hi Thatman,
i did the things, but i cannot seem to get rid of that one spyware panda scan finds.
here are the logs, pandascan, hjt, rav, bitdefender. Please advise futher.
Incident Status Location
Adware:Adware/PortalScan No disinfected Windows Registry
****************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 10:35:47 PM, on 5/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\T-Mobile USA\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\NOKIAMGR\System32\GCSServer.exe
C:\NOKIAMGR\System32\gcssync.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\System32\CCM\CcmExec.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://intranet.attws.comR0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
(no file)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program
Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk =
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: T-Mobile USA VPN Client.lnk = C:\Program
Files\T-Mobile USA\VPN Client\vpngui.exe
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program
files\bulletproofsoft.com\bps spyware & adware
remover\apptoport.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet.attws.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall
Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data
Collection Control) -
https://support.micr...ActiveX/odc.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akama...tall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class) -
http://v5.windowsupd...5Controls/en/x86/client/wuweb_site.cab?1114999724148
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall
Control) -
http://a840.g.akamai...ecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline
Control) -
http://www.bitdefend...bitdefender.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline
Object) -
http://www.ravantivi...n/ravonline.cabO16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} -
http://www.alwaysupd...ll/aun_0032.exeO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.c...lls/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
wireless.attws.com
O17 - HKLM\Software\..\Telephony: DomainName = wireless.attws.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
wireless.attws.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
wireless.attws.com,attws.com,entp.attws.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
wireless.attws.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList =
wireless.attws.com,attws.com,entp.attws.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
wireless.attws.com,attws.com,entp.attws.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco
Systems, Inc. - C:\Program Files\T-Mobile USA\VPN
Client\cvpnd.exe
O23 - Service: FireDaemon Service: dll32 (dll32) - Sublime
Solutions Pty Ltd -
C:\winnt\system32\spool\printers\FireDaemon.exe
O23 - Service: FireDaemon Service: events (events) - Sublime
Solutions Pty Ltd -
C:\winnt\system32\spool\printers\FireDaemon.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Nokia GCS (GCSR4) - Nokia -
C:\NOKIAMGR\System32\GCSServer.exe
O23 - Service: Nokia GCS Sync (GCSSYNC) - Nokia -
C:\NOKIAMGR\System32\gcssync.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner -
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) -
Network Associates, Inc. - C:\Program Files\Network
Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service
(NPFMntor) - Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner -
c:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
************************************************************
Scan started at 5/15/2005 1:35:30 PM
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\Rakesh\Application Data\Yahoo!\Mail\attach\xdcc_4.11.zip->searchengines.mrc - IRC/Generic* -> Suspicious
C:\Documents and Settings\Rakesh\Application Data\Yahoo!\Mail\attach\xdcc_4.11[0].zip->searchengines.mrc - IRC/Generic* -> Suspicious
C:\Program Files\mIRC\searchengines.mrc - IRC/Generic* -> Suspicious
Scanned
============================
Objects: 40209
Directories: 4675
Archives: 8483
Size(Kb): -914176
Infected files: 0
Found
============================
Viruses found: 0
Suspicious files: 3
Disinfected files: 0
Mail files: 382
*****************************************************************
C:\Obinst\rem_old.bat: suspect BAT.Delete
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\Program Files\Norton AntiVirus\Quarantine\006859D3.exe=>(Quarantine-2): infected with Win32.Agent.NN
C:\Program Files\Norton AntiVirus\Quarantine\09C34AF7.exe=>(Quarantine-2): infected with BehavesLike:Win32.ExplorerHijack
C:\Program Files\Norton AntiVirus\Quarantine\0BF815D2.exe=>(Quarantine-2): infected with BehavesLike:Win32.ExplorerHijack
C:\Program Files\Norton AntiVirus\Quarantine\12763C27.exe=>(Quarantine-2): infected with Trojan.Downloader.Agent.JQ
C:\Program Files\Norton AntiVirus\Quarantine\279C28E1.exe=>(Quarantine-2): infected with Adware.POP.dl
C:\Program Files\Norton AntiVirus\Quarantine\279F52DE.IE5=>(Quarantine-2): infected with Trojan.Downloader.Agent.LG
C:\Program Files\Norton AntiVirus\Quarantine\27AF24CC.exe=>(Quarantine-2): infected with Trojan.Downloader.Qoologic.L
C:\Program Files\Norton AntiVirus\Quarantine\27B922C1.exe=>(Quarantine-2): infected with Trojan.Downloader.Adload.A
C:\Program Files\Norton AntiVirus\Quarantine\27C076BA.exe=>(Quarantine-2): infected with BehavesLike:Win32.ExplorerHijack
C:\Program Files\Norton AntiVirus\Quarantine\27C64AB2.dat=>(Quarantine-2): infected with Trojan.Downloader.Qoologic.L
C:\Program Files\Norton AntiVirus\Quarantine\27CA74AF.exe=>(Quarantine-2): infected with Trojan.Downloader.VB.EU
C:\Program Files\Norton AntiVirus\Quarantine\27DA469D.exe=>(Quarantine-2): infected with BehavesLike:Win32.ExplorerHijack
C:\Program Files\Norton AntiVirus\Quarantine\27DD7099.cpl=>(Quarantine-2): infected with Trojan.Dropper.Small.WC
C:\Program Files\Norton AntiVirus\Quarantine\27DD7099.ocx=>(Quarantine-2): infected with Trojan.Downloader.Agent.EX
C:\Program Files\Norton AntiVirus\Quarantine\2F0F3FD5.exe=>(Quarantine-2): infected with Trojan.Downloader.Agent.LG
C:\Program Files\Norton AntiVirus\Quarantine\3A1F59A6.exe=>(Quarantine-2): infected with Trojan.Downloader.Qoologic.L
C:\Program Files\Norton AntiVirus\Quarantine\3A28579B.dat=>(Quarantine-2): infected with Trojan.Downloader.Qoologic.L
C:\Program Files\Norton AntiVirus\Quarantine\3A28579B.exe=>(Quarantine-2): infected with Trojan.Betterinternet.W
C:\Program Files\Norton AntiVirus\Quarantine\3A2F2B94.exe=>(Quarantine-2): infected with Trojan.Downloader.Agent.LG
C:\Program Files\Norton AntiVirus\Quarantine\3A9F7BD4.exe=>(Quarantine-2): infected with Trojan.Downloader.Adload.A
C:\Program Files\Norton AntiVirus\Quarantine\542A664C.exe=>(Quarantine-2): infected with Trojan.Hpt.J
C:\Program Files\Norton AntiVirus\Quarantine\5D502FD0.EXE=>(Quarantine-2): infected with Trojan.Dropper.SurfSide.A
C:\Program Files\Norton AntiVirus\Quarantine\5FE41444.exe=>(Quarantine-2): infected with Dropped:Trojan.Downloader.Small.ABD
C:\Program Files\Norton AntiVirus\Quarantine\72B51FC7.exe=>(Quarantine-2): infected with Trojan.Downloader.Adload.A
C:\Program Files\Norton AntiVirus\Quarantine\747127CD.exe=>(Quarantine-2): infected with Dropped:Application.ProcKill.Jk
C:\Program Files\Norton AntiVirus\Quarantine\78AC6CC1.exe=>(Quarantine-2): infected with Virtool.HiddenRun.B
C:\Program Files\Norton AntiVirus\Quarantine\78ED65C3.exe=>(Quarantine-2): infected with Trojan.Downloader.Adload.A
C:\Program Files\Norton AntiVirus\Quarantine\79086740.exe=>(Quarantine-2): infected with Trojan.Downloader.Qoologic.I
C:\Program Files\Norton AntiVirus\Quarantine\790B113D.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton AntiVirus\Quarantine\790E3B39.exe=>(Quarantine-2): infected with BehavesLike:Win32.ExplorerHijack
C:\Program Files\Norton AntiVirus\Quarantine\79150F32.dll=>(Quarantine-2): infected with Trojan.Downloader.Qoologic.I
C:\Program Files\Norton AntiVirus\Quarantine\7918392E.dat=>(Quarantine-2): infected with Trojan.Downloader.Qoologic.L
C:\Program Files\Norton AntiVirus\Quarantine\7E320EF9.exe=>(Quarantine-2): infected with Trojan.Downloader.Qoologic.I
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>_inst32i.ex_: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>setup.lid: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>setup.ins: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>Setup.ini: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>Setup.exe: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>setup.bmp: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>os.dat: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>layout.bin: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>lang.dat: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>data1.hdr: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>data1.cab: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>Data.tag: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>_user1.hdr: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>_user1.cab: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>_sys1.hdr: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>_sys1.cab: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>_Setup.dll: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>_ISDel.exe: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 1.0.zip=>vssver.scc: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>data1.cab: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>data1.hdr: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>data2.cab: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>ikernel.ex_: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>layout.bin: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>setup.bmp: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>Setup.exe: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>Setup.ini: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>setup.inx: password protected
C:\Rakesh\burn\BTS-Nokia-Operation\Nokia\Nokia Software\PSM Manager\PSM Manager 2.0\PSMMan+2_0_00+[1+of+2].zip=>vssver.scc: password protected
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0156999.exe: infected with Trojan.Downloader.Qoologic.I
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0157000.exe: infected with Trojan.Downloader.Qoologic.I
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0157001.exe: infected with Trojan.StartPage.NK
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0157002.exe: infected with BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0157003.exe: infected with BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0157005.dll: infected with Trojan.Downloader.Qoologic.I
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0157009.exe: infected with Trojan.ServU.G
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0157018.dll: infected with Trojan.Downloader.Qoologic.I
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP436\A0157019.exe: infected with Trojan.Downloader.Qoologic.I
C:\System Volume Information\_restore{EC198C9B-8BC5-41A3-8DC3-11FC9CB4E672}\RP437\A0157381.exe: infected with Dropped:Trojan.Clicker.Small.EZ
C:\WINNT\system32\Cache\dist006.exe: infected with Dropped:Trojan.Downloader.VB.EU
--Taps