Solved Super Slow Boot, plus ad windows everywhere! - DSS main log

Kaspersky report - part 2

Last post too long:

report continued:


C:\Documents and Settings\Administrator\My Documents\My Music\My Personal Moon.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\NaturalFool(192k).mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Secondhand Jive - Lucky.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\SIGHTLINES.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\The Like Young - Worry A Lot - 192.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\The Nitty Gritty Dirt Band - Party On The Mountain.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\The Silos-Holding On To Life.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\The-Cells_Silver-Cloud_192kbps.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.INI Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Musicmatch Burner Plus.lnk Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Dell\Phone Support.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories\Express Service Code.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Templates\AMIPRO.SAM Object is locked skipped
C:\Documents and Settings\Administrator\Templates\EXCEL.XLS Object is locked skipped
C:\Documents and Settings\Administrator\Templates\EXCEL4.XLS Object is locked skipped
C:\Documents and Settings\Administrator\Templates\LOTUS.WK4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\POWERPNT.PPT Object is locked skipped
C:\Documents and Settings\Administrator\Templates\PRESENTA.SHW Object is locked skipped
C:\Documents and Settings\Administrator\Templates\QUATTRO.WB2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\SNDREC.WAV Object is locked skipped
C:\Documents and Settings\Administrator\Templates\WINWORD.DOC Object is locked skipped
C:\Documents and Settings\Administrator\Templates\WINWORD2.DOC Object is locked skipped
C:\Documents and Settings\Administrator\Templates\WORDPFCT.WPD Object is locked skipped
C:\Documents and Settings\Administrator\Templates\WORDPFCT.WPG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-10_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\161C737D.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\EC225D7B.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Helen Chiu\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Helen Chiu\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Helen Chiu\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Helen Chiu\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Helen Chiu\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/*Ó¤H¸Ãª®Ã†§¨/§R°£ªº¶l¥Ã³/22 Jul 2005 08:53 from eBay IncRIVATE URGENT MESSAGE FROM EBAY.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/*Ó¤H¸Ãª®Ã†§¨/Quarantine/Potentially unwanted message body detected, entire message has b/29 Mar 2005 21:29 from Regionsotentially unwanted message body.rtf Infected: Trojan-Spy.HTML.Bankfraud.ci skipped
C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 2 skipped
C:\Documents and Settings\Helen Chiu\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Helen Chiu\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Drmupgds\Drmupgds.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Windows NT\meqocahot4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\Program Files\Windows NT\meqocahot83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\b3\snmaildriv3.exe.vir Infected: Trojan-Downloader.Win32.Small.iaw skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cyjtuvys.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pfnvdsdd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vhosgnsk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wslezvlu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\z6\kiffs83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\z6\kiffs83122.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-02-07_ 30014.21.zip/FLPYDISKK.sys Infected: Rootkit.Win32.Agent.to skipped
C:\QooBox\Quarantine\catchme2008-02-07_ 30014.21.zip/jkhfc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-07_ 30014.21.zip/opnopqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-07_ 30014.21.zip/wslezvlu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-07_ 30014.21.zip ZIP: infected - 4 skipped
C:\SDFix\backups\backups.zip/backups/17PHolmes1000106.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\SDFix\backups\backups.zip/backups/b122.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\SDFix\backups\backups.zip/backups/kernInst.exe Infected: Trojan-Downloader.Win32.Agent.ipm skipped
C:\SDFix\backups\backups.zip/backups/mrofinu572.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\SDFix\backups\backups.zip/backups/rtelek.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\SDFix\backups\backups.zip/backups/TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\SDFix\backups\backups.zip/backups/TTC-4444.exe Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\SDFix\backups\backups.zip/backups/Yazzle1281OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\SDFix\backups\backups.zip/backups/Yazzle1281OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\SDFix\backups\backups.zip/backups/Yazzle1281OinUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\SDFix\backups\backups.zip ZIP: infected - 10 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP827\A0141510.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP827\A0141510.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146215.exe Infected: Trojan-Downloader.Win32.Agent.ipm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146216.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146217.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146217.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146218.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146219.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146220.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146222.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146222.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146229.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146230.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146232.exe Infected: Trojan-Downloader.Win32.Agent.ipm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146233.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146234.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146234.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146235.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146236.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0146236.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146273.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146274.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146277.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146278.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146280.exe Infected: Trojan-Downloader.Win32.Small.iaw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146283.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146283.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146289.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146290.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146291.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0146295.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP835\A0146565.exe Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP837\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Hi schin

OK you can only have 1 Anti-Virus and 1 Firewall,

Not sure why you would want to do this, you would just have a program taking up space and you're already low on space...System Drive C: has 9.26 GiB (less than 15%) free.

I suggest you either update your Norton or remove it and go with a different program.


Ok it seems that back in 2005 you recieved a fake email from ebay and saved it?
Do you have a folder in My Documents named Laptop 08.01.05 or do you remember these emails.
They need to be deleted..

C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05
RIVATE URGENT MESSAGE FROM EBAY.rtf - Infected: Trojan-Spy.HTML.Bayfraud.hn skipped

C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05 *Ó¤H¸Ãª®Ã†§¨/Quarantine/Potentially unwanted message body detected, entire message has b/29 Mar 2005 21:29 from Regions:- Infected: Trojan-Spy.HTML.Bankfraud.ci skipped

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

C:\Program Files\Drmupgds

Let me know if you deleted those.

Thanks
Geri

 

Removed...

Geri,

I removed the Outlook.pst and C:\drgupds directory. I re-ran Kaspersky and it showed 2 less viruses. Essentially, the remainder are in the Qoobox directory, SDfix\backup, and the System Volume Information\_restore directory.

Do I need to clear those out? Or should I just leave them there?

 

Hi schin
OK Good, then lets clean up.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

Then delete
SDFix.exe

and this folder.
C:\SDFix

Create a new restore point.

To set a new system restore point for your machine.
Set New System Restore Point Windows XP. - Set New System Restore Point Windows Vista
Do not do this unless there are no other user accounts to be diagnosed.

Run ATF Cleaner again and do one more scan at Kaspersky.
Make sure you come up with,
Number of viruses found: 0
Number of infected objects: 0

Let me know.
Thanks
Geri

 

Thanks!

Clean bill of health! I think we're good. Now I need to install Comodo and a good Anti-virus. I'll check out other forums for suggestions.

Thanks soooo much!

 

Hi schin

OK good to hear, I'll mark this one resolved.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
http://www.windowsbbs.com/showthread.php?t=67958

Surf Safely.
Geri