Tech Support Forum - View Single Post - Files-Secure has invaded [Moved from IE]

OHgirl0728 · 01-13-2008, 07:00 AM

Here is the Kaspersky report. Wow it looks like there is still a lot to find and delete. I noticed that there were remnants of several things I thought I had already gotten rid of lingering in System Folders.
I will be back with the Hijackthis rept.

Sunday, January 13, 2008 8:54:30 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/01/2008
Kaspersky Anti-Virus database records: 509889

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 97361
Number of viruses found 19
Number of infected objects 44
Number of suspicious objects 0
Duration of the scan process 01:03:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\MICHAEL\.housecall6.6\Quarantine\DelDrv.exe.bac_a00996 Infected: not-a-virus:RiskTool.Win32.Deleter.b skipped

C:\Documents and Settings\MICHAEL\.housecall6.6\Quarantine\Uninstall Fun Web Products.dll.bac_a00996 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\Documents and Settings\MICHAEL\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\MICHAEL\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\MICHAEL\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped

C:\Documents and Settings\MICHAEL\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\MICHAEL\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Application Data\AOL OCP\AIM\Storage\data\ohgirl0728\localStorage\common.cls Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Temp\~DF546E.tmp Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Temp\~DFDA91.tmp Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Temp\~DFDAA4.tmp Object is locked skipped

C:\Documents and Settings\MICHAEL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\MICHAEL\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\MICHAEL\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP698\A0100587.exe/data0011 Infected: not-a-virus:FraudTool.Win32.IeDefender.al skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP698\A0100587.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP698\A0100587.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP698\A0100587.exe PE_Patch.UPX: infected - 1 skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100920.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100921.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100922.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100924.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100925.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100926.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100927.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100928.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100929.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100930.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100931.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100932.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100933.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100934.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100935.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100936.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100938.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100939.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100941.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100943.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100944.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100945.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100947.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100948.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100949.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100950.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101160.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101161.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101162.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101163.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101166.dll Infected: not-a-virus:AdWare.Win32.Shopper.q skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101179.exe/data0011 Infected: not-a-virus:FraudTool.Win32.IeDefender.al skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101179.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101179.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101179.exe PE_Patch.UPX: infected - 1 skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101192.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP710\A0101258.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP710\A0101259.exe Infected: not-a-virus:RiskTool.Win32.Deleter.b skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP714\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5C9EBD49-54DF-44A8-932D-D3B289167F78}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{CDA51AD5-F296-4B3E-8A2F-B084AB6F6EF4}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcafee_L0GxDZYD5b3nnG1 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_3BeVquteezY8uRq Object is locked skipped

C:\WINDOWS\Temp\mcmsc_7mKAJj7UHGBiqe2 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_NHMdLUZwpZ0NiMf Object is locked skipped

C:\WINDOWS\Temp\mcmsc_RdB3J6lRFffE0tK Object is locked skipped

C:\WINDOWS\Temp\sqlite_76nTn36TviuxyDf Object is locked skipped

C:\WINDOWS\Temp\sqlite_FHRasMM0ps4fhp4 Object is locked skipped

C:\WINDOWS\Temp\sqlite_HHJCyLy99c32FZl Object is locked skipped

C:\WINDOWS\Temp\sqlite_Wchq3umRPnWWAr6 Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

01-13-2008, 07:00 AM	#8 (permalink)
OHgirl0728 Registered User Join Date: Jan 2008 Location: Ohio Posts: 44 OS: WINXP	Re: Files-Secure has invaded [Moved from IE] Here is the Kaspersky report. Wow it looks like there is still a lot to find and delete. I noticed that there were remnants of several things I thought I had already gotten rid of lingering in System Folders. I will be back with the Hijackthis rept. Sunday, January 13, 2008 8:54:30 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 13/01/2008 Kaspersky Anti-Virus database records: 509889 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics Total number of scanned objects 97361 Number of viruses found 19 Number of infected objects 44 Number of suspicious objects 0 Duration of the scan process 01:03:22 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\MICHAEL\.housecall6.6\Quarantine\DelDrv.exe.bac_a00996 Infected: not-a-virus:RiskTool.Win32.Deleter.b skipped C:\Documents and Settings\MICHAEL\.housecall6.6\Quarantine\Uninstall Fun Web Products.dll.bac_a00996 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped C:\Documents and Settings\MICHAEL\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped C:\Documents and Settings\MICHAEL\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped C:\Documents and Settings\MICHAEL\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped C:\Documents and Settings\MICHAEL\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped C:\Documents and Settings\MICHAEL\Cookies\index.dat Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Application Data\AOL OCP\AIM\Storage\data\ohgirl0728\localStorage\common.cls Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Temp\~DF546E.tmp Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Temp\~DFDA91.tmp Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Temp\~DFDAA4.tmp Object is locked skipped C:\Documents and Settings\MICHAEL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\MICHAEL\NTUSER.DAT Object is locked skipped C:\Documents and Settings\MICHAEL\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP698\A0100587.exe/data0011 Infected: not-a-virus:FraudTool.Win32.IeDefender.al skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP698\A0100587.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP698\A0100587.exe UPX: infected - 1 skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP698\A0100587.exe PE_Patch.UPX: infected - 1 skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100920.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100921.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100922.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100924.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100925.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100926.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100927.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100928.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100929.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100930.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100931.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100932.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100933.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100934.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100935.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100936.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100938.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100939.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100941.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100943.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100944.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100945.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100947.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100948.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100949.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP705\A0100950.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101160.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101161.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101162.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101163.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101166.dll Infected: not-a-virus:AdWare.Win32.Shopper.q skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101179.exe/data0011 Infected: not-a-virus:FraudTool.Win32.IeDefender.al skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101179.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101179.exe UPX: infected - 1 skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101179.exe PE_Patch.UPX: infected - 1 skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP708\A0101192.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP710\A0101258.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP710\A0101259.exe Infected: not-a-virus:RiskTool.Win32.Deleter.b skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP714\change.log Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5C9EBD49-54DF-44A8-932D-D3B289167F78}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{CDA51AD5-F296-4B3E-8A2F-B084AB6F6EF4}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\mcafee_L0GxDZYD5b3nnG1 Object is locked skipped C:\WINDOWS\Temp\mcmsc_3BeVquteezY8uRq Object is locked skipped C:\WINDOWS\Temp\mcmsc_7mKAJj7UHGBiqe2 Object is locked skipped C:\WINDOWS\Temp\mcmsc_NHMdLUZwpZ0NiMf Object is locked skipped C:\WINDOWS\Temp\mcmsc_RdB3J6lRFffE0tK Object is locked skipped C:\WINDOWS\Temp\sqlite_76nTn36TviuxyDf Object is locked skipped C:\WINDOWS\Temp\sqlite_FHRasMM0ps4fhp4 Object is locked skipped C:\WINDOWS\Temp\sqlite_HHJCyLy99c32FZl Object is locked skipped C:\WINDOWS\Temp\sqlite_Wchq3umRPnWWAr6 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.