Virtumonde and a big mess
- Thread starter Connery
- Start date
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:14 AM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINNT\system32\LVComS.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\connery.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\x\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/rssoft.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.theappliance.com/airavata/Lila62631.jpg
--
End of file - 10695 bytes
Scan saved at 6:37:14 AM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINNT\system32\LVComS.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\connery.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\x\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/rssoft.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.theappliance.com/airavata/Lila62631.jpg
--
End of file - 10695 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 07, 2008 6:27:58 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/02/2008
Kaspersky Anti-Virus database records: 552970
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 70162
Number of viruses found: 26
Number of infected objects: 228
Number of suspicious objects: 2
Duration of the scan process: 01:12:45
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11E720EA.IE5 Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12A14E60.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19DC1A5F.cab/installer_MARKETING11.exe Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19DC1A5F.cab CAB: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19DC1A5F.cab CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19DC1A5F.htm Infected: Trojan-Clicker.JS.Linker.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AC47C41.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DCC5D6F.wmf Infected: Exploit.Win32.IMG-WMF.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31125F66.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50235F39.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\659B58CD.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67370308.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\727322B8.tmp Infected: Trojan-Downloader.Win32.Bagle.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75316C30.dll Infected: Trojan.Win32.Crypt.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/a_bcd.dll Infected: Backdoor.IRC.Cloner skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/abc2.dll Infected: Backdoor.IRC.Cloner.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/abcd.jpg Infected: Backdoor.IRC.Cloner skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/adobea.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/adobes.exe Infected: Backdoor.Win32.mIRC-based skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/gg.bat Infected: Backdoor.IRC.Cloner.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.13 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe ZIP: infected - 7 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe CryptFF: infected - 7 skipped
C:\Documents and Settings\LocalService\Application Data\SDSD\KodakSvc\1.2.484.0\System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.html Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\x\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\x\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\x\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\x\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\x\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\x\Local Settings\History\History.IE5\MSHist012008020620080207\index.dat Object is locked skipped
C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\x\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\x\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\nethlpr.exe Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0529NAV~.TMP Object is locked skipped
C:\Program Files\QuickTime\QTTask.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080205-073235-200-PowerReg Scheduler .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080205-073235-352-PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080205-073235-654-PowerReg Scheduler.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080205-073235-761-PowerReg Scheduler V3.exe Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\x\ie_updates3r.exe.vir Infected: Trojan-Downloader.Win32.Tiny.agf skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccApp.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Logitech\Video\ISStart.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Logitech\Video\LogiTray.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule11.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack11.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Support.com\Charter\bin\SSRunScript.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\ceuexvti.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\drivers\NdisWon.sys.vir Infected: Trojan-Proxy.Win32.Saturn.ab skipped
C:\QooBox\Quarantine\C\WINNT\system32\erkwjeqq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\ljepnapc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\RCX25.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\vqrhuurc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\vtsqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\vtsqo.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\vtutr.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\Temp\1563625.exe.vir Infected: Trojan-Dropper.Win32.Agent.dnu skipped
C:\QooBox\Quarantine\C\wsusupd .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\wsusupd.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip/ymhiwjhc.dat Infected: Rootkit.Win32.Agent.ux skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip/comre.dll Infected: Trojan-Downloader.Win32.Delf.dxs skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip/awtrron.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip/vtsqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip ZIP: infected - 4 skipped
C:\QooBox\Quarantine\catchme2008-02-04_202726.57.zip/ndisaluo.sys Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\catchme2008-02-04_202726.57.zip/ntio922.sys Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\catchme2008-02-04_202726.57.zip ZIP: infected - 2 skipped
C:\QooBox\Quarantine\catchme2008-02-05_ 91414.75.zip/vtsqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-05_ 91414.75.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP0\A0000001.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP0\A0000013.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP0\A0000014.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000032.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000033.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000034.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000035.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000036.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000039.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000040.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000041.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000042.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000043.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000044.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000046.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000047.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000048.exe Infected: Virus.Win32.Trats.d skipped
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 07, 2008 6:27:58 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/02/2008
Kaspersky Anti-Virus database records: 552970
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 70162
Number of viruses found: 26
Number of infected objects: 228
Number of suspicious objects: 2
Duration of the scan process: 01:12:45
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11E720EA.IE5 Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12A14E60.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19DC1A5F.cab/installer_MARKETING11.exe Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19DC1A5F.cab CAB: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19DC1A5F.cab CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19DC1A5F.htm Infected: Trojan-Clicker.JS.Linker.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AC47C41.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DCC5D6F.wmf Infected: Exploit.Win32.IMG-WMF.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31125F66.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50235F39.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\659B58CD.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67370308.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\727322B8.tmp Infected: Trojan-Downloader.Win32.Bagle.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75316C30.dll Infected: Trojan.Win32.Crypt.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/a_bcd.dll Infected: Backdoor.IRC.Cloner skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/abc2.dll Infected: Backdoor.IRC.Cloner.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/abcd.jpg Infected: Backdoor.IRC.Cloner skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/adobea.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/adobes.exe Infected: Backdoor.Win32.mIRC-based skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/gg.bat Infected: Backdoor.IRC.Cloner.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe/psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.13 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe ZIP: infected - 7 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD100EC.exe CryptFF: infected - 7 skipped
C:\Documents and Settings\LocalService\Application Data\SDSD\KodakSvc\1.2.484.0\System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.html Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\x\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\x\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\x\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\x\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\x\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\x\Local Settings\History\History.IE5\MSHist012008020620080207\index.dat Object is locked skipped
C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\x\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\x\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\nethlpr.exe Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0529NAV~.TMP Object is locked skipped
C:\Program Files\QuickTime\QTTask.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080205-073235-200-PowerReg Scheduler .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080205-073235-352-PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080205-073235-654-PowerReg Scheduler.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080205-073235-761-PowerReg Scheduler V3.exe Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\x\ie_updates3r.exe.vir Infected: Trojan-Downloader.Win32.Tiny.agf skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccApp.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Logitech\Video\ISStart.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Logitech\Video\LogiTray.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule11.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack11.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Support.com\Charter\bin\SSRunScript.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\ceuexvti.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\drivers\NdisWon.sys.vir Infected: Trojan-Proxy.Win32.Saturn.ab skipped
C:\QooBox\Quarantine\C\WINNT\system32\erkwjeqq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\ljepnapc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\RCX25.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\vqrhuurc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\vtsqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\vtsqo.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\system32\vtutr.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINNT\Temp\1563625.exe.vir Infected: Trojan-Dropper.Win32.Agent.dnu skipped
C:\QooBox\Quarantine\C\wsusupd .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\wsusupd.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip/ymhiwjhc.dat Infected: Rootkit.Win32.Agent.ux skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip/comre.dll Infected: Trojan-Downloader.Win32.Delf.dxs skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip/awtrron.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip/vtsqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-03_123920.84.zip ZIP: infected - 4 skipped
C:\QooBox\Quarantine\catchme2008-02-04_202726.57.zip/ndisaluo.sys Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\catchme2008-02-04_202726.57.zip/ntio922.sys Infected: Trojan-Proxy.Win32.Wopla.at skipped
C:\QooBox\Quarantine\catchme2008-02-04_202726.57.zip ZIP: infected - 2 skipped
C:\QooBox\Quarantine\catchme2008-02-05_ 91414.75.zip/vtsqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-05_ 91414.75.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP0\A0000001.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP0\A0000013.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP0\A0000014.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000032.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000033.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000034.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000035.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000036.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000039.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000040.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000041.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000042.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000043.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000044.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000046.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000047.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000048.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000049.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000050.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000051.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000052.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000053.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000054.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000055.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000056.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000057.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000059.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000060.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000061.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000062.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000063.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000065.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000067.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000068.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000069.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000070.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000071.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000072.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000073.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000074.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000075.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000076.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000077.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000078.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000079.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000080.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000081.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000082.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000083.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000084.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000085.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000086.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000087.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000088.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000089.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000090.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000091.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000092.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000093.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000094.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000095.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000096.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000097.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000098.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000099.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000100.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000101.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000102.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000103.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000104.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000105.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000106.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000107.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000108.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000109.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000110.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000111.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000112.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000113.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000114.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000115.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000116.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000117.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000118.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000119.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000120.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000121.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000123.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000124.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000125.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000126.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000127.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000128.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000129.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000130.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000131.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000132.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000171.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000172.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000173.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000174.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000175.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000177.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000178.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000179.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000180.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000181.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000182.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000183.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000184.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000185.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000186.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000187.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000188.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000191.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000192.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000193.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000194.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000195.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000198.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000199.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000200.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000201.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000209.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000211.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000212.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000213.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000214.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000215.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000216.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000217.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000218.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000219.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000220.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000224.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000236.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000237.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000238.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000239.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000240.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000241.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000242.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000243.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000244.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000245.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000246.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000247.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000269.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP5\A0000270.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP6\A0000314.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP6\A0000315.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP7\A0000316.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP7\A0000320.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP7\A0000321.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\A0000332.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\A0000337.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\A0000338.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\A0000346.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\change.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Debug\UserMode\boot.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINNT\SoftwareDistribution\DataStore\Logs\edbtmp.log Object is locked skipped
C:\WINNT\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{5E8BADD1-9B0D-4FDF-A775-54D27A052C33}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\000050.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\WINNT\system32\000050.exe NSIS: infected - 1 skipped
C:\WINNT\system32\awtqq.dll Infected: Trojan.Win32.Crypt.o skipped
C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped
C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000050.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000051.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000052.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000053.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000054.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000055.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000056.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000057.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000059.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000060.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000061.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000062.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000063.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000065.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000067.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000068.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000069.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000070.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000071.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000072.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000073.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000074.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000075.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000076.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000077.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000078.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000079.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000080.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000081.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000082.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000083.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000084.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000085.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000086.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000087.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000088.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000089.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000090.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000091.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000092.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000093.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000094.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000095.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000096.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000097.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000098.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000099.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000100.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000101.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000102.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000103.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000104.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000105.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000106.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000107.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000108.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000109.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000110.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000111.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000112.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000113.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000114.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000115.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000116.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000117.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000118.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000119.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000120.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000121.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000123.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000124.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000125.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000126.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000127.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000128.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000129.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000130.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000131.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP1\A0000132.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000171.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000172.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000173.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000174.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000175.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000177.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000178.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000179.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000180.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP2\A0000181.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000182.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000183.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000184.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000185.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000186.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000187.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000188.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000191.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000192.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000193.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000194.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000195.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000198.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000199.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000200.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000201.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000209.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000211.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000212.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000213.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000214.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000215.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000216.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000217.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000218.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000219.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000220.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP3\A0000224.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000236.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000237.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000238.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000239.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000240.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000241.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000242.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000243.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000244.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000245.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000246.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000247.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP4\A0000269.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP5\A0000270.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP6\A0000314.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP6\A0000315.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP7\A0000316.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP7\A0000320.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP7\A0000321.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\A0000332.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\A0000337.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\A0000338.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\A0000346.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{4B5B3A2F-C5D8-4066-89CE-08B7D62B9AD7}\RP8\change.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Debug\UserMode\boot.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINNT\SoftwareDistribution\DataStore\Logs\edbtmp.log Object is locked skipped
C:\WINNT\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{5E8BADD1-9B0D-4FDF-A775-54D27A052C33}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\000050.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\WINNT\system32\000050.exe NSIS: infected - 1 skipped
C:\WINNT\system32\awtqq.dll Infected: Trojan.Win32.Crypt.o skipped
C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped
C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
Scan process completed.
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
Scan process completed.
Shaba
Security Expert: Emeritus
Hi
Yes, I don't wonder either.
Empty these folders:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine
C:\QooBox\Quarantine
C:\Program Files\Trend Micro\HijackThis\backups
Delete these:
C:\WINNT\system32\000050.exe
C:\WINNT\system32\awtqq.dll
C:\nethlpr.exe
C:\Program Files\QuickTime\QTTask.exe
Empty Recycle Bin.
All other viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
Yes, I don't wonder either.
Empty these folders:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine
C:\QooBox\Quarantine
C:\Program Files\Trend Micro\HijackThis\backups
Delete these:
C:\WINNT\system32\000050.exe
C:\WINNT\system32\awtqq.dll
C:\nethlpr.exe
C:\Program Files\QuickTime\QTTask.exe
Empty Recycle Bin.
All other viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
arrrrgh... so far no luck with that. A couple of those steps give me errors like maybe there are some dll files missing or something. I'll retry it tonight and see if I can figure exactly where it's going wrong. May have to get some MS help to sort this one out in the end.
Anything else I should do in the meantime?
Anything else I should do in the meantime?