Tech Support Forum - View Single Post

dland · 08-12-2007, 01:17 PM

In general my system is behaving fine. The only thing that alerted me to any problems was that email that I didn't send that was returned to me.

I did get some help on an HJT forum (apparently forums.spywareinfo.com) to clean my system a few years ago. That's where the files attached to the Outlook emails were from.

Here is the Kaspersky report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 12, 2007 2:10:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/08/2007
Kaspersky Anti-Virus database records: 378969
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 104733
Number of viruses found: 18
Number of infected objects: 41
Number of suspicious objects: 2
Duration of the scan process: 02:37:14

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03102007-222749.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip/install.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\David K. Land\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\David K. Land\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\David K. Land\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\David K. Land\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DB45D1BB-F886-459A-B824-6800EB2FB427} Object is locked skipped
C:\Documents and Settings\David K. Land\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David K. Land\Local Settings\History\History.IE5\MSHist012007081220070813\index.dat Object is locked skipped
C:\Documents and Settings\David K. Land\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David K. Land\ntuser.dat Object is locked skipped
C:\Documents and Settings\David K. Land\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\FINDnFIX\keys1\NirComLine.exe Infected: not-a-virus:RemoteAdmin.Win32.NirCmdLine.14 skipped
C:\Inetpub\wwwroot\WebApplication1\AssemblyInfo.cs Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\bin\WebApplication1.dll Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\bin\WebApplication1.pdb Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\Global.asax Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\Global.asax.cs Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\Global.asax.resx Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\Service1.asmx Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\Service1.asmx.cs Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\Service1.asmx.resx Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\test1.html Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\test2.html Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\Web.config Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\WebApplication1.csproj Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\WebApplication1.csproj.webinfo Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\WebApplication1.sln Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\WebApplication1.suo Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\WebApplication1.vsdisco Object is locked skipped
C:\Inetpub\wwwroot\WebApplication1\WebForm1.aspx.resx Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\AssemblyInfo.cs Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Class1.cs Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\db1.mdb Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Global.asax Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Global.asax.cs Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Global.asax.resx Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\test.html Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\test.txt Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Tester.cs Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Web.config Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebApplication2.csproj Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebApplication2.csproj.webinfo Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebApplication2.vsdisco Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebForm1.aspx Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebForm1.aspx.cs Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebForm1.aspx.resx Object is locked skipped
C:\Inetpub\wwwroot\WebApplication2\_vti_pvt\linkinfo.cnf Object is locked skipped
C:\Inetpub\wwwroot\WebApplication3\WebForm2.aspx Object is locked skipped
C:\Inetpub\wwwroot\WebApplication4\WebForm2.aspx Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\IssueTrackerStarterKit.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\IssueTrackerStarterKit_log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\MyTimeTracker_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\MyTimeTracker_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs_log.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\test_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\test_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\TimeTracker.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\TimeTracker_log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\11922C34.exe Infected: Trojan.Win32.Qhost.bi skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BB745F1 Infected: Email-Worm.Win32.Swen skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\RECYCLER\S-1-5-21-823518204-1482476501-839522115-1004\Dc1\enth.exe Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057136.exe/keys1/NirComLine.exe Infected: not-a-virus:RemoteAdmin.Win32.NirCmdLine.14 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057136.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe Inno: infected - 4 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058164.dll Infected: Trojan-Dropper.Win32.Small.ly skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058167.exe Infected: Trojan.Win32.Qhost.x skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058169.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058169.exe AWInstall: infected - 1 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058169.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061583.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061584.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061585.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061586.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061587.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061588.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061589.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061590.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061591.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061592.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061593.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061594.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061595.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061596.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061597.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061598.exe Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe/data0006 Infected: Trojan-Downloader.Win32.Turown.h skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe/data0012 Infected: Trojan-Downloader.Win32.VB.cw skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061601.exe Infected: not-a-virus:AdWare.Win32.Midadle.d skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061602.exe Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1106\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1D298612-44E1-4296-BF1D-6BCA64AC1C4B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_80.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

08-12-2007, 01:17 PM	#8 (permalink)
dland Registered User Join Date: Dec 2006 Posts: 10 OS: WinXP	Re: Possible Spamming Virus In general my system is behaving fine. The only thing that alerted me to any problems was that email that I didn't send that was returned to me. I did get some help on an HJT forum (apparently forums.spywareinfo.com) to clean my system a few years ago. That's where the files attached to the Outlook emails were from. Here is the Kaspersky report: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, August 12, 2007 2:10:41 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 12/08/2007 Kaspersky Anti-Virus database records: 378969 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 104733 Number of viruses found: 18 Number of infected objects: 41 Number of suspicious objects: 2 Duration of the scan process: 02:37:14 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03102007-222749.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip/install.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\David K. Land\Cookies\index.dat Object is locked skipped C:\Documents and Settings\David K. Land\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\David K. Land\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\David K. Land\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DB45D1BB-F886-459A-B824-6800EB2FB427} Object is locked skipped C:\Documents and Settings\David K. Land\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\David K. Land\Local Settings\History\History.IE5\MSHist012007081220070813\index.dat Object is locked skipped C:\Documents and Settings\David K. Land\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\David K. Land\ntuser.dat Object is locked skipped C:\Documents and Settings\David K. Land\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\FINDnFIX\keys1\NirComLine.exe Infected: not-a-virus:RemoteAdmin.Win32.NirCmdLine.14 skipped C:\Inetpub\wwwroot\WebApplication1\AssemblyInfo.cs Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\bin\WebApplication1.dll Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\bin\WebApplication1.pdb Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\Global.asax Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\Global.asax.cs Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\Global.asax.resx Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\Service1.asmx Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\Service1.asmx.cs Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\Service1.asmx.resx Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\test1.html Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\test2.html Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\Web.config Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\WebApplication1.csproj Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\WebApplication1.csproj.webinfo Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\WebApplication1.sln Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\WebApplication1.suo Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\WebApplication1.vsdisco Object is locked skipped C:\Inetpub\wwwroot\WebApplication1\WebForm1.aspx.resx Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\AssemblyInfo.cs Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Class1.cs Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\db1.mdb Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Global.asax Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Global.asax.cs Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Global.asax.resx Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\test.html Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\test.txt Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Tester.cs Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\Web.config Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebApplication2.csproj Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebApplication2.csproj.webinfo Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebApplication2.vsdisco Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebForm1.aspx Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebForm1.aspx.cs Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_cnf\WebForm1.aspx.resx Object is locked skipped C:\Inetpub\wwwroot\WebApplication2\_vti_pvt\linkinfo.cnf Object is locked skipped C:\Inetpub\wwwroot\WebApplication3\WebForm2.aspx Object is locked skipped C:\Inetpub\wwwroot\WebApplication4\WebForm2.aspx Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\IssueTrackerStarterKit.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\IssueTrackerStarterKit_log.LDF Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdbdata.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdblog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\MyTimeTracker_Data.MDF Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\MyTimeTracker_Log.LDF Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs_log.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\test_Data.MDF Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\test_Log.LDF Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\TimeTracker.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\Data\TimeTracker_log.LDF Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\11922C34.exe Infected: Trojan.Win32.Qhost.bi skipped C:\Program Files\Norton AntiVirus\Quarantine\6BB745F1 Infected: Email-Worm.Win32.Swen skipped C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\RECYCLER\S-1-5-21-823518204-1482476501-839522115-1004\Dc1\enth.exe Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057136.exe/keys1/NirComLine.exe Infected: not-a-virus:RemoteAdmin.Win32.NirCmdLine.14 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057136.exe ZIP: infected - 1 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1072\A0057165.exe Inno: infected - 4 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058164.dll Infected: Trojan-Dropper.Win32.Small.ly skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058167.exe Infected: Trojan.Win32.Qhost.x skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058169.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.MDH.a skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058169.exe AWInstall: infected - 1 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058169.exe UPX: infected - 1 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061583.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061584.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061585.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061586.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061587.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061588.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061589.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061590.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061591.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061592.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061593.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061594.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061595.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061596.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061597.exe Infected: Trojan-Downloader.Win32.VB.em skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061598.exe Infected: Trojan-Downloader.Win32.Agent.ec skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe/data0006 Infected: Trojan-Downloader.Win32.Turown.h skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe/data0012 Infected: Trojan-Downloader.Win32.VB.cw skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061600.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061601.exe Infected: not-a-virus:AdWare.Win32.Midadle.d skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1105\A0061602.exe Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1106\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{1D298612-44E1-4296-BF1D-6BCA64AC1C4B}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_80.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.