Was still blank, so I want you to look through it.

Open it up in Notepad

Hit ctrl + F (type infected) Click next as it goes down the list finding lines with infected in them copy and paste the infected lines into a 2nd Notepad

or

Delete all the lines except for the ones that say infected


We need to also look and see what is making the log so long, there is usually one folder that will do this to a log

Ummm...what you're asking for is exactly what I did about 3 messages ago. Every line that I included in kaspersky2.txt has the word "infected" in it (and then I cut n pasted the info from the top of the report in because I thought it might also be helpful). All the other thousands of lines that I left out say "File is locked - skipped".

I don't know why the emails are going through blank but I'd assume it's my email provider doing something.... I don't think they allow attachments of over 1GB.

Annnnnnnyways....I can tell you that 99% of the lines in the report are indicating files on my C: drive, which is XP Home, which I never use anymore. For some reason it seems nearly everything on C: somehow got locked. Does it have anything to do with it being a dual-boot system? There are hardly any files on G:, H:, Q: or T: that are locked - and all four of these drive letters are located on the same physical drive, whereas C: is on a separate physical drive.

If a line says Object is locked, that means that kaspersky didn't find an infection there, I skip all these

if it says "infected XXXXXXXX skipped" then it found an infection there

Right. So....?

Check the kaspersky2.txt file about 5 messages back and you will see all the ones that indicate "infected".

I just saw the log in the other post and will work from that.

Most of it is in backups and Quarantine folders will post back shortly

Did you install the VNC program, its a remote administration program where others can access your system and have control over your mouse ect.

I know! I indicated that most of them were in backups and quarantines in message #17 of this thread as well. But there is a Pakes virus and a couple other things.

VNC - I installed it, I use it to remote in from home. Well aware of RealVNC, TightVNC and Remote Desktop all being on my machine.

Perfect. I am working a number of logs and didn't re-read the thread, sorry

CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

----------------------------------------------------------------------------------------
We should also clean up temp files and cache at this point

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

--------------------------------------------------------------------------------'

Manually clear cache

• Open an Explorer folder window (for example, double-click My Computer).
• From the Explorer menu select Tools | Folder Options | View. Make sure that you have checked the box next to "Show hidden files and folders" and uncheck "Hide protected operating system files".
• Start Internet Explorer and click Tools | Internet Options | General tab | Settings | View Files.
• IE should have opened up a folder window, typically viewing a folder with the name of C:\Windows\Temporary Internet Files. Put your cursor in the Address area of the folder window and add the name \content.ie5 to the name, so in our example the Address bar would now read c:\Windows\Temporary Internet Files\content.ie5.
• You should see a series of folders with random eight-character names like ADOZMZS1. Delete each of these randomly named folders. You may get an error that some files are in use, this is normal if you are currently at a web site since those files are in the cache. Hold down the Shift key when deleting the files so they do not go to the Recycle Bin.