Search Navipromo version 3.6.6 began on 12/10/2008 at 18:07:14,88

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "MANUEL1" 

Updated on 29.09.2008 at 17h30 by IL-MAFIOSO

Microsoft Windows Vista 6.0.6001 
Version Internet Explorer : 7.0.6001.18000
Filesystem type : NTFS

Search done in safe mode

*** Searching for installed Software ***


*** Search folders in "C:\Windows" ***


*** Search folders in "C:\Program Files" ***


*** Search folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Search folders in "c:\progra~2\micros~1\windows\startm~1" ***


*** Search folders in "C:\ProgramData" ***


*** Search folders in "c:\users\manuel1\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Search folders in "C:\Users\MANUEL1\AppData\Local\virtualstore\Program Files" ***


*** Search folders in "C:\Users\MANUEL1\AppData\Roaming" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\Windows\system32" *

* Scan in "C:\Users\MANUEL1\AppData\Local\Microsoft" *

* Scan in "C:\Users\MANUEL1\AppData\Local" *



*** Search files *** 



*** Search specific Registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found ! 

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\Windows\system32" :


* In "C:\Users\MANUEL1\AppData\Local\Microsoft" :


* In "C:\Users\MANUEL1\AppData\Local" :

cyqsy.dat found !
cyqsy_nav.dat found !
cyqsy_navps.dat found !

3)Certificates Search :

Egroup certificate found !
Electronic-Group certificate found !
Montorgueil certificate not found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on 12/10/2008 at 18:17:26,50 ***

Navipromo Removal version 3.6.6 started on 12/10/2008 at 18:22:18,22

Fix running from C:\Program Files\navilog1
Actual User Account : "MANUEL1" 

Updated on 29.09.2008 at 17h30 by IL-MAFIOSO

Microsoft Windows Vista 6.0.6001 
Internet Explorer : 7.0.6001.18000
Filesystem type : NTFS

Automatic removal 
with Catchme and GNS results


Cleanning stage done in safe mode

 
*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)
 

*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\Windows\System32" *


* Deletion in "C:\Users\MANUEL1\AppData\Local\Microsoft" *


* Deletion in "C:\Users\MANUEL1\AppData\Local" *



*** Deleting folders in "C:\Windows" ***


*** Deleting folders in "C:\Program Files" ***


*** Deleting folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Deleting folders in "c:\progra~2\micros~1\windows\startm~1" ***


*** Deleting folders in "C:\ProgramData" ***


*** Deleting folders in c:\users\manuel1\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Deleting folders in "C:\Users\MANUEL1\AppData\Local\virtualstore\Program Files" ***


*** Deleting folders in "C:\Users\MANUEL1\AppData\Roaming" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\Windows\Temp done !
Cleaning of C:\Users\MANUEL1\AppData\Local\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\Windows\system32" *


* In "C:\Users\MANUEL1\AppData\Local\Microsoft" *


* In "C:\Users\MANUEL1\AppData\Local" *


cyqsy.dat found ! 
Copy cyqsy.dat done !
cyqsy.dat deleted !

cyqsy_nav.dat found ! 
Copy cyqsy_nav.dat done !
cyqsy_nav.dat deleted !

cyqsy_navps.dat found ! 
Copy cyqsy_navps.dat done !
cyqsy_navps.dat deleted !


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate deleted !
Electronic-Group Certificate deleted !
Montorgueil Certificate not found !
OOO-Favorit Certificate deleted !
Sunny-Day-Design-Ltd Certificate not found !


*** Cleaning stage complete on 12/10/2008 at 18:23:09,14 ***

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-12 20:07:07
PROTECTIONS: 2
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Windows Defender                             1.1.4005.0                    No        Yes
Norton Antivirus Internet Security 2008      15.0.0.58                     No        No
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139535  Application/Processor              HackTools           No        0         Yes            No           C:\Program Files\Navilog1\Process.exe
03603149  Generic Worm                       Virus/Worm          No        0         Yes            Yes          C:\Users\MANUEL1\Documents\UTILIDADES\TuneUp Utilities 2008 7.0.7992\TuneUp Utilities 2008 7.0.7992 Keymaker.exe
03696341  Trj/Ldpinch.WE                     Virus/Trojan        No        1         Yes            Yes          C:\Users\MANUEL1\Desktop\Manuel\Musica Manuel\Melendi - Curiosa la cara de tu padre (Nuevo 2008)\Curiosa la cara de tu padre (2008).exe
03738686  Generic Malware                    Virus/Trojan        No        0         Yes            Yes          C:\Program Files\Navilog1\catchme.exe
03738695  Generic Malware                    Virus/Trojan        No        0         Yes            Yes          C:\Users\MANUEL1\Documents\UTILIDADES\Nero 8.1.1.0b ESP Ultra  Edition +Seriales+Plantillas\keygen\keygen.exe
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              �8w
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                �8w
;===================================================================================================================================================================================
;===================================================================================================================================================================================

File/Folder C:\Users\MANUEL1\Documents\UTILIDADES\TuneUp Utilities 2008 7.0.7992\TuneUp Utilities 2008 7.0.7992 Keymaker.exe not found.
File/Folder "C:\Users\MANUEL1\Desktop\Manuel\Musica Manuel\Melendi - Curiosa la cara de tu padre (Nuevo 2008)\Curiosa la cara de tu padre (2008).exe" not found.
Folder move failed. C:\Program Files\Navilog1\Safebackup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Contents scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Backupnavi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1 scheduled to be moved on reboot.
File/Folder C:\Users\MANUEL1\Documents\UTILIDADES\Nero 8.1.1.0b ESP Ultra  Edition +Seriales+Plantillas\keygen\keygen.exe not found.
< EmptyTemp  >
File delete failed. C:\Users\MANUEL1\AppData\Local\Temp\etilqs_wgnAphktcygKsNhKoywC scheduled to be deleted on reboot.
File delete failed. C:\Users\MANUEL1\AppData\Local\Temp\~DF407D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\MANUEL1\AppData\Local\Temp\~DF409E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\MANUEL1\AppData\Local\Temp\~DFC8BC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\MANUEL1\AppData\Local\Temp\~DFC923.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity  >
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10122008_221122

Files moved on Reboot...
Folder move failed. C:\Program Files\Navilog1\Safebackup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Contents scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Backupnavi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Safebackup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Contents scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Backupnavi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1 scheduled to be moved on reboot.
File C:\Users\MANUEL1\AppData\Local\Temp\etilqs_wgnAphktcygKsNhKoywC not found!
File C:\Users\MANUEL1\AppData\Local\Temp\~DF407D.tmp not found!
File C:\Users\MANUEL1\AppData\Local\Temp\~DF409E.tmp not found!
File C:\Users\MANUEL1\AppData\Local\Temp\~DFC8BC.tmp not found!
File C:\Users\MANUEL1\AppData\Local\Temp\~DFC923.tmp not found!