how-to block ads
|
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
| reply to fjr1966
Re: HJT LOG - PC sends out massive random emails, locks up!
Service Pack 3 for XP was just released, and will be available for dowload and through Windows Update next week. Please install this through a direct download when available. The main Security Forum page will not when this happens. If you have any problems installing SP3, start a new topic here. I helped over 1200 people install SP2 through Forum assistance, and not one of them was unable to do so with assistance. Your computer was massively infected, and a lot of this would have been avoided with SP2 installed.
What is the status of your Norton installation? Is this a new installation? You show a great deal of recent file updates. Please advise if your subscription is current, and that Norton is updated and working properly.
1. Right-click on the header of the Code box below, where on the right side it says: "Copy to clipboard":
Open a new Notepad session - (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .
• Disconnect from the Internet.
• Disable your Antivirus. If the Antivirus software you use has any Script Blocking features, be certain to disable these as well.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any Disclaimers to start the fix.
Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown in this little picture:
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
•!• A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
2. Kaspersky Online Scanner
Go Here --- »www.kaspersky.co.uk/virusscanner
Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then take a long walk! Do not use the computer until the scan is finished.
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
3. Use the Norton Live Update feature and make sure you are current on definitions.
Boot to Safe Mode and scan your computer as thoroughly as Norton permits.
Post back to the Forum the results of C:\Combofix.txt, and the Kaspersky scan results.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
fjr1966
join:2008-04-24
Dublin, OH
| Results of Combofix and the Kaspersky scan are below. I will attempt the SP3 update as soon as possible and time allowed. If I have any problems with the update, I will be sure to start a new topic thread for help. Norton AV was recently reinstalled. It would not update and showed “error” in the email scanning section all the time. Norton AV online help desk had me do a reinstall. However, I now see that although the Norton AV live update, even after the reinstall, said it was current, actually, when paging through the definitions, was woefully out-of-date. After we performed all of the steps prescribed on this forum, I ran a manual install, from Norton AV’s website and the definitions are, in fact, now completely up-to-date. I ran Norton AV again and it found a number of viruses previously not detected. (I run Norton AV every week for a full scan and it remains resident so as to detect any real-time viral events and fix and/or quarantine them.) I am sure this was due to the fact that my best educated guess is that the Norton AV definitions were more than 6 months outdated. I am also fairly confident, with your help, we have eradicated and cured most of the ailments my PC was afflicted with, and the original problem I posted about has ceased to resurface. I await any further instructions after you view the logs from the latest scans. Thank you.
COMBOFIX LOG
*******************************
ComboFix 08-04-22.5 - FRANK 2008-04-25 16:10:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.285 [GMT -4:00]
Running from: C:\Documents and Settings\FRANK\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\FRANK\Desktop\CFscript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\asferrorq.dll
C:\windows\SYSTEM32\BLACKBOXL.DLL
C:\windows\SYSTEM32\cfgmgr32f.dll
C:\windows\SYSTEM32\CFGMGR32F.DLL
C:\windows\SYSTEM32\COMPATUIP.DLL
C:\windows\SYSTEM32\KBDPOV.DLL
C:\WINDOWS\system32\syfowhie.tmp
C:\WINDOWS\wininit.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\asferrorq.dll
C:\windows\SYSTEM32\cfgmgr32f.dll
C:\WINDOWS\system32\syfowhie.tmp
C:\WINDOWS\wininit.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.
2008-04-25 00:25 . 2008-04-25 00:25 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-25 00:25 . 2008-04-25 00:25 d-------- C:\Documents and Settings\FRANK\Application Data\Malwarebytes
2008-04-25 00:25 . 2008-04-25 00:25 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 16:06 . 2008-04-25 07:13 d-------- C:\Program Files\Spyware Doctor
2008-04-24 16:06 . 2008-04-24 16:06 d-------- C:\Documents and Settings\FRANK\Application Data\PC Tools
2008-04-24 16:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-24 16:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-24 16:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-24 16:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-24 14:49 . 2008-04-24 15:55 d-------- C:\Program Files\EsetOnlineScanner
2008-04-24 07:28 . 2008-04-24 07:28 d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-24 06:53 . 2008-04-24 06:53 d-------- C:\Program Files\SymNetDrv
2008-04-24 06:52 . 2005-07-29 09:56 124,168 --a------ C:\WINDOWS\system32\SymStore.dll
2008-04-24 06:49 . 2008-04-24 06:50 d-------- C:\Program Files\Norton AntiVirus
2008-04-24 06:49 . 2008-04-24 06:49 d-------- C:\Documents and Settings\FRANK\Application Data\Symantec
2008-04-24 06:49 . 2002-02-26 10:40 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-04-24 06:49 . 2002-02-26 10:40 58,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-24 06:49 . 2002-02-26 10:40 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-24 06:12 . 2008-04-24 06:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 06:08 . 2008-04-24 06:53 d-------- C:\Program Files\Symantec
2008-04-24 06:08 . 2008-04-24 06:55 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-24 06:08 . 2008-04-24 06:50 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 05:25 . 2002-02-26 10:40 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
2008-04-24 04:45 . 2008-04-25 17:03 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 08:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-23 17:15 --------- d-----w C:\Documents and Settings\FRANK\Application Data\uTorrent
2008-02-11 13:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 13:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 17:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 12:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-09-28 18:40 57,760 ----a-w C:\Documents and Settings\FRANK\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-04-25_ 0.17.47.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 04:10:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 20:13:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-24 07:37:19 41,708 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-25 04:13:47 41,708 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-24 07:37:19 314,710 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-25 04:13:47 314,710 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 18:08 1511453]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 03:11 16384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-30 13:50 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"nwiz"="nwiz.exe" [2004-03-24 10:04 782336 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04 46080]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04 3309568]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 06:50 155648]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 12:39 98304]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 01:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 17:59 374688]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2002-02-27 11:27 75384]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-24 06:53 95960]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-25 03:11:09 169472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll
"vidc.xvid"= xvid.dll
"VIDC.I263"= i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7il]
C:\WINDOWS\system32\7il.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoProp]
--------- 2001-07-16 07:50 36864 C:\PROGRA~1\MICROS~2\Office\bots\fp_wmp\regprop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--------- 2006-07-11 06:06 3144800 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]
C:\WINDOWS\9129837.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--------- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe
R2 IOPort;IOPort;C:\WINDOWS\System32\DRIVERS\IOPORT.SYS [1998-11-27 23:57]
R3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\System32\DRIVERS\p35u.sys [2001-09-24 12:42]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 10:50:56 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-04-25 17:02:32
Windows 5.1.2600 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
.
**************************************************************************
.
Completion time: 2008-04-25 17:14:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 21:14:02
ComboFix2.txt 2008-04-25 04:18:52
Pre-Run: 66,407,792,640 bytes free
Post-Run: 66,450,685,952 bytes free
155
KASPERSKY REPORT
*************************
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 25, 2008 6:55:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/04/2008
Kaspersky Anti-Virus database records: 725571
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 88522
Number of viruses found: 5
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 01:19:48
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\FRANK\Application Data\Sun\Java\Deployment\cache\6.0\41\14123b69-28de183b Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\FRANK\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\History\History.IE5\MSHist012008042520080426\index.dat Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe RarSFX: infected - 3 skipped
C:\Documents and Settings\FRANK\ntuser.dat Object is locked skipped
C:\Documents and Settings\FRANK\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\storydb.idx Object is locked skipped
C:\Program Files\Messenger\kygeta.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe RarSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Windows NT\hodyrugo.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\QooBox\Quarantine\catchme2008-04-25_ 00911.26.zip/RKWR64.sys Infected: Rootkit.Win32.Agent.aih skipped
C:\QooBox\Quarantine\catchme2008-04-25_ 00911.26.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP13\A0000032.dll Infected: Trojan-Spy.Win32.Agent.bzy skipped
C:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe RarSFX: infected - 3 skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe RarSFX: infected - 4 skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\change.log Object is locked skipped
G:\SYSTEM TOOLS\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\SYSTEM TOOLS\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\SYSTEM TOOLS\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\SYSTEM TOOLS\keyfinder.exe RarSFX: infected - 3 skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe RarSFX: infected - 4 skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\change.log Object is locked skipped
H:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\change.log Object is locked skipped
Scan process completed. | |
|
