son's computer has a virus!

Hi oj0sverdes
OK that was better.

Now do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Now lets get a on-line scan.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 20, 2008
Operating System: Microsoft Windows XP Professional (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 21, 2008 02:51:15
Records in database: 1116274
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 52573
Threat name 63
Infected objects 168
Suspicious objects 0
Duration of the scan 01:10:18

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lrz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00DC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qre 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00DC0001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F00000.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F00001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\029C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\029C0001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\029C0002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02C80000.VBN Infected: Trojan-Downloader.Win32.Homles.be 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02D00000.VBN Infected: Trojan-Downloader.Win32.Homles.be 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02D00001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.mef 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02F40000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02F40001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02F40002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\046C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04780000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\047C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00006.VBN Infected: Trojan.Java.ClassLoader.as 3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00007.VBN Infected: Trojan.Java.ClassLoader.as 3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06B80000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06B80001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07840000.VBN Infected: Trojan-Downloader.Win32.Small.tod 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980000.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\079C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00000.VBN Infected: Trojan-Downloader.Win32.Small.tod 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00002.VBN Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40000.VBN Infected: not-a-virus:AdWare.Win32.Insider.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qov 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40004.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80000.VBN Infected: Trojan-Downloader.Win32.Small.tod 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80002.VBN Infected: Trojan-Downloader.Win32.Small.tod 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07AC0000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07AC0001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B00000.VBN Infected: Trojan.Win32.BHO.bfl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B00001.VBN Infected: Trojan-Downloader.Win32.Agent.cbx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B80000.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07BC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qpx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07CC0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07CC0001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00005.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00006.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00007.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00008.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D40002.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\089C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qov 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09240000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qre 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09300000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100000.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100001.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.mef 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100003.VBN Infected: Trojan-Downloader.Win32.Agent.cbx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100004.VBN Infected: Trojan-Downloader.Win32.Agent.cbx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100005.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100006.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100007.VBN Infected: Trojan-Downloader.Win32.Homles.be 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100008.VBN Infected: Trojan-Downloader.Win32.Homles.be 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100009.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C10000A.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C10000B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C10000C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0002.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0003.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0004.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0005.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0006.VBN Infected: Trojan-Downloader.Win32.Homles.bc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0007.VBN Infected: Trojan-Downloader.Win32.Homles.bc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0008.VBN Infected: Trojan.Win32.KillAV.rf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0009.VBN Infected: Trojan.Win32.KillAV.rf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000A.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000D.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000E.VBN Infected: Trojan.Win32.KillAV.rf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000F.VBN Infected: Trojan.Win32.KillAV.rf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0012.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.lrz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0013.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0014.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0015.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0016.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0019.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001A.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001B.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001D.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001F.VBN Infected: Trojan-Downloader.Win32.Homles.bc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0020.VBN Infected: Trojan-Downloader.Win32.Homles.bc 1
C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\QooBox\Quarantine\C\Documents and Settings\jc\Application Data\SMANTE~1\chkntfs.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg 1
C:\QooBox\Quarantine\C\Documents and Settings\jc\UserData\EVSTUXMT\spymaxx_setup.exe.vir Infected: not-a-virus:FraudTool.Win32.SpyAway.g 1
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.gb 1
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gp 1
C:\QooBox\Quarantine\C\Program Files\Eroca\Eroca.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.i 1
C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir Infected: not-a-virus:AdWare.Win32.FunWeb.e 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1
C:\QooBox\Quarantine\C\Program Files\RACLE~1\ѕνchost.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.id 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\Cml.exe.vir Infected: not-a-virus:AdWare.Win32.HotBar.by 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbCoreSrv.dll.vir Infected: not-a-virus:AdWare.Win32.HotBar.bz 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbGuard.exe.vir Infected: not-a-virus:AdWare.Win32.HotBar.bw 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll.vir Infected: not-a-virus:AdWare.Win32.HotBar.bx 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostOE.dll.vir Infected: not-a-virus:AdWare.Win32.HotBar.ar 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostOL.dll.vir Infected: not-a-virus:AdWare.Win32.HotBar.be 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbInstIE.dll.vir Infected: not-a-virus:AdWare.Win32.HotBar.bj 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe.vir Infected: not-a-virus:AdWare.Win32.HotBar.bt 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbSrv.exe.vir Infected: not-a-virus:AdWare.Win32.HotBar.bt 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbToolbar.dll.vir Infected: not-a-virus:AdWare.Win32.HotBar.be 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWallpaper.dll.vir Infected: not-a-virus:AdWare.Win32.HotBar.be 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\SBTV\SBTV.exe.vir Infected: not-a-virus:AdWare.Win32.180Solutions.ay 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\SBTV\SBTVHelper.dll.vir Infected: not-a-virus:AdWare.Win32.HotBar.bi 1
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\SBTV\uninstaller.exe.vir Infected: not-a-virus:AdWare.Win32.180Solutions.ay 1
C:\QooBox\Quarantine\C\Program Files\SpyMaxx\uninstall.exe.vir Infected: not-a-virus:FraudTool.Win32.SpyAway.g 1
C:\QooBox\Quarantine\C\WINNT\b152.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c 1
C:\QooBox\Quarantine\C\WINNT\system32\awlsicnm.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\bikekukc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt 1
C:\QooBox\Quarantine\C\WINNT\system32\bthrrhuu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qok 1
C:\QooBox\Quarantine\C\WINNT\system32\cvvfswho.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\dbrifmwk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\deaxhglo.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\dldpyakd.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\dxchrtcw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qoy 1
C:\QooBox\Quarantine\C\WINNT\system32\gqphxwjj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qpi 1
C:\QooBox\Quarantine\C\WINNT\system32\hsjgyeie.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx 1
C:\QooBox\Quarantine\C\WINNT\system32\jmqeocdh.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\jrwxkwhe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrh 1
C:\QooBox\Quarantine\C\WINNT\system32\mlhkneav.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lua 1
C:\QooBox\Quarantine\C\WINNT\system32\njoowjdb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qpb 1
C:\QooBox\Quarantine\C\WINNT\system32\nxeicuec.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw 1
C:\QooBox\Quarantine\C\WINNT\system32\qumlckxu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qri 1
C:\QooBox\Quarantine\C\WINNT\system32\riicdwri.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrg 1
C:\QooBox\Quarantine\C\WINNT\system32\rycbujgx.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\toljleep.dll.vir Infected: Trojan.Win32.Monder.an 1
C:\QooBox\Quarantine\C\WINNT\system32\trtirovv.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\tsiytmas.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\uypkjcco.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qpw 1
C:\QooBox\Quarantine\C\WINNT\system32\vlkawdkq.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\wneovtge.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINNT\system32\xfgsdfxr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.afvf 1
C:\QooBox\Quarantine\C\WINNT\system32\xrkgbtlj.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\WINNT\system32\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b 1
C:\WINNT\system32\L3DFF.tmp Infected: Trojan-Downloader.Win32.PurityScan.gb 1
C:\WINNT\system32\LD5F1.tmp Infected: Trojan-Downloader.Win32.PurityScan.gb 1
C:\WINNT\system32\peyacosj.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINNT\system32\rkupginstaller.exe Infected: not-a-virus:AdWare.Win32.Relevant.d 1
C:\WINNT\system32\twsbigxq.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINNT\system32\wpicphbh.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw 1
The selected area was scanned.

 

Hi
OK now do this.
Delete the CFScript you have on your Desktop

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

KillAll::
File::
C:\WINNT\system32\default.htm
C:\WINNT\system32\L3DFF.tmp 
C:\WINNT\system32\LD5F1.tmp
C:\WINNT\system32\peyacosj.dll
C:\WINNT\system32\rkupginstaller.exe
C:\WINNT\system32\twsbigxq.dll 
C:\WINNT\system32\wpicphbh.exe 

Now you need to do two virus scans, one to clean Nortons APTemp folder and then another Kaspersky scan.

Please follow the instructions below to download and run the Norton Scanner, Make sure that no other applications are open after you download the file.

1. Create a new folder on your desktop and name it "Norton Scanner. "

2. Using Internet Explorer, click on the link below to access the Norton Scanner. Choose "Save File" and save it to the Norton scanner folder on your Desktop.

Norton Scanner

3. Double-click on the "Norton Security Scan" file and save the extracted files to the folder you created on your desktop.

4. When all of the files have be decompressed, double-click on the file "NSS" to launch the Norton Security Scanner.

5. Read and accept the License agreement.

6. Choose "Full System Scan" and then select "Start Scan." The scanner will then download the updated definition files and will scan all of the files on your computer. Please NOTE, depending on how many files are on your system, the scan may take a while. When the scan is complete, click on the "Action Required" tab and follow the instructions.

Now Open Your Nortons Anti Virus quarantine folder and Delete anything that may be in it.

Now do another Kaspersky scan and post the log.

Also there is no need to quote the last posts, I can look back if I need to.

Thanks
Geri

 

ComboFix 08-08-17.03 - Administrator 2008-08-21 23:32:27.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.761 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINNT\system32\default.htm
C:\WINNT\system32\L3DFF.tmp
C:\WINNT\system32\LD5F1.tmp
C:\WINNT\system32\peyacosj.dll
C:\WINNT\system32\rkupginstaller.exe
C:\WINNT\system32\twsbigxq.dll
C:\WINNT\system32\wpicphbh.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\default.htm
C:\WINNT\system32\L3DFF.tmp
C:\WINNT\system32\LD5F1.tmp
C:\WINNT\system32\peyacosj.dll
C:\WINNT\system32\rkupginstaller.exe
C:\WINNT\system32\twsbigxq.dll
C:\WINNT\system32\wpicphbh.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.

2008-08-17 16:23 . 2008-08-17 16:23 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 05:13 --------- d-----w C:\Program Files\Common Files\Real
2006-10-27 00:17 271 --sh--w C:\Program Files\desktop.ini
2006-10-27 00:17 21,952 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2008-08-18_ 0.59.55.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 04:56:20 16,384 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-22 03:35:13 16,384 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
- 2008-08-18 04:56:20 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-22 03:35:13 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-18 04:56:20 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-22 03:35:13 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 07:51 68856]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility "= "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 14:44 196608]
"vptray "= "C:\Program Files\NavNT\vptray.exe" [2001-09-24 08:59 73728]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Synchronization Manager "= "mobsync.exe" [2001-08-23 12:00 135680 C:\WINNT\system32\mobsync.exe]
"SoundMan "= "SOUNDMAN.EXE" [2003-07-16 10:50 55296 C:\WINNT\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 07:51 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop "= "C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [2001-08-23 12:00 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "= mmdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINNT\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2001-08-02 08:14 1077277 C:\Program Files\Messenger\msmsgs.exe

S3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\System32\DRIVERS\usbhub20.sys [2003-06-19 15:05]
S3 viafilter;VIA USB Filter;C:\WINNT\System32\Drivers\viausb.sys [2003-06-18 16:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\WINNT\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 23:35:58
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\NavNT\defwatch.exe
.
**************************************************************************
.
Completion time: 2008-08-21 23:38:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-22 03:38:47
ComboFix2.txt 2008-08-19 11:50:40
ComboFix3.txt 2008-08-19 04:26:14
ComboFix4.txt 2008-08-18 05:00:25

Pre-Run: 74,446,807,040 bytes free
Post-Run: 74,480,791,552 bytes free

113 --- E O F --- 2008-08-21 02:20:30

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:36 PM, on 8/21/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm035LSUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161915113875
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165107153968
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

--
End of file - 6435 bytes

 

Hi oj0sverdes
Did you do the 2 scans?

I need to see the Kaspersky scan results.

Thanks
Geri

 

Scan Status:

Scan: 1

Start Scan: 08/22/08 18:03:02

Scan Targets: Running Processes;Entry Points;C:\

Virus Definitions: 08/21/08

Scan Count: 94809

Risks Found: 1

Risks resolved: 1

Risks unresolved: 0

Scan Time: 1017 sec

Complete Scan: 08/22/08 18:20:00



Resolved Threats:

Tracking Cookie

Virus ID: 4294909925

Risk: Low

Categories: Cookie

State: Repaired

-----------

Cookie:

Cookie:administrator@atdmt.com/

Cookie:administrator@www.fandango.com/

Cookie:administrator@tribalfusion.com/

Cookie:administrator@a.fandango.com/

Cookie:administrator@fandango.com/

Cookie:administrator@advertising.com/

Cookie:administrator@zedo.com/

Cookie:administrator@ad.yieldmanager.com/

Cookie:administrator@ads.revsci.net/adserver

Cookie:administrator@casalemedia.com/







Unresolved Threats:




--------------------------------------------------------------------------

 

Hi oj0sverdes
I don't think that was the Kaspersky scan.

Please do it again.

Geri

 

hi geri, it wasnt the kaspersky scan that was the norton scan, the kaspersky is running right now i'll post as soon as its done.

 

OK Thanks

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 22, 2008
Operating System: Microsoft Windows XP Professional (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 22, 2008 18:44:27
Records in database: 1124860
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 57009
Threat name: 34
Infected objects: 117
Suspicious objects: 0
Duration of the scan: 01:10:21


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lrz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00DC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qre 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00DC0001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F00000.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F00001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\029C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\029C0001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\029C0002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02C80000.VBN Infected: Trojan-Downloader.Win32.Homles.be 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02D00000.VBN Infected: Trojan-Downloader.Win32.Homles.be 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02D00001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.mef 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02F40000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02F40001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02F40002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\046C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04780000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\047C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00006.VBN Infected: Trojan.Java.ClassLoader.as 3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00007.VBN Infected: Trojan.Java.ClassLoader.as 3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06B80000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06B80001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07840000.VBN Infected: Trojan-Downloader.Win32.Small.tod 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980000.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\079C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00000.VBN Infected: Trojan-Downloader.Win32.Small.tod 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00002.VBN Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40000.VBN Infected: not-a-virus:AdWare.Win32.Insider.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qov 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40004.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80000.VBN Infected: Trojan-Downloader.Win32.Small.tod 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80002.VBN Infected: Trojan-Downloader.Win32.Small.tod 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07AC0000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07AC0001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B00000.VBN Infected: Trojan.Win32.BHO.bfl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B00001.VBN Infected: Trojan-Downloader.Win32.Agent.cbx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B80000.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07BC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qpx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07CC0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07CC0001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00005.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00006.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00007.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00008.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D40002.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\089C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qov 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09240000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qre 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09300000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100000.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100001.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.mef 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100003.VBN Infected: Trojan-Downloader.Win32.Agent.cbx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100004.VBN Infected: Trojan-Downloader.Win32.Agent.cbx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100005.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100006.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100007.VBN Infected: Trojan-Downloader.Win32.Homles.be 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100008.VBN Infected: Trojan-Downloader.Win32.Homles.be 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100009.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C10000A.VBN Infected: not-virus:Hoax.Win32.Renos.bio 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C10000B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C10000C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0002.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0003.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0004.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0005.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0006.VBN Infected: Trojan-Downloader.Win32.Homles.bc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0007.VBN Infected: Trojan-Downloader.Win32.Homles.bc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0008.VBN Infected: Trojan.Win32.KillAV.rf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0009.VBN Infected: Trojan.Win32.KillAV.rf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000A.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000D.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000E.VBN Infected: Trojan.Win32.KillAV.rf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C000F.VBN Infected: Trojan.Win32.KillAV.rf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0012.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.lrz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0013.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0014.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0015.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0016.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0019.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001A.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001B.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001D.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C001F.VBN Infected: Trojan-Downloader.Win32.Homles.bc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0020.VBN Infected: Trojan-Downloader.Win32.Homles.bc 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\QooBox\Quarantine\C\Documents and Settings\jc\UserData\EVSTUXMT\spymaxx_setup.exe.vir Infected: not-a-virus:FraudTool.Win32.SpyAway.g 1
C:\QooBox\Quarantine\C\Program Files\Eroca\Eroca.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.i 1
C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir Infected: not-a-virus:AdWare.Win32.FunWeb.e 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1
C:\QooBox\Quarantine\C\Program Files\SpyMaxx\uninstall.exe.vir Infected: not-a-virus:FraudTool.Win32.SpyAway.g 1
C:\QooBox\Quarantine\C\WINNT\system32\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b 1
C:\QooBox\Quarantine\C\WINNT\system32\xfgsdfxr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.afvf 1

The selected area was scanned.

 

Hi oj0sverdes
I asked you to delete everything in Nortons quarantine folder, it there a reason you did not do that?

Please do so.

After doing that then do this.
Delete the CFScript on your Desktop.

Then do this.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.dll 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1.dll 

Now run another Kaspersky scan and post the log.

Geri

 

hi, how do you empty the quarantine folder? after i did the norton scan, i clicked the attention needed tab, fixed what ever problems needed attention after that there was a next tab and then its done i didnt see anything that said empty quarantine folder

 

Hi
I'm not sure how to get to Nortons quarantine folder, I don't use it.

Try this.
Open Norton Antivirus. From the View menu, choose Quarantine.
Look for a Purge or delete button

Or you may have to follow this path and open the quarantine folder and "select all" and then delete

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine

Geri