Page 1 of 5 12345 LastLast
Results 1 to 10 of 46

Thread: Problem with search-daily.com Please Help

  1. #1
    Senior Member
    Join Date
    May 2007
    Posts
    131

    Default Problem with search-daily.com Please Help

    Everytime when I search something on google.com, it redirect the link to search-daily.com

    Please help. Thanks.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:07:02 PM, on 2/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\ADMINI~1.TU_\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {ECEA6D5A-4F00-4908-B64F-C8AA2670FF8C} - C:\WINDOWS\system32\asycfil.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    --
    End of file - 5545 bytes

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    C:\WINDOWS\system32\asycfil.dll >>> http://www.google.com/search?hl=en&q...=Google+Search

    Please read the directions posted above and pinned to the top of this forum, then post the correct HJT log and the required Kaspersky scan, and I will be glad to take a look.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Senior Member
    Join Date
    May 2007
    Posts
    131

    Default google link

    I click the google link and I select site www.prevx.com
    Should I download the Prevx CSI? Thanks

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    That link is to show you what the infection is, if you want my help, read the directions I posted and follow those please:

    Please read the directions posted above and pinned to the top of this forum, then post the correct HJT log and the required Kaspersky scan, and I will be glad to take a look.
    This is wrong:
    C:\DOCUME~1\ADMINI~1.TU_\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe

    This is correct:
    Download Trend Micro Hijack This™
    http://download.bleepingcomputer.com...HJTInstall.exe
    Doubleclick the HJTInstall.exe to start it.
    By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
    HijackThis will open after install. Press the Scan button below.
    This will start the scan and open a log.
    Copy and paste the contents of the log in your next reply.

    Read all of the instructions, especially these:
    Provide:
    a) The HJT log.
    b) The Kaspersky log report.
    Thanks
    Last edited by pskelley; 2008-02-29 at 20:08. Reason: add additional information
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Senior Member
    Join Date
    May 2007
    Posts
    131

    Default The HJT log. Now i understand. Thanks for your help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:44:38 PM, on 2/29/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {ECEA6D5A-4F00-4908-B64F-C8AA2670FF8C} - C:\WINDOWS\system32\asycfil.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    --
    End of file - 5505 bytes

  6. #6
    Senior Member
    Join Date
    May 2007
    Posts
    131

    Default The Kaspersky log report part 1

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, February 29, 2008 4:23:58 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 29/02/2008
    Kaspersky Anti-Virus database records: 590811
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 75988
    Number of viruses found: 22
    Number of infected objects: 251
    Number of suspicious objects: 0
    Duration of the scan process: 01:17:17

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Administrator.TU_DANG\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator.TU_DANG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Administrator.TU_DANG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Administrator.TU_DANG\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator.TU_DANG\Local Settings\History\History.IE5\MSHist012008022920080301\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator.TU_DANG\Local Settings\Temp\Perflib_Perfdata_4c0.dat Object is locked skipped
    C:\Documents and Settings\Administrator.TU_DANG\Local Settings\Temporary Internet Files\Content.IE5\0I1ZU06B\in[1].htm Infected: Trojan-Downloader.JS.Zapchast.f skipped
    C:\Documents and Settings\Administrator.TU_DANG\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator.TU_DANG\Local Settings\Temporary Internet Files\Content.IE5\KF736WPD\can1thuvip[1].com Infected: Trojan-Spy.Win32.SCKeyLog.au skipped
    C:\Documents and Settings\Administrator.TU_DANG\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Administrator.TU_DANG\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\117577AE.exe Infected: Trojan-Spy.Win32.SCKeyLog.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25050AA1.exe Infected: Trojan-Spy.Win32.SCKeyLog.q skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61274830.tmp Infected: Backdoor.Win32.Agent.so skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\786B5F52.exe Infected: Trojan-Spy.Win32.SCKeyLog.q skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\AdvancedCleaner Free\ian_monitor.exe Infected: not-a-virus:Downloader.Win32.Agent.t skipped
    C:\Program Files\AdvancedCleaner Free\UADC.exe Infected: not-a-virus:Downloader.Win32.WinFixer.bt skipped
    C:\Program Files\AdvancedCleaner Free\UADCcw.exe Infected: not-a-virus:FraudTool.Win32.AdvancedCleaner.a skipped
    C:\Program Files\Helper\turbosearchsite.dll Infected: not-a-virus:AdWare.Win32.BHO.rh skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\L0000003.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\storydb.idx Object is locked skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0F9E3BEE.jpg Infected: Exploit.JS.ADODB.Stream.e skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2B3078E6 Infected: Trojan-Downloader.VBS.Psyme.ls skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FE41D52.gif Infected: Exploit.JS.ADODB.Stream.e skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31760ABB/data0007 Infected: Trojan-Downloader.Win32.Zlob.fpw skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31760ABB NSIS: infected - 1 skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31760ABB CryptFF: infected - 1 skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\351C790A Infected: Trojan-Downloader.Win32.Zlob.gjg skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44802593 Infected: not-virus:Hoax.Win32.Renos.aon skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AEC66B6 Infected: not-virus:Hoax.Win32.Renos.aoy skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AF33AAF Infected: Trojan-Downloader.Win32.Zlob.iab skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4B823FDB.htm Infected: Trojan-Downloader.JS.Zapchast.f skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58D467A3.jpg Infected: Exploit.JS.ADODB.Stream.e skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63321175 Infected: Trojan-Downloader.Win32.Zlob.fqq skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67844C67 Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67887663 Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78DC0E7E Infected: Exploit.JS.ADODB.Stream.e skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\797543D5 Infected: Exploit.JS.ADODB.Stream.e skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\797F41CA Infected: Exploit.JS.ADODB.Stream.e skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79E07F66 Infected: Trojan-Downloader.Win32.Zlob.fqr skipped
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7FD0003A Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\Program Files\Video Add-on\ictmdl.dll Infected: Trojan-Downloader.Win32.Zlob.idi skipped
    C:\Program Files\Video Add-on\ictun.exe Infected: Trojan-Downloader.Win32.Zlob.gzo skipped
    C:\Program Files\VirusProtect 3.9\VirusProtect 3.9.exe Infected: not-a-virus:FraudTool.Win32.VirusProtectPro.l skipped
    C:\Program Files\Yahoo!\Messenger\logs\billing_Administrator.log Object is locked skipped
    C:\Program Files\Yahoo!\Messenger\logs\client_Administrator.log Object is locked skipped
    C:\Program Files\Yahoo!\Messenger\logs\network_Administrator.log Object is locked skipped

  7. #7
    Senior Member
    Join Date
    May 2007
    Posts
    131

    Default The Kaspersky log report part 2

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP755\A0109462.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP755\A0109463.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP755\A0109464.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109483.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109484.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109485.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109495.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109496.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109497.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109511.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109512.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP756\A0109513.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757\A0109548.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757\A0109549.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757\A0109550.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP758\A0109574.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP758\A0109575.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP758\A0109576.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP759\A0109599.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP759\A0109600.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP759\A0109601.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP760\A0109619.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP760\A0109620.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP760\A0109621.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP761\A0109642.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP761\A0109643.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP761\A0109644.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP761\A0109655.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP761\A0109656.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP761\A0109657.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP762\A0109667.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP762\A0109668.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP762\A0109669.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0109682.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0109683.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0109684.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0110682.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0110683.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP763\A0110684.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP764\A0111682.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP764\A0111683.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP764\A0111684.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP764\A0111693.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP764\A0111694.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP764\A0111695.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP765\A0111709.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP765\A0111710.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP765\A0111711.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP766\A0111730.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP766\A0111731.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP766\A0111732.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0112730.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0112731.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0112732.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0112746.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0112747.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0112748.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0113747.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0113748.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0113749.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0114746.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0114747.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0114748.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0114758.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0114759.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0114760.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0115758.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0115759.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP768\A0115760.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0116758.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0116759.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0116760.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0116777.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0116778.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0116779.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0117777.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0117778.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0117779.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0118777.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0118778.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0118779.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0118794.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0118795.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP769\A0118796.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP770\A0118816.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP770\A0118817.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP770\A0118818.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP771\A0118840.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP771\A0118841.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP771\A0118842.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP772\A0118862.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP772\A0118863.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP772\A0118864.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP773\A0118890.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP773\A0118891.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP773\A0118892.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP774\A0119890.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP774\A0119891.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP774\A0119892.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0119912.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0119913.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0119914.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120610.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120616.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120618.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120627.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120628.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120629.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120642.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120643.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0120644.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP776\A0120663.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP776\A0120664.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP776\A0120665.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP777\A0120686.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP777\A0120687.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP777\A0120688.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0120787.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0120788.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0120789.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0120810.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0120811.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0120812.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP782\A0120830.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP782\A0120831.exe Infected: not-virus:Hoax.Win32.Fera.u skipped

  8. #8
    Senior Member
    Join Date
    May 2007
    Posts
    131

    Default The Kaspersky log report part 3 (end of report)

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP782\A0120832.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120851.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120852.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120853.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120862.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120863.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120870.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120881.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120882.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120883.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120900.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120901.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP783\A0120902.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP784\A0120921.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP784\A0120922.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP784\A0120923.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP785\A0120958.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP785\A0120959.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP785\A0120960.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP786\A0120983.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP786\A0120984.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP786\A0120985.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP787\A0121001.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP787\A0121002.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP787\A0121003.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP789\A0121032.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP789\A0121033.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP789\A0121034.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP790\A0121050.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP790\A0121051.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP790\A0121052.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP790\A0121069.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP790\A0121070.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP790\A0121071.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0121095.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0121096.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0121097.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0121107.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0121108.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0121109.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0122107.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0122108.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0122109.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0122121.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0122122.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP791\A0122123.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP792\A0122142.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP792\A0122143.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP792\A0122144.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP793\A0122171.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP793\A0122172.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP793\A0122173.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP794\A0122187.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP794\A0122188.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP794\A0122189.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP794\A0122200.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP794\A0122201.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP794\A0122202.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP795\A0122217.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP795\A0122218.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP795\A0122219.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP796\A0122233.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP796\A0122234.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP796\A0122235.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP796\A0122245.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP796\A0122246.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP796\A0122247.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP797\A0122272.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP797\A0122273.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP797\A0122274.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122295.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122296.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122297.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122299.dll Infected: Trojan-Downloader.Win32.Zlob.gjg skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122300.exe Infected: Trojan-Downloader.Win32.Zlob.fqq skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122309.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122310.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122311.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122313.dll Infected: Trojan-Downloader.Win32.Zlob.gjg skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122314.exe Infected: Trojan-Downloader.Win32.Zlob.fqq skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122326.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122327.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122328.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122329.dll Infected: Trojan-Downloader.Win32.Zlob.gjg skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122331.exe Infected: Trojan-Downloader.Win32.Zlob.fqq skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122339.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP798\A0122340.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{2DB944E5-6F8F-4542-BB3B-06EF2863636F}\RP53\A0005577.dll Infected: Trojan-Downloader.Win32.Zlob.gjg skipped
    C:\System Volume Information\_restore{2DB944E5-6F8F-4542-BB3B-06EF2863636F}\RP53\A0005578.exe Infected: Trojan-Downloader.Win32.Zlob.fqr skipped
    C:\System Volume Information\_restore{2DB944E5-6F8F-4542-BB3B-06EF2863636F}\RP54\A0005591.dll Infected: Trojan.Win32.Pakes.cdw skipped
    C:\System Volume Information\_restore{2DB944E5-6F8F-4542-BB3B-06EF2863636F}\RP57\A0005647.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{2DB944E5-6F8F-4542-BB3B-06EF2863636F}\RP57\A0005648.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{2DB944E5-6F8F-4542-BB3B-06EF2863636F}\RP57\A0005649.exe Infected: not-virus:Hoax.Win32.Fera.u skipped
    C:\System Volume Information\_restore{2DB944E5-6F8F-4542-BB3B-06EF2863636F}\RP59\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\system32\config\sam Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\security Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

  9. #9
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Thanks for returning the correct information, you should know you have many infected System Restore files. We will clean those later, do not use System Restore for any reason until they are cleaned.

    KASPERSKY ONLINE SCANNER REPORT Friday, February 29, 2008 4:23:58 PM

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\ <<< delete the contents of that folder in red

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\ <<< delete the contents of that folder in red


    http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

    Search:
    Double-click SmitfraudFix.exe
    Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consultin...rocessutil.htm

    Post only the C:\rapport.txt

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #10
    Senior Member
    Join Date
    May 2007
    Posts
    131

    Default C:\rapport.txt

    SmitFraudFix v2.299

    Scan done at 18:32:44.95, Fri 02/29/2008
    Run from C:\Software\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    Process


    hosts


    C:\


    C:\WINDOWS


    C:\WINDOWS\system


    C:\WINDOWS\Web


    C:\WINDOWS\system32


    C:\WINDOWS\system32\LogFiles


    C:\Documents and Settings\Administrator.TU_DANG


    C:\Documents and Settings\Administrator.TU_DANG\Application Data


    Start Menu





    Desktop


    C:\Program Files

    C:\Program Files\Helper\ FOUND !
    C:\Program Files\Video Add-on\ FOUND !
    C:\Program Files\VirusProtect 3.9\ FOUND !

    Corrupted keys


    Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    Rustock



    DNS



    Scanning for wininet.dll infection


    End

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •