fjr1966
join:2008-04-24
Dublin, OH
| reply to bcastner
Re: HJT LOG - PC sends out massive random emails, locks up!
Results of Combofix and the Kaspersky scan are below. I will attempt the SP3 update as soon as possible and time allowed. If I have any problems with the update, I will be sure to start a new topic thread for help. Norton AV was recently reinstalled. It would not update and showed “error” in the email scanning section all the time. Norton AV online help desk had me do a reinstall. However, I now see that although the Norton AV live update, even after the reinstall, said it was current, actually, when paging through the definitions, was woefully out-of-date. After we performed all of the steps prescribed on this forum, I ran a manual install, from Norton AV’s website and the definitions are, in fact, now completely up-to-date. I ran Norton AV again and it found a number of viruses previously not detected. (I run Norton AV every week for a full scan and it remains resident so as to detect any real-time viral events and fix and/or quarantine them.) I am sure this was due to the fact that my best educated guess is that the Norton AV definitions were more than 6 months outdated. I am also fairly confident, with your help, we have eradicated and cured most of the ailments my PC was afflicted with, and the original problem I posted about has ceased to resurface. I await any further instructions after you view the logs from the latest scans. Thank you.
COMBOFIX LOG
*******************************
ComboFix 08-04-22.5 - FRANK 2008-04-25 16:10:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.285 [GMT -4:00]
Running from: C:\Documents and Settings\FRANK\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\FRANK\Desktop\CFscript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\asferrorq.dll
C:\windows\SYSTEM32\BLACKBOXL.DLL
C:\windows\SYSTEM32\cfgmgr32f.dll
C:\windows\SYSTEM32\CFGMGR32F.DLL
C:\windows\SYSTEM32\COMPATUIP.DLL
C:\windows\SYSTEM32\KBDPOV.DLL
C:\WINDOWS\system32\syfowhie.tmp
C:\WINDOWS\wininit.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\asferrorq.dll
C:\windows\SYSTEM32\cfgmgr32f.dll
C:\WINDOWS\system32\syfowhie.tmp
C:\WINDOWS\wininit.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.
2008-04-25 00:25 . 2008-04-25 00:25 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-25 00:25 . 2008-04-25 00:25 d-------- C:\Documents and Settings\FRANK\Application Data\Malwarebytes
2008-04-25 00:25 . 2008-04-25 00:25 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 16:06 . 2008-04-25 07:13 d-------- C:\Program Files\Spyware Doctor
2008-04-24 16:06 . 2008-04-24 16:06 d-------- C:\Documents and Settings\FRANK\Application Data\PC Tools
2008-04-24 16:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-24 16:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-24 16:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-24 16:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-24 14:49 . 2008-04-24 15:55 d-------- C:\Program Files\EsetOnlineScanner
2008-04-24 07:28 . 2008-04-24 07:28 d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-24 06:53 . 2008-04-24 06:53 d-------- C:\Program Files\SymNetDrv
2008-04-24 06:52 . 2005-07-29 09:56 124,168 --a------ C:\WINDOWS\system32\SymStore.dll
2008-04-24 06:49 . 2008-04-24 06:50 d-------- C:\Program Files\Norton AntiVirus
2008-04-24 06:49 . 2008-04-24 06:49 d-------- C:\Documents and Settings\FRANK\Application Data\Symantec
2008-04-24 06:49 . 2002-02-26 10:40 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-04-24 06:49 . 2002-02-26 10:40 58,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-24 06:49 . 2002-02-26 10:40 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-24 06:12 . 2008-04-24 06:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 06:08 . 2008-04-24 06:53 d-------- C:\Program Files\Symantec
2008-04-24 06:08 . 2008-04-24 06:55 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-24 06:08 . 2008-04-24 06:50 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 05:25 . 2002-02-26 10:40 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
2008-04-24 04:45 . 2008-04-25 17:03 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 08:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-23 17:15 --------- d-----w C:\Documents and Settings\FRANK\Application Data\uTorrent
2008-02-11 13:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 13:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 17:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 12:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-09-28 18:40 57,760 ----a-w C:\Documents and Settings\FRANK\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-04-25_ 0.17.47.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 04:10:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 20:13:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-24 07:37:19 41,708 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-25 04:13:47 41,708 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-24 07:37:19 314,710 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-25 04:13:47 314,710 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 18:08 1511453]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 03:11 16384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-30 13:50 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"nwiz"="nwiz.exe" [2004-03-24 10:04 782336 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04 46080]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04 3309568]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 06:50 155648]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 12:39 98304]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 01:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 17:59 374688]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2002-02-27 11:27 75384]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-24 06:53 95960]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-25 03:11:09 169472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll
"vidc.xvid"= xvid.dll
"VIDC.I263"= i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7il]
C:\WINDOWS\system32\7il.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoProp]
--------- 2001-07-16 07:50 36864 C:\PROGRA~1\MICROS~2\Office\bots\fp_wmp\regprop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--------- 2006-07-11 06:06 3144800 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]
C:\WINDOWS\9129837.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--------- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe
R2 IOPort;IOPort;C:\WINDOWS\System32\DRIVERS\IOPORT.SYS [1998-11-27 23:57]
R3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\System32\DRIVERS\p35u.sys [2001-09-24 12:42]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 10:50:56 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-04-25 17:02:32
Windows 5.1.2600 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
.
**************************************************************************
.
Completion time: 2008-04-25 17:14:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 21:14:02
ComboFix2.txt 2008-04-25 04:18:52
Pre-Run: 66,407,792,640 bytes free
Post-Run: 66,450,685,952 bytes free
155
KASPERSKY REPORT
*************************
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 25, 2008 6:55:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/04/2008
Kaspersky Anti-Virus database records: 725571
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 88522
Number of viruses found: 5
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 01:19:48
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\FRANK\Application Data\Sun\Java\Deployment\cache\6.0\41\14123b69-28de183b Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\FRANK\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\History\History.IE5\MSHist012008042520080426\index.dat Object is locked skipped
C:\Documents and Settings\FRANK\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe RarSFX: infected - 3 skipped
C:\Documents and Settings\FRANK\ntuser.dat Object is locked skipped
C:\Documents and Settings\FRANK\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\FRANK\Data\storydb.idx Object is locked skipped
C:\Program Files\Messenger\kygeta.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe RarSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AAF073F.exe Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Windows NT\hodyrugo.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\QooBox\Quarantine\catchme2008-04-25_ 00911.26.zip/RKWR64.sys Infected: Rootkit.Win32.Agent.aih skipped
C:\QooBox\Quarantine\catchme2008-04-25_ 00911.26.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP13\A0000032.dll Infected: Trojan-Spy.Win32.Agent.bzy skipped
C:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe RarSFX: infected - 3 skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000150.exe RarSFX: infected - 4 skipped
D:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\change.log Object is locked skipped
G:\SYSTEM TOOLS\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\SYSTEM TOOLS\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\SYSTEM TOOLS\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\SYSTEM TOOLS\keyfinder.exe RarSFX: infected - 3 skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\A0000151.exe RarSFX: infected - 4 skipped
G:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\change.log Object is locked skipped
H:\System Volume Information\_restore{DDC2EB08-1B46-4CD4-8582-F7D631FA6E0E}\RP14\change.log Object is locked skipped
Scan process completed. |
