Done
i just wanna ask y kaspersky (the program) don't show me that my PC is infected??
ok here's the log...
ComboFix 08-06-01.6 - win xp 06/08/2008 10:11:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.154 [GMT 3:00]
Running from: C:\Documents and Settings\win xp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\win xp\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\juok3st.bat
D:\DVDVideoSoft\Video ConverterVideoTools\sn avs video converter v5 6 multiple cracks.rar
D:\juok3st.bat
E:\juok3st.bat
E:\Programs\crack.exe
E:\Programs\Kaspersky Anti-virus 6.0.1.411.rar
E:\Programs\keygen.exe
F:\juok3st.bat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\juok3st.bat
C:\Program Files\AdVantage
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc
C:\Program Files\AdVantage\AdVantage.db
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\AdVantage\AdVantage.htm
C:\Program Files\AdVantage\AdVantageupdate.exe
C:\Program Files\AdVantage\AdVUninst.exe
C:\Program Files\AdVantage\ffext.mod
C:\Program Files\AdVantage\user.db
D:\DVDVideoSoft\Video ConverterVideoTools\sn avs video converter v5 6 multiple cracks.rar
D:\juok3st.bat
E:\juok3st.bat
E:\Programs\crack.exe
E:\Programs\Kaspersky Anti-virus 6.0.1.411.rar
E:\Programs\keygen.exe
F:\juok3st.bat
.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 07:20 3,971,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-08 07:20 10,272 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-08 07:19 54,212 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-08 07:19 1,964 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-08 07:17 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-08 07:15 --------- d-----w C:\Documents and Settings\win xp\Application Data\uTorrent
2008-06-08 07:13 --------- d-----w C:\Documents and Settings\win xp\Application Data\DMCache
2008-06-07 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-06 09:29 --------- d-----w C:\Program Files\MegauploadToolbar
2008-06-06 08:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 13:12 4,682 ----a-w C:\WINDOWS\system32\HFX15E.tmp
2008-06-05 13:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-05 13:10 3,462 ----a-w C:\WINDOWS\system32\HFX10A.tmp
2008-06-05 11:08 --------- d-----w C:\Documents and Settings\win xp\Application Data\IDM
2008-06-03 07:13 --------- d-----w C:\Documents and Settings\win xp\Application Data\MegauploadToolbar
2008-06-02 11:31 --------- d-----w C:\Documents and Settings\Administrator.BOSS\Application Data\Nero
2008-06-01 16:02 --------- d-----w C:\Documents and Settings\win xp\Application Data\Azureus
2008-05-28 11:24 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 11:24 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-27 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-05-25 09:22 --------- d-----w C:\Documents and Settings\win xp\Application Data\Thinstall
2008-05-24 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-22 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-22 14:10 --------- d-----w C:\Program Files\CyberLink
2008-05-22 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 14:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-21 22:13 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-21 13:05 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-21 07:10 --------- d-----w C:\Program Files\Common Files\DeskShare Shared
2008-05-20 17:46 --------- d-----w C:\Documents and Settings\win xp\Application Data\HP
2008-05-20 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-20 17:36 --------- d-----w C:\Program Files\HP
2008-05-20 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-20 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-20 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-20 17:34 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-20 17:34 --------- d-----w C:\Program Files\Common Files\HP
2008-05-20 17:33 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-20 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-15 13:20 --------- d-----w C:\Documents and Settings\win xp\Application Data\yoclient
2008-05-11 21:13 --------- d-----w C:\Program Files\Easy RealMedia Tools
2008-05-04 14:51 --------- d-----w C:\Program Files\Phone2006
2008-05-03 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-03 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\ConeXware
2008-05-03 10:24 --------- d-----w C:\Documents and Settings\win xp\Application Data\Uniblue
2008-05-01 13:37 --------- d-----w C:\Program Files\iTunes
2008-04-29 16:38 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-29 13:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-29 13:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-29 07:10 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-29 07:10 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-29 07:09 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-29 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\win xp\Application Data\PC Suite
2008-04-28 08:53 --------- d-----w C:\Program Files\Family Programs 2
2008-04-28 08:43 40,960 ----a-w C:\WINDOWS\ccd3uninst.exe
2008-04-28 08:43 --------- d-----w C:\Program Files\Timesave Software
2008-04-20 20:37 --------- d-----w C:\Program Files\Java
2008-04-20 19:46 --------- d-----w C:\Program Files\Common Files\Java
2008-04-18 13:32 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-04-11 09:31 --------- d-----w C:\Documents and Settings\win xp\Application Data\AVSMedia
2008-04-10 11:34 --------- d-----w C:\Program Files\iColorFolder
2008-04-10 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiComponents
2008-04-10 09:36 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-04-09 15:30 --------- d-----w C:\Documents and Settings\win xp\Application Data\Wizzl BV
2008-04-08 10:45 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 13:20 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.
((((((((((((((((((((((((((((( snapshot_Fri 06-06-2008_22.18.26.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-06-28 07:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 07:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-01 15:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
- 2008-06-06 19:14:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 07:20:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-11-01 15:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-26 19:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-11-01 15:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-26 19:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-10-31 10:41:16 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2006-09-28 11:36:30 104,448 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-06-07 22:04:18 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.sys
- 2008-05-28 08:15:29 159,248 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-06-07 20:34:30 174,864 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-06-07 22:04:18 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.sys
+ 2006-11-15 12:44:50 18,273 ----a-w C:\WINDOWS\system32\drivers\klop.sys
- 2007-08-13 15:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2005-05-24 09:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 12:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 12:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-08-13 15:54:10 231,424 ------w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\webcheck.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"IDMan"="D:\Internet Download Manager\IDM.v5.12\Patch\IDMan.exe" [05/25/2008 12:34 PM 932864]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/28/2008 08:28 PM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [11/08/2006 06:28 PM 155751]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 10/18/2005 10:58 PM 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 02/29/2008 01:30 AM 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 02/28/2008 08:28 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 12/20/2004 09:41 PM 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus\\Azureus.exe"=
"D:\\Flash MX\\Flash.exe"=
"D:\\uTorrent\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\DRIVERS\klbg.sys [10/24/2007 02:16 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [10/31/2007 12:58 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [05/30/2007 05:49 PM]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [09/17/2007 03:53 PM]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [11/29/2007 10:39 AM]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [11/29/2007 10:39 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 10:20:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\locator.exe
.
**************************************************************************
.
Completion time: 06/08/2008 10:25:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 07:25:13
ComboFix2.txt 2008-06-06 19:18:47
ComboFix3.txt 2008-06-06 10:24:05
ComboFix4.txt 2008-06-04 07:12:56
Pre-Run: 15,837,777,920 bytes free
Post-Run: 15,889,854,464 bytes free
237 --- E O F --- 2008-06-07 22:28:49
the kaspersky report....
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 08, 2008 11:27:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/06/2008
Kaspersky Anti-Virus database records: 838913
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 85133
Number of viruses found: 17
Number of infected objects: 203
Number of suspicious objects: 0
Duration of the scan process: 00:52:37
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\003e_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0040_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\win xp\Application Data\IDM\DwnlData\win xp\My_06_59\My_06.rmvb Object is locked skipped
C:\Documents and Settings\win xp\Application Data\IDM\DwnlData\win xp\My_06_59\My_06.rmvb1 Object is locked skipped
C:\Documents and Settings\win xp\Application Data\IDM\DwnlData\win xp\My_06_59\My_06.rmvb2 Object is locked skipped
C:\Documents and Settings\win xp\Application Data\IDM\DwnlData\win xp\My_06_59\My_06.rmvb3 Object is locked skipped
C:\Documents and Settings\win xp\Application Data\IDM\DwnlData\win xp\My_06_59\My_06.rmvb4 Object is locked skipped
C:\Documents and Settings\win xp\Application Data\IDM\DwnlData\win xp\My_06_59\My_06.rmvb5 Object is locked skipped
C:\Documents and Settings\win xp\Application Data\IDM\DwnlData\win xp\My_06_59\My_06.rmvb6 Object is locked skipped
C:\Documents and Settings\win xp\Application Data\IDM\DwnlData\win xp\My_06_59\My_06.rmvb7 Object is locked skipped
C:\Documents and Settings\win xp\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\cert8.db Object is locked skipped
C:\Documents and Settings\win xp\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\flashgot.log Object is locked skipped
C:\Documents and Settings\win xp\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\history.dat Object is locked skipped
C:\Documents and Settings\win xp\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\key3.db Object is locked skipped
C:\Documents and Settings\win xp\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\parent.lock Object is locked skipped
C:\Documents and Settings\win xp\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\search.sqlite Object is locked skipped
C:\Documents and Settings\win xp\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\win xp\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped
C:\Documents and Settings\win xp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\win xp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\win xp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\win xp\Local Settings\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\win xp\Local Settings\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\win xp\Local Settings\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\win xp\Local Settings\Application Data\Mozilla\Firefox\Profiles\qlwoxq51.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\win xp\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\win xp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\win xp\ntuser.dat Object is locked skipped
C:\Documents and Settings\win xp\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.bur skipped
C:\QooBox\Quarantine\C\Program Files\AdVantage\AdVantage.exe.vir Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\akykrqke.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo.exe.vir Infected: Worm.Win32.AutoRun.bur skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir Infected: Worm.Win32.AutoRun.bur skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo1.dll.vir Infected: Worm.Win32.AutoRun.bur skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dwvvccoh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\quyloynn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rifqqtyn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tjkloydg.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvUKEuT.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tss skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uwmedupm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\voeuados.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vusvhxkm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ttg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wincqt32.dll.vir Infected: Trojan.Win32.Agent.qoh skipped
C:\QooBox\Quarantine\D\autorun.inf.vir Infected: Worm.Win32.AutoRun.bur skipped
C:\QooBox\Quarantine\D\DVDVideoSoft\Video ConverterVideoTools\sn avs video converter v5 6 multiple cracks.rar.vir/View AVS Video Converter 5.6.1.710 with the ultimate player/PlayerToolSetup0502.EXE/WISE0007.BIN/file8 Infected: Trojan.Win32.Obfuscated.en skipped
C:\QooBox\Quarantine\D\DVDVideoSoft\Video ConverterVideoTools\sn avs video converter v5 6 multiple cracks.rar.vir/View AVS Video Converter 5.6.1.710 with the ultimate player/PlayerToolSetup0502.EXE/WISE0007.BIN Infected: Trojan.Win32.Obfuscated.en skipped
C:\QooBox\Quarantine\D\DVDVideoSoft\Video ConverterVideoTools\sn avs video converter v5 6 multiple cracks.rar.vir/View AVS Video Converter 5.6.1.710 with the ultimate player/PlayerToolSetup0502.EXE Infected: Trojan.Win32.Obfuscated.en skipped
C:\QooBox\Quarantine\D\DVDVideoSoft\Video ConverterVideoTools\sn avs video converter v5 6 multiple cracks.rar.vir RAR: infected - 3 skipped
C:\QooBox\Quarantine\E\autorun.inf.vir Infected: Worm.Win32.AutoRun.bur skipped
C:\QooBox\Quarantine\E\Programs\Kaspersky Anti-virus 6.0.1.411.rar.vir/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.tsv skipped
C:\QooBox\Quarantine\E\Programs\Kaspersky Anti-virus 6.0.1.411.rar.vir/crack.exe Infected: Trojan.Win32.Agent.qoh skipped
C:\QooBox\Quarantine\E\Programs\Kaspersky Anti-virus 6.0.1.411.rar.vir RAR: infected - 2 skipped
C:\QooBox\Quarantine\F\autorun.inf.vir Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP259\A0082711.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP264\A0094062.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tti skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP264\A0097062.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vnb skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP265\A0102103.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vnb skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP269\A0109183.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP269\A0112196.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP270\A0132276.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP270\A0132278.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP270\A0132455.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP270\A0132567.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP270\A0132804.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqh skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP270\A0132853.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP270\A0132856.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0134932.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0134934.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0135111.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0135223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0135460.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqh skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138337.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138339.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138340.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138360.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138361.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138362.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139366.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139368.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139369.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139400.exe Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139401.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139402.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139403.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139420.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139422.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139423.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140420.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140421.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140422.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140455.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140456.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140481.exe Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140482.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141411.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vnb skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141421.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141422.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141423.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141442.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141444.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141445.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142442.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142443.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142444.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143442.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143443.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143444.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144442.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144444.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144445.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144507.exe Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144508.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144509.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144510.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144538.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144542.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144543.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144564.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144565.inf Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144576.exe Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144577.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144578.dll Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144579.dll Infected: Trojan.Win32.Agent.qoh skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144580.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144581.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144582.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144583.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144584.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144585.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tss skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144586.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144587.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144588.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttg skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP280\A0166101.exe Infected: Trojan-Downloader.Win32.Agent.pdl skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\A0208252.exe Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\A0208257.bat Infected: Worm.Win32.AutoRun.bur skipped
C:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BC3C03F4-8C65-4FED-A702-E9338031E0F8}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138341.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138342.INF Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138363.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138364.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139370.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139371.INF Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139404.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139405.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139424.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139425.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140423.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140424.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140449.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140457.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141424.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141425.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141446.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141447.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142445.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142446.INF Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143445.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143446.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144446.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144511.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144512.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144544.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144545.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144566.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144567.inf Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\A0208258.bat Infected: Worm.Win32.AutoRun.bur skipped
D:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\change.log Object is locked skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP269\A0106142.exe Infected: Trojan.Win32.Agent.qoh skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138343.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138344.INF Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138365.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138366.INF Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139372.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139373.INF Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139406.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139407.inf Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139426.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139427.INF Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140425.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140427.INF Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140451.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140452.inf Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141426.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141427.inf Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141448.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141449.INF Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142447.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142448.INF Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143447.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143448.INF Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144447.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144448.inf Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144513.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144514.inf Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144546.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144547.inf Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144568.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144569.inf Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144617.exe Infected: Trojan.Win32.Agent.qoh skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\A0208259.bat Infected: Worm.Win32.AutoRun.bur skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\A0208260.exe Infected: Trojan.Win32.Agent.qoh skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\A0208261.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.tsv skipped
E:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\change.log Object is locked skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138345.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138346.INF Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138367.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0138368.INF Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139374.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139375.INF Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139408.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139409.inf Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139428.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0139429.INF Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140428.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP271\A0140429.INF Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140453.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0140454.inf Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141428.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141429.inf Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141450.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0141451.INF Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142449.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0142450.INF Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143449.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0143450.INF Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144449.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144450.inf Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144515.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144516.inf Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144548.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP272\A0144549.inf Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144570.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP273\A0144571.inf Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\A0208262.bat Infected: Worm.Win32.AutoRun.bur skipped
F:\System Volume Information\_restore{55B8115A-132D-4C36-B0E8-CC546CC8FC8E}\RP289\change.log Object is locked skipped
Scan process completed.