannot access the file because it is being used by another process.) 2015-06-23 06:37:57.812 File checksum: MD5=95c908c21c32d9891bc5aaff22032f51, SHA-1=e029b524aeff17e98226c10dee59f1a7cb142c4c 2015-06-23 06:37:57.812 Removal failed 2015-06-23 06:38:40.156 Threat 'Troj/Agent-ALRO' was not cleaned up. (error 0xa0040208) 2015-06-23 06:38:40.156 Process "C:\WINDOWS\system32\svchost.exe:pid:000008c8" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.156 Process "C:\WINDOWS\system32\svchost.exe:pid:000008c8" has been cleaned up. 2015-06-23 06:38:40.156 Process "C:\WINDOWS\system32\svchost.exe:pid:00000dc0" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.156 Process "C:\WINDOWS\system32\svchost.exe:pid:00000dc0" has been cleaned up. 2015-06-23 06:38:40.156 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d34" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.156 Process "C:\WINDOWS\system32\svchost.exe:pid:00000d34" has been cleaned up. 2015-06-23 06:38:40.156 Process "C:\WINDOWS\system32\svchost.exe:pid:00000e34" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.187 Process "C:\WINDOWS\system32\svchost.exe:pid:00000e34" has been cleaned up. 2015-06-23 06:38:40.187 Process "C:\WINDOWS\system32\svchost.exe:pid:00000394" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.187 Process "C:\WINDOWS\system32\svchost.exe:pid:00000394" has been cleaned up. 2015-06-23 06:38:40.187 Process "C:\WINDOWS\system32\svchost.exe:pid:00000cd4" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.187 Process "C:\WINDOWS\system32\svchost.exe:pid:00000cd4" has been cleaned up. 2015-06-23 06:38:40.187 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.187 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}" has been cleaned up. 2015-06-23 06:38:40.187 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.187 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}" has been cleaned up. 2015-06-23 06:38:40.187 File "C:\Documents and Settings\All Users\Application Data\Microsoft\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}.exe" belongs to 'Troj/Agent-ALRO'. 2015-06-23 06:38:40.187 File "C:\Documents and Settings\All Users\Application Data\Microsoft\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}\{910dd9b1-cff8-1a0d-e3b8-81e48a9014bd}.exe" was not cleaned up. (32: The process cannot access the file because it is being used by another process.) 2015-06-23 06:38:40.187 File checksum: MD5=70d906924e1337af1dd2cbf6dd5a2c1c, SHA-1=337d666e42b096e568d19a7fa07e72e21673c82a 2015-06-23 06:38:40.187 Removal failed 2015-06-23 07:49:10.687 Warning: failed to stop service (230: The pipe state is invalid.) 2015-06-23 07:49:12.125 Error: scan service had to be terminated