35 replies to this topic

[Broni]

I'm going to bed, but if you still have time....

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  
  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• Do not reboot until instructed.
  
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[Kakashi789]

Okay

[Kakashi789]

Hey i downloaded combofix and installed and run and when the scanning is done it shows me this error
"!! ALERT !! It is not safe to continue!
The contents of combofix has been compromised.
Please download a fresh copy from:
http://www.bleepingc...to-use-combofix
Note:You may be infected with a file patching virus 'virut'"

[Broni]

I'm afraid I have very bad news.

You are infected with a polymorphic file infector (Virut). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
*.pdf

Backup all your documents and important items only.
DO NOT backup any files mentioned above.

I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.

[Kakashi789]

I have downloaded a tool which remove virut can i run the program?

[Broni]

If you read my reply, it clearly says that you can't heal Virut infection.
Unfortunately....
All tools claiming that they're able to remove Virut infection are either false advertisement, or just a scam.

[Kakashi789]

This is really worst

[Kakashi789]

And btw i am not gonna format my drives coz der a lot of games so u close my topic and if i got a easy way to remove virut i will tell u to re-open this topic

[Broni]

We don't close topic here.

[Kakashi789]

Hey broni i runned combofix and here's the log
ComboFix 11-09-08.01 - Hackingwite 09/09/2011 12:13:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.711 [GMT 5.5:30]
Running from: c:\documents and settings\Hackingwite.AKATSUKI-2F87D9\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\Application Data\updates
c:\documents and settings\admin\WINDOWS
c:\documents and settings\Ajay\Application Data\updates
c:\documents and settings\Hackingwite.AKATSUKI-2F87D9\Application Data\updates
c:\documents and settings\Hackingwite\Application Data\updates
c:\documents and settings\NetworkService.NT AUTHORITY.000\Application Data\desktop.ini
c:\program files\Internet Explorer\SET6DC.tmp
c:\program files\RegGenie
c:\program files\RegGenie\Backups\37987.0018952546
c:\program files\RegGenie\Backups\37987.0024786574
c:\program files\RegGenie\Backups\37987.0057213889
c:\program files\RegGenie\Backups\37987.0061727778
c:\program files\RegGenie\Backups\37987.0074312731
c:\program files\RegGenie\Backups\37987.0081004051
c:\program files\RegGenie\Backups\37987.0121504167
c:\program files\RegGenie\Backups\37987.0171590972
c:\program files\RegGenie\Backups\37987.0192928935
c:\program files\RegGenie\Backups\37987.0205501273
c:\program files\RegGenie\Backups\37987.0268565509
c:\program files\RegGenie\Backups\37987.0390096875
c:\program files\RegGenie\Backups\37987.0466596065
c:\program files\RegGenie\Backups\37987.0644871181
c:\program files\RegGenie\Backups\37987.096116169
c:\program files\RegGenie\Backups\37987.1176772222
c:\program files\RegGenie\Backups\37987.1759723958
c:\program files\RegGenie\Backups\39083.0113235995
c:\program files\RegGenie\IgnoredKeys.ini
c:\program files\RegGenie\IgnoredValues.ini
c:\program files\RegGenie\Logs\Scan on 1-1-2004 1-07-08 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 1-32-10 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-02-40 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-03-33 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-07-46 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-08-30 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-09-21 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-10-33 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-16-40 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-24-38 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-29-27 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-38-35 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 12-55-59 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 2-18-21 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 2-49-14 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2004 4-13-19 AM.txt
c:\program files\RegGenie\Logs\Scan on 1-1-2007 12-16-15 AM.txt
c:\program files\RegGenie\RegGenie.bim
c:\program files\RegGenie\RegGenie.bin
c:\program files\RegGenie\RegGenie.exe
c:\program files\RegGenie\RegGenie.ini
c:\program files\RegGenie\RegGenieOnReboot.exe
c:\program files\RegGenie\RegGenieOnRebootExpired.exe
c:\program files\RegGenie\RegGenieScheduler.exe
c:\program files\RegGenie\unins000.dat
c:\program files\RegGenie\unins000.exe
c:\program files\RegGenie\unins000.msg
c:\program files\Toolbar
c:\program files\Toolbar\3d_large_3.bmp
c:\program files\Toolbar\3d_largeHot_3.bmp
c:\program files\Toolbar\3d_small_3.bmp
c:\program files\Toolbar\3d_smallHot_3.bmp
c:\program files\Toolbar\3d_style_3.tbi
c:\windows\system32\drivers\78.exe
c:\windows\system32\drivers\937.exe
c:\windows\system32\mui\0816\lsaetsrv.dll
c:\windows\system32\qutbvfnvs0ktmky4n0q5.dll
c:\windows\TEMP\B8.tmp
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\userinit.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\explorer.exe
.
Infected copy of c:\windows\system32\cmd.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\cmd.exe
.
Infected copy of c:\windows\system32\expand.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\expand.exe
.
Infected copy of c:\windows\system32\findstr.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\findstr.exe
.
Infected copy of c:\windows\system32\freecell.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\freecell.exe
.
Infected copy of c:\windows\system32\magnify.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\magnify.exe
.
Infected copy of c:\windows\system32\mobsync.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mobsync.exe
.
Infected copy of c:\windows\system32\mshearts.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mshearts.exe
.
Infected copy of c:\windows\system32\narrator.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\narrator.exe
.
Infected copy of c:\windows\system32\net.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\net.exe
.
Infected copy of c:\windows\system32\net1.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\net1.exe
.
Infected copy of c:\windows\system32\netsh.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\netsh.exe
.
Infected copy of c:\windows\system32\notepad.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\notepad.exe
.
Infected copy of c:\windows\system32\osk.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\osk.exe
.
Infected copy of c:\windows\system32\route.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\route.exe
.
Infected copy of c:\windows\system32\rundll32.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\rundll32.exe
.
Infected copy of c:\windows\system32\sc.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sc.exe
.
Infected copy of c:\windows\system32\sol.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sol.exe
.
Infected copy of c:\windows\system32\sort.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sort.exe
.
Infected copy of c:\windows\system32\spider.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\spider.exe
.
Infected copy of c:\windows\system32\taskmgr.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\taskmgr.exe
.
Infected copy of c:\windows\system32\utilman.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\utilman.exe
.
Infected copy of c:\windows\system32\winmine.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\winmine.exe
.
Infected copy of c:\windows\system32\wscntfy.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wscntfy.exe
.
Infected copy of c:\windows\system32\wupdmgr.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wupdmgr.exe
.
.
((((((((((((((((((((((((( Files Created from 2003-11-28 to 2003-12-31 )))))))))))))))))))))))))))))))
.
.
2011-09-09 01:29 . 2011-09-09 01:29 119808 --sh--w- C:\lsauplsa.dll
2011-09-09 01:08 . 2011-09-09 01:09 48984326 ----a-w- C:\35sp1.exe
2011-09-07 00:22 . 2011-09-07 00:22 -------- d-----w- C:\icytower1.5
2011-08-26 09:28 . 2011-09-06 00:21 -------- d-----w- C:\Evil
2011-07-12 07:01 . 2011-07-12 06:43 42887800 ----a-w- C:\Nokia_PC_Suite_eng_web.exe
2011-04-05 23:34 . 2011-09-04 18:43 -------- d-----w- C:\Ssd
2011-04-05 17:55 . 2011-04-05 17:55 -------- d-----w- C:\Virtuald DJ setup
2011-03-27 02:34 . 2004-01-01 00:07 -------- d-----w- C:\Video
2011-03-23 18:36 . 2003-12-31 18:32 -------- d-----w- C:\Intel
2011-03-23 18:25 . 2003-12-31 19:06 -------- d-----r- C:\MSOCache
2008-01-21 02:43 . 2008-01-21 02:43 -------- d-----w- C:\PerfLogs
2006-11-02 12:59 . 2006-11-02 12:59 -------- d-----we C:\Documents and Settings
2006-11-02 11:18 . 2003-12-31 19:09 -------- d-----w- C:\ProgramData
2006-11-02 11:18 . 2003-12-31 18:33 -------- d-----r- C:\Users
2004-01-01 09:34 . 2004-01-01 09:34 268435456 --sha-w- C:\WinPEpge.sys
2004-01-01 08:34 . 2003-12-31 19:41 -------- d-----w- C:\sankya
2004-01-01 08:16 . 2004-01-01 08:10 -------- d-----w- C:\OutputFolder
2004-01-01 08:12 . 2011-09-07 21:45 1350 ----a-w- C:\sdfeww.bat
2004-01-01 08:05 . 2011-09-05 22:02 1214800 ----a-w- C:\RegCure 1.5.0.0 Trial.exe
2004-01-01 08:05 . 2003-12-31 18:30 -------- d-----w- C:\CRACK
2004-01-01 08:05 . 2011-09-05 21:46 2262789 ----a-w- C:\RegCure.exe
2004-01-01 07:00 . 2004-01-01 07:00 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-08-03 22:56 . 2011-09-09 06:13 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2004-08-03 22:56 . 2011-09-09 06:13 158208 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2004-08-03 22:56 . 2011-09-09 06:13 18944 ----a-w- c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2004-08-03 22:56 . 2011-09-09 06:13 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2004-08-03 22:56 . 2011-09-09 06:13 768512 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2004-08-03 22:56 . 2004-08-03 22:56 279040 ----a-w- c:\windows\help\tshoot.dll
2004-08-03 22:56 . 2011-09-09 06:13 725566 ----a-w- c:\windows\srchasst\srchui.dll
2004-08-03 22:56 . 2011-09-09 06:13 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2004-08-03 22:56 . 2011-09-09 06:13 38912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2004-08-03 22:56 . 2011-09-09 06:13 102400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2004-08-03 22:56 . 2004-08-03 22:56 34816 ----a-w- c:\windows\help\sniffpol.dll
2004-08-03 22:56 . 2004-08-03 22:56 33280 ----a-w- c:\windows\help\sstub.dll
2004-08-03 22:56 . 2011-09-09 06:13 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2004-08-03 22:56 . 2011-09-09 06:13 376320 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2004-08-03 22:56 . 2004-08-03 22:56 450048 ----a-w- c:\windows\apppatch\AcLayers.dll
2004-08-03 22:56 . 2004-08-03 22:56 244736 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2004-08-03 22:56 . 2004-08-03 22:56 1852416 ----a-w- c:\windows\apppatch\AcGenral.dll
2004-08-03 22:56 . 2004-08-03 22:56 137728 ----a-w- c:\windows\apppatch\AcLua.dll
2004-08-03 22:56 . 2004-08-03 22:56 116224 ----a-w- c:\windows\apppatch\AcXtrnal.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-03 . 79E3761C72A658986693D9342E0EDADD . 138752 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[7] 2004-08-03 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2004-08-03 . 25855A1846BEF40E8184556301164194 . 52224 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[7] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
.
.
[-] 2004-08-03 . AFA0CCC142CC304C7F56A4031AF41C6F . 120832 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
.
c:\windows\System32\ksuser.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-09-09 1500160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"System Intrusive"="\found.001\loglogms.dll" [2011-09-09 120832]
"4"="c:\documents and settings\Hackingwite.AKATSUKI-2F87D9\4.exe" [2011-09-09 42240]
"Microsoft Firewall 2.9"="c:\windows\system32\config\systemprofile\Application Data\WMPRWISE.EXE" [2011-09-09 132608]
"KB1013444.exe"="c:\documents and settings\Hackingwite.AKATSUKI-2F87D9\Application Data\KB1013444.exe" [2011-09-09 53248]
.
c:\documents and settings\Ajay\Start Menu\Programs\Startup\
4gww6ii.exe [2004-1-1 0]
avlhcc6oo.exe [2004-1-1 0]
ccxoojaa.exe [2004-1-1 0]
fwwrii0u.exe [2004-1-1 0]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"Shell"= explorer.exe,RunDll32 "c:\windows\system32\svclsa.dll",Init
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-System Intrusive - c:\windows\system32\mui\0816\lsaetsrv.dll
HKU-Default-Run-engel - c:\documents and settings\Hackingwite.AKATSUKI-2F87D9\Application Data\updates\updates.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-01-01 00:01
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2004-01-01 00:05:26 - machine was rebooted
ComboFix-quarantined-files.txt 2003-12-31 18:35
.
Pre-Run: 18,682,916,864 bytes free
Post-Run: 18,574,848,000 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" =optin /fastdetect
.
- - End Of File - - D53E5E2AE9EBE09045151F600A504737

[Broni]

This is exactly what Virut does.
It belongs to not curable file infector family of rookits.
It attaches malicious code to number of crucial system files.
As you can see from Combofix log a whole bunch of basic system files is reported as infected.
Combofix does the best what it can do.
It tries to replace those files with different copies, but if you run Combofix again you'll see same files being infected again.

As I said before the only solution in this case is full format and Windows reinstallation.

[Kakashi789]

Lol i am fed up

[Broni]

Look. It's very simple. You can't do something what is not doable.
Unfortunately end of the story.

[Kakashi789]

Yo broni i was using a tool named advanced system care and it removed my all viruses and when i try to access microsoft website it worked out
Thanks for your help anyway

[Broni]

I can assure you your computer is still infected.

[Kakashi789]

Lol let it be if anything happens i will directly format my drives