|
|
salmend
regular
Reg'd: Tue
Posts: 64
|
Re: Probably hijacked
Mon May 26 2008 03:21 PM
|
|
|
ComboFix 08-05-24.1 - Jay Cutler 2008-05-26 1:38:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.565 [GMT -4:00]
Running from: C:\Documents and Settings\Jay Cutler\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jay Cutler\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\jpewocmz.ini
C:\WINDOWS\system32\lpcywinp.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\jpewocmz.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-08 23:33 . 2008-05-08 23:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-07 21:09 . 2008-05-07 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 19:16 . 2008-05-07 19:16 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\vlc
2008-05-07 18:59 . 2008-05-07 19:20 6,317 --ahs---- C:\WINDOWS\system32\klnTvyay.ini
2008-05-07 18:57 . 2008-05-07 18:57 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\dvdcss
2008-05-07 18:54 . 2008-05-07 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-05-07 18:40 . 2008-05-07 18:55 <DIR> d-------- C:\Program Files\VLC
2008-05-07 10:18 . 2008-05-23 17:36 1,258 --a------ C:\rollback.ini
2008-05-05 21:08 . 2008-05-07 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-05 21:07 . 2008-03-13 23:10 99,816 --a------ C:\WINDOWS\system32\~GLH0021.TMP
2008-05-05 20:30 . 2008-05-23 17:28 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-05 20:29 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-05 20:28 . 2008-05-25 12:58 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-05 20:28 . 2008-05-24 18:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\iolo
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-05 11:22 . 2008-05-05 11:22 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-04 14:38 . 2008-05-04 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-04 14:36 . 2008-05-04 14:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-04-30 13:33 . 2008-04-30 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AcrobatInstall
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 13:51 . 2008-04-28 13:51 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-28 13:51 . 2008-04-28 13:51 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-28 13:50 . 2008-05-25 18:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Program Files\AVG
2008-04-28 13:50 . 2008-04-29 00:27 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\AVGTOOLBAR
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 13:50 . 2008-04-28 13:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-28 13:50 . 2008-04-28 13:50 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 02:49 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\uTorrent
2008-05-26 01:59 --------- d-----w C:\Program Files\Steam
2008-05-23 23:04 --------- d-----w C:\Program Files\CursorXP
2008-05-16 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 14:06 67,114 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_09_09_28_57_small.dmp.zip
2008-05-09 14:06 55,323 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_09_09_29_43_small.dmp.zip
2008-05-07 23:21 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7805.sys
2008-05-04 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 18:41 --------- d-----w C:\Program Files\AIM6
2008-04-18 23:05 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\Ahead
2008-04-18 22:48 --------- d-----w C:\Program Files\Nero
2008-04-18 22:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-18 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-18 22:29 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-18 22:28 --------- d-----w C:\Program Files\DVD Shrink
2008-04-18 16:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Viewpoint
2008-04-17 15:08 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\U3
2008-04-11 00:53 --------- d-----w C:\Program Files\DivX
2008-04-08 14:43 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\Ruckus Network
2008-04-08 07:18 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\goombah
2008-04-08 01:15 --------- d-----w C:\Program Files\Ruckus Player
2008-04-08 01:15 --------- d-----w C:\Program Files\Emergent Music LLC
2008-04-05 04:05 --------- d-----w C:\Program Files\Java
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 18:57 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\CyberLink
2008-03-29 18:53 --------- d-----w C:\Program Files\CyberLink
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-09 06:34 4,512 ----a-w C:\Program Files\pkey.txt
2007-11-04 21:21 2,045,024 ----a-w C:\Program Files\everest.exe
2006-03-20 20:37 5,689,344 ----a-w C:\Program Files\mplayerc.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-25_13.57.04.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 17:50:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-26 05:12:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-26 05:00:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_108.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-28 13:50 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-28 13:50 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-28 13:50 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2007-08-11 16:50 331264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"P17Helper"="P17.dll" [2005-05-03 07:38 64512 C:\WINDOWS\system32\P17.dll]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 20:00 55368]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-21 03:14 185632]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-28 13:50 1177368]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Keygen.exe"="C:\WINDOWS\system32\TPSrv32.exe" [ ]
C:\Documents and Settings\Jay Cutler\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-28 13:51]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-28 13:50]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-28 13:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-28 13:50]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-28 13:50]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fde2270-ad36-11dc-8f68-0016b69b6791}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a03ce2-0b1e-11dd-8f7c-0016b69b6791}]
\Shell\AutoRun\command - F:\LaunchU3.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 01:40:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
Completion time: 2008-05-26 1:41:47
ComboFix-quarantined-files.txt 2008-05-26 05:41:25
ComboFix2.txt 2008-05-25 18:00:38
ComboFix3.txt 2008-05-12 15:22:56
Pre-Run: 201,362,407,424 bytes free
Post-Run: 201,352,540,160 bytes free
196 --- E O F --- 2008-05-23 21:22:03
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 26, 2008 10:19:14 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/05/2008
Kaspersky Anti-Virus database records: 800579
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
H:\
I:\
J:\
K:\
Scan Statistics:
Total number of scanned objects: 161452
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 04:49:52
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jay Cutler\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jay Cutler\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\history.dat Object is locked skipped
C:\Documents and Settings\Jay Cutler\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\key3.db Object is locked skipped
C:\Documents and Settings\Jay Cutler\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jay Cutler\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jay Cutler\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jay Cutler\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbsg2610.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Temp\~DF43A8.tmp Object is locked skipped
C:\Documents and Settings\Jay Cutler\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jay Cutler\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jay Cutler\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\afinding.exe.vir Infected: Trojan-Downloader.Win32.Delf.hki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Indt2.sys.vir Infected: Trojan.Win32.VB.cmi skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{895CC43D-6A52-4862-8480-24164727396E}\RP532\A0153339.exe/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
C:\System Volume Information\_restore{895CC43D-6A52-4862-8480-24164727396E}\RP532\A0153339.exe/stream Infected: Trojan.Win32.VB.ami skipped
C:\System Volume Information\_restore{895CC43D-6A52-4862-8480-24164727396E}\RP532\A0153339.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{895CC43D-6A52-4862-8480-24164727396E}\RP532\A0153339.exe Crypt.Quarantine: infected - 2 skipped
C:\System Volume Information\_restore{D52B827B-3040-42B4-AC41-1B7FA91B24B0}\RP309\A0040628.sys Infected: Trojan.Win32.VB.cof skipped
C:\System Volume Information\_restore{D52B827B-3040-42B4-AC41-1B7FA91B24B0}\RP317\A0041685.sys Infected: Trojan.Win32.VB.cmi skipped
C:\System Volume Information\_restore{D52B827B-3040-42B4-AC41-1B7FA91B24B0}\RP317\A0041689.exe Object is locked skipped
C:\System Volume Information\_restore{D52B827B-3040-42B4-AC41-1B7FA91B24B0}\RP319\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{64EC37AB-D24C-4707-B9CE-A07CA2F02FCA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7805.sys Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\34593c53-bbaa-4329-a6de-9ed7afd5c772.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_108.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{D52B827B-3040-42B4-AC41-1B7FA91B24B0}\RP319\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{D52B827B-3040-42B4-AC41-1B7FA91B24B0}\RP319\change.log Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{D52B827B-3040-42B4-AC41-1B7FA91B24B0}\RP319\change.log Object is locked skipped
Scan process completed.
|
|
|
|
1 registered and 31 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
