Results 1 to 5 of 5

Thread: EasySpywareCleaner, Infestop, Spy-Rid Cleaner, etc.

  1. 2008-01-08, 23:50 #1
    jndacker
    jndacker is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    4

    Default EasySpywareCleaner, Infestop, Spy-Rid Cleaner, etc.

    Hey guys - made the mistake of trying to keygen to avoid paying for a Palm program...then consciously saved a file I knew could be corrupted...and it was...

    I've been on your forum trying to sort this thing out, and I've gotten to the logs you requested prior to posting; here they are:

    HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:39, on 2008-01-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmona.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [\\SERVER\EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P35 "\\SERVER\EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
    O4 - HKLM\..\Run: [EasySpywareCleaner] C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [SpyRid] C:\Program Files\Spy-Rid\Spy-Rid.exe
    O4 - HKLM\..\Run: [InfeStop] C:\Program Files\InfeStop\InfeStopRemover.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    --
    End of file - 9057 bytes

    Kaspersky in next post.

    Hope we can come up with a fix.

    Thanks
    James
  2. 2008-01-08, 23:52 #2
    jndacker
    jndacker is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    4

    Default Kaspersky log section 1:

    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, January 08, 2008 5:28:06 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 8/01/2008
    Kaspersky Anti-Virus database records: 504310
    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true
    Scan Target My Computer
    C:\
    D:\
    E:\
    Scan Statistics
    Total number of scanned objects 62341
    Number of viruses found 16
    Number of infected objects 169
    Number of suspicious objects 2
    Duration of the scan process 01:38:50

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MalwareAlarm1.zip/lsass.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MalwareAlarm1.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NousTechUCleaner.zip/mgrs.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NousTechUCleaner.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NousTechUCleaner1.zip/spoolsv.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NousTechUCleaner1.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NousTechUCleaner2.zip/yaywwus.dll Infected: Trojan.Win32.Obfuscated.lf skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NousTechUCleaner2.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip/autorun.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\UltraSoftXlib1.zip/xlibgfl254.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\UltraSoftXlib1.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip/findfast.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip/findfast.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack3.zip/printer.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack3.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje.zip/Helper9.dll Infected: Trojan-Downloader.Win32.BHO.cf skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{1ECAAD68-101D-428F-9F7F-DCA354B02520}.ldb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{1ECAAD68-101D-428F-9F7F-DCA354B02520}.sds Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\606562FF.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B6F13D48.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\call256.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\callmember256.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\chat512.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\chatmember256.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\chatmsg512.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\dyncontent\bundle.dat Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\index2.dat Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\profile4096.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\transfer256.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\transfer512.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\user1024.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\user256.dbb Object is locked skipped
    C:\Documents and Settings\James\Application Data\Skype\jndacker\voicemail256.dbb Object is locked skipped
    C:\Documents and Settings\James\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\James\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\James\EasySpywareCleaner.exe.log Object is locked skipped
    C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\James\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\James\Local Settings\History\History.IE5\MSHist012008010820080109\index.dat Object is locked skipped
    C:\Documents and Settings\James\Local Settings\Temp\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\James\Local Settings\Temp\SmitfraudFix.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\James\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\James\ntuser.dat Object is locked skipped
    C:\Documents and Settings\James\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
  3. 2008-01-08, 23:53 #3
    jndacker
    jndacker is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    4

    Default Kaspersky log section 2:

    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP309\A0102931.exe/data.rar/keygen.exe Infected: Trojan.Win32.Inject.mt skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP309\A0102931.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.hlr skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP309\A0102931.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP309\A0102931.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP309\A0102931.exe/data.rar Infected: Virus.Win32.Virut.av skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP309\A0102931.exe RarSFX: infected - 5 skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP309\A0102932.exe Infected: Virus.Win32.Virut.av skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP309\A0102933.exe Infected: Trojan.Win32.Inject.mt skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104979.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104980.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104981.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104982.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104983.dll Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104985.dll Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104991.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104992.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104993.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0104994.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0105001.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0105005.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0105005.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0105986.exe Infected: Trojan-Downloader.Win32.Agent.bfj skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0105991.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0105992.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0105993.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\A0105994.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-10.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-11.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-12.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-13.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-14.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-15.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-16.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-17.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-18.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-19.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-2.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-20.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-3.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-4.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-5.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-6.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-7.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-8.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP310\snapshot\MFEX-9.DAT Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0105998.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0105999.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0106000.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0106001.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0106990.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0106991.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0106992.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0106993.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0107990.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0107991.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0107992.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0107993.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0108988.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0108989.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0108990.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0108991.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0109011.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0109012.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0109013.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0109014.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0109022.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0109023.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0109024.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0109025.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110022.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110023.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110024.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110025.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110026.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110069.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110070.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110071.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP311\A0110072.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110073.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110074.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110075.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110076.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110088.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110089.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110157.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110157.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110162.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110163.exe Infected: Trojan-Downloader.Win32.Agent.bfj skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110164.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110165.dll Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110166.dll Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110172.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110173.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110174.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110175.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110184.exe Infected: Trojan-Downloader.Win32.Agent.bfj skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110189.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110190.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110191.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0110192.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111186.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111187.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111188.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111189.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111195.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111196.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111197.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111198.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111204.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111207.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP312\A0111207.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0111258.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0111259.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0111260.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0111261.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0113193.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0113194.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0113195.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0113196.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0113208.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0113209.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0113210.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0113211.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0114203.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0114204.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0114205.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0114206.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0114208.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115202.exe Infected: Trojan-Downloader.Win32.Alphabet.az skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115203.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115204.exe Infected: Trojan-Downloader.Win32.Alphabet.az skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115205.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115206.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115207.dll Infected: Trojan.Win32.Obfuscated.lf skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115210.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115213.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped
  4. 2008-01-08, 23:54 #4
    jndacker
    jndacker is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    4

    Default Kaspersky log section 3:

    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115214.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115215.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115216.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115217.exe Infected: Trojan.Win32.Qhost.adl skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115218.dll Infected: Trojan-Downloader.Win32.BHO.cf skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115219.dll Infected: Trojan.Win32.Qhost.abh skipped
    C:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\A0115345.exe Infected: Trojan.Win32.Qhost.adl skippedC:\System Volume Information\_restore{BD3AA250-E902-499D-9186-1E7EC697A4E6}\RP313\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\HTTPERR\httperr2.log Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\JETBC33.tmp Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    Scan process completed.

    Thanks again.
    James
  5. 2008-01-18, 07:48 #5
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello.

    Because of the volume of posts to your own topic, helpers may have thought you were already being assisted.

    If the results of the anti virus scan itself will take more than one post to contain, it is best not to post it. Just make a note for our volunteers so they are aware, as it would be best to start off with no more than two posts (total) in your topic before a helper responds.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    For people waiting who have not resolved their problem, we have a sticky topic:
    The Waiting Room: Post here if waiting for help longer than four days

    As it has been five days or more since your last post, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.

    Applies only to the original poster, anyone else with similar problems please start a new topic.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules