Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with problem from nail.exe [RESOLVED]

Started by mccartj4 , Sep 30 2005 06:15 AM

  • This topic is locked This topic is locked

#31
Dragon
Posted 20 October 2005 - 07:40 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
great job :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

Advertisements

#32
Dragon
Posted 20 October 2005 - 08:12 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#33
Dragon
Posted 23 October 2005 - 11:09 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
reopened per request.
  • 0

#34
mccartj4
Posted 25 October 2005 - 05:01 AM

mccartj4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the new HijackThis file:

Logfile of HijackThis v1.99.1
Scan saved at 9:25:31 PM, on 10/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Virtual Account Numbers\CitiUCS.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Support\DSBrws.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Virtual Account Numbers\CitiUCS.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Virtual Account Numbers\CitiUCS.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Documents\geeksToGoDownloads\KayceeLogFiles\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mailredirect.netscape.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS.exe /dontopenmycards
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS.exe
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...74/mcinsctl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust...er/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127784665130
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127788431890
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://209.113.157.2...sCamControl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...erizonYahoo.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Here is the Kaspersky Log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, October 25, 2005 06:56:17
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/10/2005
Kaspersky Anti-Virus database records: 156133
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 85532
Number of viruses found: 36
Number of infected objects: 121
Number of suspicious objects: 0
Duration of the scan process: 3975 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Kaycee\Local Settings\Temporary Internet Files\Content.IE5\QUJUR23X\ibar[1].js Infected: Trojan-Downloader.JS.IstBar.ad
C:\Documents and Settings\Kaycee\Local Settings\Temporary Internet Files\Content.IE5\QUJUR23X\ysb_prompt[1].html Infected: Trojan-Downloader.JS.IstBar.j
C:\Program Files\Norton AntiVirus\Quarantine\02F90172 Infected: not-a-virus:AdWare.Win32.EliteBar.af
C:\Program Files\Norton AntiVirus\Quarantine\0300556B Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\Program Files\Norton AntiVirus\Quarantine\058C6A32 Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\Program Files\Norton AntiVirus\Quarantine\05F2603A.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\06585641.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\08032057 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\09434049 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\Program Files\Norton AntiVirus\Quarantine\10641245 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\Program Files\Norton AntiVirus\Quarantine\111C2631 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\11821C38 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\150D07B1 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\169415DF.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\Program Files\Norton AntiVirus\Quarantine\1CAC622F Infected: Trojan-Clicker.Win32.Small.et
C:\Program Files\Norton AntiVirus\Quarantine\1D125837 Infected: not-a-virus:AdWare.Win32.WebSearch.d
C:\Program Files\Norton AntiVirus\Quarantine\22EA034B Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\283D1E2E Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\28A31436 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\28DD66DE Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\29090A3D Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\2A6E7DA4 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\318E4FA0 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\Program Files\Norton AntiVirus\Quarantine\31DA2E5A Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\Program Files\Norton AntiVirus\Quarantine\32E87062 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\32F92A9F Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\32F92A9F.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\32FD549C Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\33007E98 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33032894 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\Program Files\Norton AntiVirus\Quarantine\33032894.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33075291.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\330A7C8D Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\330D268A Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\330D268A.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33105086 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33147A82 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33147A82.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\3317247F Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\331A4E7B Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\331D7878/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\Program Files\Norton AntiVirus\Quarantine\331D7878 Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\Program Files\Norton AntiVirus\Quarantine\331D7878.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33212274 Infected: Trojan-Downloader.Win32.Agent.ed
C:\Program Files\Norton AntiVirus\Quarantine\33244C70 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\Program Files\Norton AntiVirus\Quarantine\33244C70.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\3327766D Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\332A2069 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\332A2069.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\332E4A66 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\33317462 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33341E5E Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\3338485B Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\333B7257 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\333E1C54 Infected: not-a-virus:AdWare.Win32.BHO.l
C:\Program Files\Norton AntiVirus\Quarantine\33414650.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\33414650.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\33414650.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\3345704D Infected: Trojan-Clicker.Win32.Delf.r
C:\Program Files\Norton AntiVirus\Quarantine\334B4445 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\334E6E42 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\3352183E Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\3355423B Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33586C37 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\Program Files\Norton AntiVirus\Quarantine\335B1633 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\Program Files\Norton AntiVirus\Quarantine\335B1633.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33626A2C Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33651429.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33683E25 Infected: Trojan-Clicker.Win32.Small.et
C:\Program Files\Norton AntiVirus\Quarantine\33683E25.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\Program Files\Norton AntiVirus\Quarantine\336C6821.exe Infected: Trojan-Dropper.Win32.Small.wc
C:\Program Files\Norton AntiVirus\Quarantine\336C6821.ocx Infected: Trojan-Downloader.Win32.Agent.ex
C:\Program Files\Norton AntiVirus\Quarantine\33935FF6.dat Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33935FF6.exe Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\339D5DEB.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\Program Files\Norton AntiVirus\Quarantine\339D5DEB.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\339D5DEB.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\33A007E8.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\33A007E8.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\33A331E4.dll Infected: Trojan-Downloader.Win32.Qoologic.q
C:\Program Files\Norton AntiVirus\Quarantine\34335034 Infected: Trojan-Downloader.Win32.VB.eu
C:\Program Files\Norton AntiVirus\Quarantine\3499463C Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\Program Files\Norton AntiVirus\Quarantine\34FF3C43 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\38A5729A Infected: Trojan-Clicker.Win32.Small.et
C:\Program Files\Norton AntiVirus\Quarantine\3FC30C33 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\3FCE7398 Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\402A023A Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\40907842 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\Program Files\Norton AntiVirus\Quarantine\4B395983 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\4BBA3E39 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\4C203440/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\4C203440 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\4E0F178F Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\552F698B Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\56E40430 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\574A7A38 Infected: Trojan-Downloader.Win32.VB.eu
C:\Program Files\Norton AntiVirus\Quarantine\59D85EF7 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\5D1F504C Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\5D42013C.exe Infected: Trojan-Downloader.Win32.Mediket.ag
C:\Program Files\Norton AntiVirus\Quarantine\5E825462.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.l
C:\Program Files\Norton AntiVirus\Quarantine\63412C3E Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\69F634FE Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\6A5C1ED2 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\6E6B7235.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\6E6B7235.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\6E6B7235.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\73E24A56 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\7995382C.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\79FB2E33.cab/Belt.exe Infected: Trojan-Downloader.Win32.Stubby.a
C:\Program Files\Norton AntiVirus\Quarantine\79FB2E33.cab Infected: Trojan-Downloader.Win32.Stubby.a
C:\Program Files\Norton AntiVirus\Quarantine\7A61243B Infected: Trojan-Clicker.Win32.Small.ez
C:\Program Files\Norton AntiVirus\Quarantine\7A61243B.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\7AC71A43 Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\7B031C52 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\Program Files\Norton AntiVirus\Quarantine\7EBF5F3D.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\7EC2093A.dat Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\7EC2093A.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\Program Files\Norton AntiVirus\Quarantine\7F604167.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1006\Dc7.cab/eied_s7_c_7.exe Infected: Trojan-Downloader.Win32.Mediket.ag
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1006\Dc7.cab Infected: Trojan-Downloader.Win32.Mediket.ag
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1006\Dc8.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao

Scan process completed.
  • 0

#35
Dragon
Posted 25 October 2005 - 06:57 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
well from looking at the logs it appears that your quarantine files never got emptied on Norton.

To remove Norton AntiVirus 2005 files from quarantine1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program and click Norton AntiVirus.
2. In the left pane, click Reports.
3. Click View Quarantined Items.
4. In the right pane, select the files that you want to remove.
To select multiple items, press and hold down the Ctrl key while clicking the items that you want to select for deletion. To select everything in Quarantine, click the first item in the list, and then press Shift+End.
5. Click Delete Item.
6. When prompted "Warning! Are you sure that you want to remove this item from Quarantine," click Yes.
7. Close the Quarantine window, and then exit Norton AntiVirus.
Next,
we need to clean the temporary internet files out. easiest way to do this as follows. plus it will do some extra cleaning to your system.

click on start>programs>accesories>system tools>disk cleanup make sur everything is checked and hit ok. This may take a while to run so please be patient.

then run a new Kaspersky online scan and post the log here.

Edited by Efwis, 25 October 2005 - 06:58 AM.

  • 0

#36
mccartj4
Posted 25 October 2005 - 04:25 PM

mccartj4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
There were no Norton Quarantine files to delete. I deleted the temporary internet files and here is the latest Kaspersky scan report:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, October 25, 2005 18:22:36
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/10/2005
Kaspersky Anti-Virus database records: 156300
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79312
Number of viruses found: 35
Number of infected objects: 118
Number of suspicious objects: 0
Duration of the scan process: 3086 sec

Infected Object Name - Virus Name
C:\Program Files\Norton AntiVirus\Quarantine\02F90172 Infected: not-a-virus:AdWare.Win32.EliteBar.af
C:\Program Files\Norton AntiVirus\Quarantine\0300556B Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\Program Files\Norton AntiVirus\Quarantine\058C6A32 Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\Program Files\Norton AntiVirus\Quarantine\05F2603A.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\06585641.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\08032057 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\09434049 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\Program Files\Norton AntiVirus\Quarantine\10641245 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\Program Files\Norton AntiVirus\Quarantine\111C2631 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\11821C38 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\150D07B1 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\169415DF.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\Program Files\Norton AntiVirus\Quarantine\1CAC622F Infected: Trojan-Clicker.Win32.Small.et
C:\Program Files\Norton AntiVirus\Quarantine\1D125837 Infected: not-a-virus:AdWare.Win32.WebSearch.d
C:\Program Files\Norton AntiVirus\Quarantine\20372A40.js Infected: Trojan-Downloader.JS.IstBar.ad
C:\Program Files\Norton AntiVirus\Quarantine\22EA034B Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\283D1E2E Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\28A31436 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\28DD66DE Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\29090A3D Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\2A6E7DA4 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\318E4FA0 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\Program Files\Norton AntiVirus\Quarantine\31DA2E5A Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\Program Files\Norton AntiVirus\Quarantine\32E87062 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\32F92A9F Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\32F92A9F.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\32FD549C Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\33007E98 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33032894 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\Program Files\Norton AntiVirus\Quarantine\33032894.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33075291.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\330A7C8D Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\330D268A Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\330D268A.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33105086 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33147A82 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33147A82.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\3317247F Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\331A4E7B Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\331D7878/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\Program Files\Norton AntiVirus\Quarantine\331D7878 Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\Program Files\Norton AntiVirus\Quarantine\331D7878.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33212274 Infected: Trojan-Downloader.Win32.Agent.ed
C:\Program Files\Norton AntiVirus\Quarantine\33244C70 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\Program Files\Norton AntiVirus\Quarantine\33244C70.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\3327766D Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\332A2069 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\332A2069.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\332E4A66 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\33317462 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33341E5E Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\3338485B Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\333B7257 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\333E1C54 Infected: not-a-virus:AdWare.Win32.BHO.l
C:\Program Files\Norton AntiVirus\Quarantine\33414650.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\33414650.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\33414650.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\3345704D Infected: Trojan-Clicker.Win32.Delf.r
C:\Program Files\Norton AntiVirus\Quarantine\334B4445 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\334E6E42 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\3352183E Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\3355423B Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33586C37 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\Program Files\Norton AntiVirus\Quarantine\335B1633 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\Program Files\Norton AntiVirus\Quarantine\335B1633.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33626A2C Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\33651429.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33683E25 Infected: Trojan-Clicker.Win32.Small.et
C:\Program Files\Norton AntiVirus\Quarantine\33683E25.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\Program Files\Norton AntiVirus\Quarantine\336C6821.exe Infected: Trojan-Dropper.Win32.Small.wc
C:\Program Files\Norton AntiVirus\Quarantine\336C6821.ocx Infected: Trojan-Downloader.Win32.Agent.ex
C:\Program Files\Norton AntiVirus\Quarantine\33935FF6.dat Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\33935FF6.exe Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\339D5DEB.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\Program Files\Norton AntiVirus\Quarantine\339D5DEB.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\339D5DEB.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\33A007E8.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\33A007E8.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\33A331E4.dll Infected: Trojan-Downloader.Win32.Qoologic.q
C:\Program Files\Norton AntiVirus\Quarantine\34335034 Infected: Trojan-Downloader.Win32.VB.eu
C:\Program Files\Norton AntiVirus\Quarantine\3499463C Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\Program Files\Norton AntiVirus\Quarantine\34FF3C43 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\38A5729A Infected: Trojan-Clicker.Win32.Small.et
C:\Program Files\Norton AntiVirus\Quarantine\3FC30C33 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\3FCE7398 Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\402A023A Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\40907842 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\Program Files\Norton AntiVirus\Quarantine\4B395983 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\4BBA3E39 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\4C203440/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\4C203440 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Norton AntiVirus\Quarantine\4E0F178F Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\552F698B Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\56E40430 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\574A7A38 Infected: Trojan-Downloader.Win32.VB.eu
C:\Program Files\Norton AntiVirus\Quarantine\59D85EF7 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\Program Files\Norton AntiVirus\Quarantine\5D1F504C Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\5D42013C.exe Infected: Trojan-Downloader.Win32.Mediket.ag
C:\Program Files\Norton AntiVirus\Quarantine\5E825462.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.l
C:\Program Files\Norton AntiVirus\Quarantine\63412C3E Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\69F634FE Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\6A5C1ED2 Infected: Trojan.Win32.Agent.cp
C:\Program Files\Norton AntiVirus\Quarantine\6E6B7235.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\6E6B7235.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\6E6B7235.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\73E24A56 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\7995382C.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\79FB2E33.cab/Belt.exe Infected: Trojan-Downloader.Win32.Stubby.a
C:\Program Files\Norton AntiVirus\Quarantine\79FB2E33.cab Infected: Trojan-Downloader.Win32.Stubby.a
C:\Program Files\Norton AntiVirus\Quarantine\7A61243B Infected: Trojan-Clicker.Win32.Small.ez
C:\Program Files\Norton AntiVirus\Quarantine\7A61243B.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\7AC71A43 Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\7B031C52 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\Program Files\Norton AntiVirus\Quarantine\7EBF5F3D.asq Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\7EC2093A.dat Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\7EC2093A.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\Program Files\Norton AntiVirus\Quarantine\7F604167.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000248.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao

Scan process completed.
  • 0

#37
Dragon
Posted 25 October 2005 - 05:09 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
ok, while I research this further, could you please login under every screenname on the system and make sure the quarantine files are empty.
could you also please navigate to the following folder using My computer and delete all entries in it.

C:\Program Files\Norton AntiVirus\Quarantine

Don't delete the folder itself, just the contents in it.


I'm thinking that Kaspersky is hitting a quarantine file from another sign in screen.


after that is done if you would let me know if one of them did have files in the quarantine. hopefully by then, if not sooner I will have my next plan of attack figured out.
  • 0

#38
mccartj4
Posted 25 October 2005 - 06:22 PM

mccartj4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
There were no quarantined files reported by Norton in anyone's sign on. I have not manually run the Norton Antivirus Scan under anyone else's sign on. I don't know if that makes any difference or not. I deleted all of the files in the Norton Quarantine folder. I did not delete the two folders in there called Incoming and Portal. There was nothing in those two folders.

There are 6 sign ons on this computer. Besides the Huntbar problem going on with my daughter's sign on, I got the following Microsoft AntiSyware alert on three other sign ons(my other daughter's sign on, my wife's sign on, and one of my son's sign ons): IBIS TOOLBAR ADWARE is trying to install.
  • 0

#39
Dragon
Posted 25 October 2005 - 06:43 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
ok, here comes the not so fun part, we need to run Kaspersky online scan on everyone of the sign ons that antispyware reported the install attempt. I would like to see those logs afterwards.
Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode, you must be signed on as the administrator

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

Edited by Efwis, 25 October 2005 - 06:44 PM.

  • 0

#40
mccartj4
Posted 26 October 2005 - 11:38 AM

mccartj4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
There are 4 sign ons getting things trying to install that Microsoft AntiSpy is blocking. One is Huntbar which is where we started with Daughter#1. Daughter#2, Son#1, and my wife are all getting the IBIS Toolbar Adware problem. I have previously posted the Kaspersky scan for Daughter#1. My sign on and Son#2's sign on seem to be trouble free. Here are the Kaspersky scans for the others:

Daughter#2:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, October 26, 2005 08:07:08
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/10/2005
Kaspersky Anti-Virus database records: 156349
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79845
Number of viruses found: 36
Number of infected objects: 119
Number of suspicious objects: 0
Duration of the scan process: 3882 sec

Infected Object Name - Virus Name
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc1 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc10/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc10 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc100 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc101 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc102.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc103.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc104 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc105 Infected: Trojan-Downloader.Win32.Agent.ed
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc106 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc108.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc109 Infected: Trojan-Downloader.Win32.VB.eu
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc11 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc110 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc12 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc13.exe Infected: Trojan-Downloader.Win32.Mediket.ag
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc14.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc15.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc16 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc18 Infected: Trojan-Clicker.Win32.Small.ez
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc19.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc2 Infected: not-a-virus:AdWare.Win32.WebSearch.d
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc20 Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc21 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc22.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc23.dat Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc24.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc25.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc26 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc27 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc28 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc29 Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc3 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc30 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc31 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc32.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc33 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc34.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc34.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc35.dll Infected: Trojan-Downloader.Win32.Qoologic.q
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc36 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc37 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc38 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc39 Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc4 Infected: not-a-virus:AdWare.Win32.EliteBar.af
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc40 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc41 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc42 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc43.cab/Belt.exe Infected: Trojan-Downloader.Win32.Stubby.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc43.cab Infected: Trojan-Downloader.Win32.Stubby.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc44 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc45 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc46 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc47 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc48 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc49 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc50.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc51 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc52/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc52 Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc53.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc54 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc55.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc56 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc57 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc58 Infected: not-a-virus:AdWare.Win32.BHO.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc59 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc6 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc60 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc61 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc62.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc63.exe Infected: Trojan-Dropper.Win32.Small.wc
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc64.ocx Infected: Trojan-Downloader.Win32.Agent.ex
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc65.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc66.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc66.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc67 Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc68 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc69 Infected: Trojan-Downloader.Win32.VB.eu
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc7 Infected: Trojan-Downloader.Win32.Qoologic.p
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc70 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc71.js Infected: Trojan-Downloader.JS.IstBar.ad
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc72 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc73 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc74 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc75.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc76 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc77.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc78 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc79 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc8 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc80 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc81 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc82.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc83.dat Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc84.exe Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc85 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc86.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc87 Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc88 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc89 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc9 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc90 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc91 Infected: Trojan-Clicker.Win32.Delf.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc92 Infected: Trojan-Downloader.Win32.Qoologic.p
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc94 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc95 Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc96.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc97.exe Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc98 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc99 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000248.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001225.exe Infected: Trojan-Dropper.Win32.Small.pv

Scan process completed.

Son#1:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, October 25, 2005 22:38:58
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/10/2005
Kaspersky Anti-Virus database records: 156312
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79612
Number of viruses found: 36
Number of infected objects: 119
Number of suspicious objects: 0
Duration of the scan process: 4030 sec

Infected Object Name - Virus Name
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc1 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc10/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc10 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc100 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc101 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc102.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc103.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc104 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc105 Infected: Trojan-Downloader.Win32.Agent.ed
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc106 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc108.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc109 Infected: Trojan-Downloader.Win32.VB.eu
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc11 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc110 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc12 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc13.exe Infected: Trojan-Downloader.Win32.Mediket.ag
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc14.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc15.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc16 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc18 Infected: Trojan-Clicker.Win32.Small.ez
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc19.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc2 Infected: not-a-virus:AdWare.Win32.WebSearch.d
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc20 Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc21 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc22.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc23.dat Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc24.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc25.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc26 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc27 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc28 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc29 Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc3 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc30 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc31 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc32.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc33 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc34.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc34.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc35.dll Infected: Trojan-Downloader.Win32.Qoologic.q
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc36 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc37 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc38 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc39 Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc4 Infected: not-a-virus:AdWare.Win32.EliteBar.af
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc40 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc41 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc42 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc43.cab/Belt.exe Infected: Trojan-Downloader.Win32.Stubby.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc43.cab Infected: Trojan-Downloader.Win32.Stubby.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc44 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc45 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc46 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc47 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc48 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc49 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc50.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc51 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc52/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc52 Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc53.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc54 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc55.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc56 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc57 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc58 Infected: not-a-virus:AdWare.Win32.BHO.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc59 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc6 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc60 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc61 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc62.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc63.exe Infected: Trojan-Dropper.Win32.Small.wc
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc64.ocx Infected: Trojan-Downloader.Win32.Agent.ex
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc65.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc66.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc66.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc67 Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc68 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc69 Infected: Trojan-Downloader.Win32.VB.eu
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc7 Infected: Trojan-Downloader.Win32.Qoologic.p
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc70 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc71.js Infected: Trojan-Downloader.JS.IstBar.ad
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc72 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc73 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc74 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc75.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc76 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc77.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc78 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc79 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc8 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc80 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc81 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc82.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc83.dat Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc84.exe Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc85 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc86.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc87 Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc88 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc89 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc9 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc90 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc91 Infected: Trojan-Clicker.Win32.Delf.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc92 Infected: Trojan-Downloader.Win32.Qoologic.p
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc94 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc95 Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc96.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc97.exe Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc98 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc99 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000248.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001225.exe Infected: Trojan-Dropper.Win32.Small.pv

Scan process completed.

Wife:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, October 26, 2005 06:19:13
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/10/2005
Kaspersky Anti-Virus database records: 156314
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79694
Number of viruses found: 36
Number of infected objects: 119
Number of suspicious objects: 0
Duration of the scan process: 3423 sec

Infected Object Name - Virus Name
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc1 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc10/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc10 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc100 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc101 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc102.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc103.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc104 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc105 Infected: Trojan-Downloader.Win32.Agent.ed
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc106 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc107.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc108.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc109 Infected: Trojan-Downloader.Win32.VB.eu
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc11 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc110 Infected: Trojan-Downloader.Win32.Qoologic.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc12 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc13.exe Infected: Trojan-Downloader.Win32.Mediket.ag
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc14.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc15.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc16 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc17.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc18 Infected: Trojan-Clicker.Win32.Small.ez
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc19.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc2 Infected: not-a-virus:AdWare.Win32.WebSearch.d
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc20 Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc21 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.i
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc22.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc23.dat Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc24.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc25.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc26 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc27 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc28 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc29 Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc3 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc30 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc31 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc32.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc33 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc34.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc34.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc35.dll Infected: Trojan-Downloader.Win32.Qoologic.q
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc36 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc37 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc38 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc39 Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc4 Infected: not-a-virus:AdWare.Win32.EliteBar.af
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc40 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc41 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc42 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc43.cab/Belt.exe Infected: Trojan-Downloader.Win32.Stubby.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc43.cab Infected: Trojan-Downloader.Win32.Stubby.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc44 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc45 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc46 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc47 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc48 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc49 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc50.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc51 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc52/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc52 Infected: not-a-virus:AdWare.Win32.VirtualBouncer
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc53.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc54 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc55.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc56 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc57 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc58 Infected: not-a-virus:AdWare.Win32.BHO.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc59 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc6 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc60 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc61 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc62.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc63.exe Infected: Trojan-Dropper.Win32.Small.wc
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc64.ocx Infected: Trojan-Downloader.Win32.Agent.ex
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc65.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc66.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc66.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc67 Infected: Trojan-Downloader.Win32.Apropo.u
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc68 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc69 Infected: Trojan-Downloader.Win32.VB.eu
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc7 Infected: Trojan-Downloader.Win32.Qoologic.p
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc70 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc71.js Infected: Trojan-Downloader.JS.IstBar.ad
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc72 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc73 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc74 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc75.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc76 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc77.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc78 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc79 Infected: not-a-virus:AdWare.Win32.CoolBar.a
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc8 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc80 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc81 Infected: Trojan-Clicker.Win32.Small.et
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc82.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc83.dat Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc84.exe Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc85 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc86.exe Infected: Trojan-Downloader.Win32.Agent.oa
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc87 Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc88 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc89 Infected: Trojan.Win32.Agent.db
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc9 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc90 Infected: Trojan-Downloader.Win32.Qoologic.l
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc91 Infected: Trojan-Clicker.Win32.Delf.r
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc92 Infected: Trojan-Downloader.Win32.Qoologic.p
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc94 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc95 Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc96.asq Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc97.exe Infected: Trojan.Win32.Pakes
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc98 Infected: Trojan.Win32.Agent.cp
C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008\Dc99 Infected: Trojan-Downloader.Win32.Qoologic.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000248.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001225.exe Infected: Trojan-Dropper.Win32.Small.pv

Scan process completed.


Here is the results of WinPFind.txt:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 7/6/2005 7:47:34 AM 8228 C:\WINDOWS\jnjvj.dll
web-nex 7/6/2005 7:47:34 AM 8228 C:\WINDOWS\jnjvj.dll
ad-w-a-r-e.com 7/6/2005 7:47:34 AM 8228 C:\WINDOWS\jnjvj.dll
PECompact2 9/29/2005 4:46:56 PM 15961855 C:\WINDOWS\LPT$VPN.865
qoologic 9/29/2005 4:46:56 PM 15961855 C:\WINDOWS\LPT$VPN.865
SAHAgent 9/29/2005 4:46:56 PM 15961855 C:\WINDOWS\LPT$VPN.865
UPX! 9/29/2005 6:54:10 AM 170053 C:\WINDOWS\tsc.exe
PECompact2 9/29/2005 4:46:56 PM 15961855 C:\WINDOWS\VPTNFILE.865
qoologic 9/29/2005 4:46:56 PM 15961855 C:\WINDOWS\VPTNFILE.865
SAHAgent 9/29/2005 4:46:56 PM 15961855 C:\WINDOWS\VPTNFILE.865
UPX! 9/29/2005 4:46:56 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 9/29/2005 4:46:56 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 7/18/2005 4:22:12 PM 59252 C:\WINDOWS\SYSTEM32\ansi.cfg
PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 8/29/2005 1:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 10/4/2005 10:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/4/2005 10:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
SAHAgent 5/15/2005 11:56:40 AM 35 C:\WINDOWS\SYSTEM32\pnqg3pqt.ini
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
SAHAgent 6/30/2005 7:45:14 AM 3464 C:\WINDOWS\SYSTEM32\s29stt7o.ini
winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/26/2005 8:28:32 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
9/26/2005 9:32:42 PM H 0 C:\WINDOWS\INF\oem58.inf
9/27/2005 4:01:46 PM H 0 C:\WINDOWS\INF\oem61.inf
9/28/2005 2:56:48 PM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_18.cab
10/4/2005 9:17:40 PM S 21737 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
9/28/2005 11:53:30 AM S 17402 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
9/9/2005 7:15:08 PM S 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
8/29/2005 9:25:44 PM S 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904706.cat
10/26/2005 8:28:24 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/26/2005 8:28:52 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/26/2005 8:28:36 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/26/2005 8:29:46 AM H 65536 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/26/2005 8:28:40 AM H 1122304 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
10/14/2005 12:07:18 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
10/19/2005 7:33:32 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\cf298fd7-1ee8-455c-9c7a-a2ac6f223d17
10/19/2005 7:33:32 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
10/26/2005 8:27:40 AM H 6 C:\WINDOWS\Tasks\SA.DAT
10/10/2005 7:34:36 PM H 10 C:\WINDOWS\Temp\CS00ADF175-3C04-4496-B771-707C63FE4821.tmp
10/15/2005 7:16:42 AM H 10 C:\WINDOWS\Temp\CS00DBAF55-51DD-46D4-BDCA-D42FCA60C93C.tmp
10/14/2005 7:59:16 AM H 108974 C:\WINDOWS\Temp\CS0107E9FD-92DD-4FF3-8B92-904FAA4B4B5B.tmp
10/16/2005 7:58:56 AM H 10 C:\WINDOWS\Temp\CS0191B46B-168B-409E-884B-3DDE3BCE6AB7.tmp
10/15/2005 7:16:42 AM H 10 C:\WINDOWS\Temp\CS019746A9-1DC5-4A14-BC65-F1E8A0D3AC22.tmp
10/15/2005 7:01:52 PM H 5464 C:\WINDOWS\Temp\CS01DA2FFF-19F3-4829-80BF-06D9B9C092B0.tmp
10/15/2005 7:16:42 AM H 120 C:\WINDOWS\Temp\CS02C90908-A51A-4D94-A6F6-3F3D98CB3F3E.tmp
10/14/2005 7:59:16 AM H 42302 C:\WINDOWS\Temp\CS04192207-FC6B-4490-BE29-E04089448B67.tmp
10/16/2005 3:39:38 PM H 10 C:\WINDOWS\Temp\CS04913C1B-83FF-4F3F-82CE-5BD3CBCF7599.tmp
10/15/2005 7:16:42 AM H 10 C:\WINDOWS\Temp\CS06CF98E2-7528-43D8-81F0-D96A59909F52.tmp
10/16/2005 3:39:38 PM H 10 C:\WINDOWS\Temp\CS07693C62-CC38-475E-AC41-CD274B5AE9D2.tmp
10/14/2005 2:42:06 PM H 32 C:\WINDOWS\Temp\CS07785D79-1C43-4E45-A041-04C6680E6166.tmp
10/10/2005 7:34:36 PM H 10 C:\WINDOWS\Temp\CS077ACBD8-46B2-4EE1-8A50-84C0C83F08CD.tmp
10/16/2005 7:58:56 AM H 68 C:\WINDOWS\Temp\CS078AFA7A-EA22-4EF3-B53C-62A2214197B9.tmp
10/15/2005 7:16:42 AM H 50 C:\WINDOWS\Temp\CS07BB68DF-CA1E-47F5-9654-0F36E19462CB.tmp
10/10/2005 7:34:36 PM H 162 C:\WINDOWS\Temp\CS0818C7C8-A1A2-4F8B-B6C2-31E141DD6AAA.tmp
10/16/2005 7:58:56 AM H 10 C:\WINDOWS\Temp\CS0C73DC96-D874-4DEB-AA55-9D37BBE5D19A.tmp
10/14/2005 8:35:58 AM H 71346 C:\WINDOWS\Temp\CS0CDC3AC9-FC9D-420D-8725-CB73652BEFFE.tmp
10/16/2005 4:07:48 PM H 0 C:\WINDOWS\Temp\CS0CEF39BC-E287-475E-AB6D-E11BB332A8CF.tmp
10/16/2005 7:58:56 AM H 100 C:\WINDOWS\Temp\CS0D599F02-BF29-4DC5-9B92-52551945DCDA.tmp
10/16/2005 3:39:38 PM H 10 C:\WINDOWS\Temp\CS0D6546D5-057B-4E30-8FDD-6D12FD33B448.tmp
10/14/2005 6:11:50 PM H 1481806 C:\WINDOWS\Temp\CS0E23EB2F-FA01-4D2A-9B7D-CF07869F67E1.tmp
10/15/2005 7:16:42 AM H 0 C:\WINDOWS\Temp\CS0E3472F7-7EB5-470D-9813-8C2552B065AE.tmp
10/10/2005 7:34:36 PM H 10 C:\WINDOWS\Temp\CS0E7D416E-0114-4AD3-B287-07270BDF3086.tmp
10/16/2005 7:58:56 AM H 10 C:\WINDOWS\Temp\CS0EA6B133-DDEC-4C0E-8412-315D3DEC0E72.tmp
10/10/2005 7:34:36 PM H 10 C:\WINDOWS\Temp\CS0FEE74AF-6C7C-489B-BBFB-A650ACB9804B.tmp
10/14/2005 3:07:16 PM H 2016 C:\WINDOWS\Temp\CS10357C7E-FB71-4D88-A505-E7DC18E3171A.tmp
10/10/2005 5:21:10 PM H 0 C:\WINDOWS\Temp\CS10573726-84A1-4629-B38A-985C813EBA33.tmp
10/14/2005 6:11:56 PM H 710228 C:\WINDOWS\Temp\CS10912B7C-94DB-43C3-861A-7AC4385A76C0.tmp
10/16/2005 7:58:56 AM H 1184 C:\WINDOWS\Temp\CS110E22E1-A727-47BA-BA35-32009EF848F5.tmp
10/14/2005 8:35:58 AM H 140 C:\WINDOWS\Temp\CS118738A9-3536-4288-8037-0F0D11067552.tmp
10/16/2005 10:20:20 AM H 81580 C:\WINDOWS\Temp\CS119FA2E2-B7AA-4750-9330-BAFAA6576EDC.tmp
10/16/2005 3:39:38 PM H 10 C:\WINDOWS\Temp\CS1231B978-7599-418E-B7EA-A053C798B68A.tmp
10/16/2005 7:58:56 AM H 944 C:\WINDOWS\Temp\CS123D0448-A5B0-4667-B62F-995D29463635.tmp
10/10/2005 5:33:46 PM H 81580 C:\WINDOWS\Temp\CS126C377B-9DBA-4F97-8096-0157FFE2CC33.tmp
10/10/2005 7:34:36 PM H 42 C:\WINDOWS\Temp\CS131A093E-8120-43F8-A265-786FF65304DF.tmp
10/10/2005 7:34:36 PM H 10 C:\WINDOWS\Temp\CS1331CC22-6BE2-4931-A305-812A9D4DE784.tmp
10/10/2005 5:21:10 PM H 1333462 C:\WINDOWS\Temp\CS1349659B-4BBD-4800-8259-86B5BE7F7DA5.tmp
10/10/2005 7:34:36 PM H 10 C:\WINDOWS\Temp\CS13E4D618-B97A-47A7-A6A1-2F435FD52D5C.tmp
10/14/2005 2:42:06 PM H 240 C:\WINDOWS\Temp\CS140B3C40-27DD-4A7C-BDA7-D0A66DB17409.tmp
10/14/2005 8:35:58 AM H 2344062 C:\WINDOWS\Temp\CS142AAD4A-E92E-462F-8F30-8CAD5DC74186.tmp
10/14/2005 7:59:16 AM H 30 C:\WINDOWS\Temp\CS142F9813-BB05-4731-B209-98BA43C7E521.tmp
10/10/2005 7:34:36 PM H 196 C:\WINDOWS\Temp\CS146D0C56-6F64-424A-A8DD-A493813DB2FC.tmp
10/14/2005 5:03:28 PM H 1836 C:\WINDOWS\Temp\CS14D8004A-6BE3-4760-9A94-467549EF3D0F.tmp
10/10/2005 5:33:44 PM H 1836 C:\WINDOWS\Temp\CS157FA272-04C8-437A-AB70-CB0BE97C1741.tmp
10/16/2005 3:39:38 PM H 0 C:\WINDOWS\Temp\CS164AC8D7-0159-4091-ABEC-B30EF12C7093.tmp
10/14/2005 2:42:06 PM H 3429 C:\WINDOWS\Temp\CS166851B5-70FB-4EF6-9053-6BDA6BC04CF2.tmp
10/15/2005 7:16:42 AM H 68 C:\WINDOWS\Temp\CS1745B8BD-7550-4E0C-894F-26AFACADA040.tmp
10/15/2005 7:16:42 AM H 0 C:\WINDOWS\Temp\CS181BF80F-F7FC-4D54-B56A-1385A69292D6.tmp
10/10/2005 5:33:46 PM H 709248 C:\WINDOWS\Temp\CS1820D40B-35F1-4C7A-83AA-4D94567DE25A.tmp
10/16/2005 4:07:46 PM H 0 C:\WINDOWS\Temp\CS186961F7-EF23-4ACF-9465-850D253F3CFA.tmp
10/15/2005 7:16:42 AM H 114 C:\WINDOWS\Temp\CS19E325A4-1C58-47F9-A2A9-6564BB4FCB75.tmp
10/16/2005 4:07:48 PM H 1111012 C:\WINDOWS\Temp\CS1AE84598-4FA4-460D-B6E5-F88CB9F771AE.tmp
10/15/2005 7:01:52 PM H 140 C:\WINDOWS\Temp\CS1BFD7B1C-04BB-47AF-83FF-334EB4DF8E96.tmp
10/14/2005 8:35:58 AM H 3429 C:\WINDOWS\Temp\CS1DEE3852-6C4B-4901-B735-84305CD7E289.tmp
10/16/2005 7:58:56 AM H 120 C:\WINDOWS\Temp\CS1E1F0CED-EA10-410C-883B-DFF5B2BA9923.tmp
10/15/2005 7:16:42 AM H 10 C:\WINDOWS\Temp\CS1EB76B73-DC9E-46DC-9465-2A54A577F312.tmp
10/14/2005 7:59:16 AM H 5464 C:\WINDOWS\Temp\CS1EC0F7E6-2F04-45BB-A4B0-68BB2624A343.tmp
10/14/2005 3:07:16 PM H 240 C:\WINDOWS\Temp\CS1EDCD119-1EBC-4423-A7D7-A8E826ECC627.tmp
10/16/2005 10:20:20 AM H 360 C:\WINDOWS\Temp\CS1EDE668A-5462-49E1-AA51-5BBB73CA9F51.tmp
10/15/2005 7:16:42 AM H 48 C:\WINDOWS\Temp\CS2091B721-3539-478E-8031-BB22AC47EB1B.tmp
10/14/2005 6:11:54 PM H 81580 C:\WINDOWS\Temp\CS213113FB-B9F6-4CEE-9C1F-998D123E8052.tmp
10/16/2005 10:20:20 AM H 204 C:\WINDOWS\Temp\CS214DE76B-BF3B-4315-BE61-B877FD382E6B.tmp
10/10/2005 7:34:36 PM H 10 C:\WINDOWS\Temp\CS2164978E-7A5C-42DA-A513-60073CE26028.tmp
10/14/2005 3:07:16 PM H 1513084 C:\WINDOWS\Temp\CS217545DB-CAF7-4868-8D97-7A6A1C2CD312.tmp
10/16/2005 7:58:56 AM H 848 C:\WINDOWS\Temp\CS220F4CB8-DF4C-49C5-A7A9-1E59F3083AC2.tmp
10/15/2005 7:16:42 AM H 0 C:\WINDOWS\Temp\CS2280F2ED-07A3-46DD-9C0A-9A9B6D35B87A.tmp
10/15/2005 9:54:30 PM H 709248 C:\WINDOWS\Temp\CS22EE9EBE-B24C-4FD4-9BB6-7AFC5C08C952.tmp
10/14/2005 7:59:16 AM H 1333462 C:\WINDOWS\Temp\CS25C44B45-E7B6-43C1-9B7B-8B6290D90746.tmp
10/10/2005 7:34:36 PM H 10 C:\WINDOWS\Temp\CS26007ABB-11F6-4941-9706-9EA7ACD4D048.tmp
10/14/2005 3:07:16 PM H 32 C:\WINDOWS\Temp\CS289F0D2B-C208-442C-B156-03D85CE03AB9.tmp
10/14/2005 7:59:16 AM H 0 C:\WINDOWS\Temp\CS28C523F8-DD22-4075-A583-557FF813761A.tmp
10/16/2005 7:58:56 AM H 196 C:\WINDOWS\Temp\CS294D495C-33D2-4BA0-A2C1-174FC7E935C1.tmp
10/14/2005 8:35:58 AM H 240 C:\WINDOWS\Temp\CS29F258E8-70CF-4262-8D9B-A12BBE68C669.tmp
10/16/2005 4:07:48 PM H 0 C:\WINDOWS\Temp\CS29F897C7-6308-4780-944D-30C1CB582634.tmp
10/16/2005 7:58:56 AM H 10 C:\WINDOWS\Temp\CS2A0FCE37-B8EF-4047-9162-696D3FD9E2B6.tmp
10/16/2005 3:39:38 PM H 50 C:\WINDOWS\Temp\CS2A21AD45-8AD8-4E59-A48D-8E5AD4157014.tmp
10/16/2005 7:58:56 AM H 10 C:\WINDOWS\Temp\CS2B29531C-C8DB-4F36-AA1A-67FC31292A74.tmp
10/16/2005 7:58:56 AM H 136 C:\WINDOWS\Temp\CS2B2AD78A-23F6-4B61-8EAC-630436CFA775.tmp
10/16/2005 7:58:
  • 0

Advertisements

#41
Dragon
Posted 26 October 2005 - 11:55 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
great news, we can get it completely cleaned up :tazz:


First,
Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold:

C:\RECYCLER\S-1-5-21-2448172095-1170726622-3096062353-1008
C:\WINDOWS\jnjvj.dll

reboot back to normal mode.

next under the primary sign on, which I assume is your sign on, do the following

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

After this is all done, please log into all the "infected" sign on screens one by one to see if ms Anti-spyware is still blocking any install attempts.

Edited by Efwis, 26 October 2005 - 11:56 AM.

  • 0

#42
mccartj4
Posted 27 October 2005 - 06:05 AM

mccartj4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
So far so good. Fingers crossed, it looks like everything is now ok. I'd like to try it out through the weekend when the kids will be active on the system and make sure there are no more problems, and I'll get back to you on Monday with the final results...
  • 0

#43
Dragon
Posted 27 October 2005 - 06:24 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
great, i anything happens before Monday feel free to let me know so we can get you fixed up.
  • 0

#44
mccartj4
Posted 31 October 2005 - 05:58 PM

mccartj4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok, everything seems to be fine now. We've been on for two or three days now with no probles to report. My family and I thank you for all your help.

--John
  • 0

#45
Dragon
Posted 31 October 2005 - 06:54 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
absolutely great news :tazz:

glad to hear we got this all straightened out for you.

I am now reclosing this topic.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP