Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vanishing IE browser loop


  • Please log in to reply
9 replies to this topic

#1 jphil0744

jphil0744

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 09 October 2005 - 10:58 PM

Greetings

I am trying to repair a friends ailing computer. After establishing a connection with dial-up, the IE browser will appear for 3 seconds, then disappear followed by error messages. This will continue to repeat itself until I disconnect from the web.

They were getting error messages in what I believe was German, but I fixed that.

Earlier today I installed Ad-Aware and Spybot. Ad-Aware showed over 500 errors. Spybot would not finish it's scan.

Any assistance would be great.

Thank you,

Jon

The HijackThis log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 4:46:50 PM, on 5/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\VGVkIFMA\command.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Logitech\iTouch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\sysnet.exe
C:\WINDOWS\System32\0bf69on8.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\newsvinn.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\System32\medgs1.exe
C:\WINDOWS\System32\gms2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\opr.exe
C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\InSearch.exe
C:\WINDOWS\system\scqgdt.exe
c:\windows\system32\putsdr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\LCC Statewide Dialup Platform\dialer.exe
C:\Program Files\Internet Explorer\iexplore.exe
J:\Window First Aid\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lcc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [0bf69on8] C:\WINDOWS\System32\0bf69on8.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kdskgs.exe reg_run
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [0FmQ39O] newsvinn.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [002] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [GsAds] C:\WINDOWS\System32\gms2.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [opr] C:\WINDOWS\System32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [ncaysti] c:\windows\system32\putsdr.exe r
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download...MARKETING32.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0031.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGVkIFMA\command.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

BC AdBot (Login to Remove)

 


#2 P3-450

P3-450

    Malware Destroyer


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Location:Leeds, UK
  • Local time:09:13 AM

Posted 10 October 2005 - 08:10 AM

Hi jphil0744, welcome to BC :thumbsup:

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.


For a final cleanup, please install and run Ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
    Close Ewido
Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
When you are in safemode load up Ewido
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Please finish up by rebooting your system back into normal mode, and posting a new HijackThis log and the log from the Ewido scan. :flowers:
Posted Image
A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. -Sir Winston Churchill

#3 jphil0744

jphil0744
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 11 October 2005 - 09:24 AM

Hi jphil0744, welcome to BC :thumbsup:

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.


For a final cleanup, please install and run Ewido.

  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
    Close Ewido
Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
When you are in safemode load up Ewido
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Please finish up by rebooting your system back into normal mode, and posting a new HijackThis log and the log from the Ewido scan. :flowers:



#4 jphil0744

jphil0744
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 11 October 2005 - 09:43 AM

UPDATE:

So far, so good. Quite a bit of progress has been made. I am still getting some error messages, but the IE browser is functioning.

Here are copies of the latest logs:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:53:54 PM, 5/23/2005
+ Report-Checksum: F5C49FC1

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL\\AppID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID\\ -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5\CLSID\\ -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\\AppID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\TypeLib\\ -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib\\ -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAFAIE -> Adware.AFAEnhance : Cleaned with backup
HKU\S-1-5-21-4216122411-992773886-2817797201-1007\Software\DNS -> Adware.Shorty : Cleaned with backup
C:\FOUND.005\FILE0002.CHK -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\nsk13.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\wirelanb.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\exp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\uerkftir.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\0bf69on8.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\tjqtv96e.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\WINDOWS\system32\exp -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\system32\pop.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\nco2_32.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\WINDOWS\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\uci.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\qywqa.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\ddfdjsd.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\cqdcnmc.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\dkedn.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\medgs1.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\NNSCAA638.EXE -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\mmxdoubleexe.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\WINDOWS\system32\kdskgs.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\wyccug.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system\scqgdt.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\kjhnauq.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka63.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ptriqhnrib.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\besv23jt.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\VGVkIFMA\asappsrv.dll -> Spyware.CommAd : Cleaned with backup
C:\WINDOWS\VGVkIFMA\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\offun.exe -> TrojanDownloader.VB.hw : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dcrd.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@buycom.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sarah Szymanski\Local Settings\Temp\327976_4324_3740_4708_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Sarah Szymanski\Local Settings\Temp\524582_1796_3740_5780_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\ptf_0029.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\pcs_0029.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\i25.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\labpengs.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\sysnet.exe -> TrojanDownloader.Agent.oa : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\197592_2668_3216_3648_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\66126_2460_1160_2628_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\328138_2460_1160_2644_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\MediaGateway2 -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\temp.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\328586_3156_628_4016_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\res62.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\590358_2556_980_1080_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\66174_2420_980_2592_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\262566_3828_980_4032_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\656000_176_980_1732_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\393798_176_980_3332_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\590358_2556_980_1080_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Ted S\Local Settings\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Ted S\Local Settings\Temp\1442440_2556_980_2680_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\180SAInstallerAdPerform.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Ted S\Local Settings\Temp\180SAInstallerAdPerform.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Ted S\Local Settings\Temp\394022_2556_980_2960_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\524858_2556_980_2260_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\655760_1712_628_4020_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\459224_3080_604_3660_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\393766_1712_628_2256_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\jfghjfgudk.exe -> TrojanDownloader.IstBar.lq : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\721318_2504_376_3304_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\590172_2504_376_2796_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\656816_3840_952_1948_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\ptf_0009.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\393606_1912_1964_244_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\393864_804_1964_1536_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\590690_2728_1152_2824_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\temp.frEE64 -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\394408_3880_1772_3604_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\263132_308_1772_3212_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\197678_3880_1772_4008_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\262660_3880_1772_4032_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\328330_3880_1772_2252_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\262972_3880_1772_2524_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\590480_3880_1772_1768_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temp\14157010_3880_1772_988_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Ted S\Local Settings\Temporary Internet Files\Content.IE5\0DUNOFS3\trk_0021[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Ted S\Cookies\ted s@abetterinternet[3].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kim S\Local Settings\Temp\66516_2004_960_3020_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Program Files\Common Files\rzzi\rzzia.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\rzzi\rzzil.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\rzzi\rzzim.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\rzzi\rzzip.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\mc-110-12-0000079.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Spyware.Pacer : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\Cas\Client\casclient.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\Program Files\Aprps\CxtPls.exe -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\Program Files\180searchassistant -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm_gdf.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salmhook.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salmau.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm_kyf.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\CMSystem\plugin.dll -> Spyware.CASClient : Cleaned with backup
C:\Program Files\CMSystem\CMSystem.exe -> Spyware.CASClient : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014907.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014919.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014920.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014925.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014930.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014932.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014941.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014946.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014947.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014949.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014951.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014955.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014959.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014964.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014968.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0014969.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0015964.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0015967.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0015968.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0016963.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0016966.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP51\A0016968.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP52\A0016979.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP52\A0016982.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP52\A0016983.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0017984.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0017985.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0017986.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0017988.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0017989.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0017990.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0017997.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0017999.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018005.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018009.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018011.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018012.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018015.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018016.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018017.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018018.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018021.EXE -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018022.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018023.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018024.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018027.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018028.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018029.DLL -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018035.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018036.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018037.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018038.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018039.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018042.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018044.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018045.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0018047.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0019032.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0019033.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0019034.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0019035.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0019037.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0019039.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0019041.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020030.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020035.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020036.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020037.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020038.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020039.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020040.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020043.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020044.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020045.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020046.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020047.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020050.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020053.EXE -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020063.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020065.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020066.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020067.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020069.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020072.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020073.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020075.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020077.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020078.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020079.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020086.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP56\A0020093.EXE -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020104.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020106.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020107.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020108.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020109.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020112.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020113.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020119.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020120.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020121.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020124.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020125.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020127.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020128.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020130.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020132.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020133.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020134.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020147.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020148.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020149.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020150.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020151.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020153.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020155.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020156.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020158.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020160.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020163.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020164.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020165.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020177.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020180.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020181.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020182.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020183.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020185.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020186.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020188.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0020190.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0021176.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0021179.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0021180.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0021182.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0021183.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0021184.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0021185.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0021187.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0022176.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0022179.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0022181.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0022182.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0022183.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0022184.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0022186.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0022192.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023174.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023219.exe -> TrojanDownloader.Apropo.g : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023222.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023223.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023224.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023226.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023227.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023228.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023231.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023232.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023233.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023234.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023236.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023237.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023238.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023240.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023242.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023243.EXE -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023245.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023246.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023247.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023248.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023249.exe -> Worm.Welchia.b : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023250.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023251.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023252.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023253.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023254.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023256.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023257.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023259.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023260.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023261.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023262.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023263.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023264.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023265.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023266.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023267.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023268.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023269.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023270.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023271.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023276.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023277.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023278.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023284.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023287.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023289.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023290.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023291.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023292.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023293.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP57\A0023302.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0023339.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0023340.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0023341.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0023343.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0023346.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0023347.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0023358.dll -> Spyware.CASClient : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0024336.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0024340.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0024343.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0024345.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0024347.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0024348.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0024349.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0025332.exe -> Spyware.Apropos : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0025337.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0025341.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0025342.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0025343.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0025344.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0025345.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP59\A0025346.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025475.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025486.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025487.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025488.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025489.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025493.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025494.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025497.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025498.EXE -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025499.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025500.EXE -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025505.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025506.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025507.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025508.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025511.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025512.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025520.DLL -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025527.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025529.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025530.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025531.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025532.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025533.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP62\A0025540.dll -> Spyware.NewDotNet : Cleaned with backup
C:\temp\180Pack6480.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\silent.exe -> TrojanDropper.Agent.se : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 4:12:14 PM, on 5/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmg

#5 P3-450

P3-450

    Malware Destroyer


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Location:Leeds, UK
  • Local time:09:13 AM

Posted 11 October 2005 - 01:04 PM

Hi

Your Hijackthis log was cut, can you run another scan and post back the log again :thumbsup:
Posted Image
A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. -Sir Winston Churchill

#6 jphil0744

jphil0744
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 12 October 2005 - 03:04 PM

The rest of the HijackThis Log:

Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:14 PM, on 5/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sjrsadq.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Logitech\iTouch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\gms2.exe
C:\WINDOWS\System32\opr.exe
C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\InSearch.exe
C:\WINDOWS\vtlftej.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system\drtg.exe
J:\Window First Aid\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lcc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [GsAds] C:\WINDOWS\System32\gms2.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [opr] C:\WINDOWS\System32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [vtlftej] C:\WINDOWS\vtlftej.exe
O4 - HKLM\..\Run: [AutoLoader0s5a1LTUUWXX] "C:\WINDOWS\System32\newsvinn.exe"
O4 - HKLM\..\Run: [0FmQ39O] newsvinn.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0031.exe
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGVkIFMA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sjrsadq.exe

#7 P3-450

P3-450

    Malware Destroyer


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Location:Leeds, UK
  • Local time:09:13 AM

Posted 12 October 2005 - 03:29 PM

Hi

===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

NewDotNet

If it is not there, go here and follow Procedure 4: http://www.newdotnet.com/removal.html


===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\sjrsadq.exe
C:\WINDOWS\System32\gms2.exe
C:\WINDOWS\System32\opr.exe
C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\InSearch.exe
C:\WINDOWS\vtlftej.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.



===============



Next, Open a command prompt by:

1. Clicking "Start", then "Run...".
2. Enter "cmd" (without the quotes).
3. Enter "services.msc" (without the quotes).

-

Now, locate and 'stop' the following services, if present:

Windows Overlay Components owner ... (C:\WINDOWS\sjrsadq.exe)

Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services.


===============

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u C:\Program Files\CMSystem\plugin.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [GsAds] C:\WINDOWS\System32\gms2.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [opr] C:\WINDOWS\System32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [vtlftej] C:\WINDOWS\vtlftej.exe
O4 - HKLM\..\Run: [AutoLoader0s5a1LTUUWXX] "C:\WINDOWS\System32\newsvinn.exe"
O4 - HKLM\..\Run: [0FmQ39O] newsvinn.exe

O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)

O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0031.exe

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGVkIFMA\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sjrsadq.exe


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\NewDotNet
C:\Program Files\Freeprod Toolbar
C:\Program Files\CMSystem

files...

C:\WINDOWS\sjrsadq.exe
C:\WINDOWS\System32\gms2.exe
C:\WINDOWS\System32\opr.exe
C:\DOCUME~1\TEDS~1\LOCALS~1\Temp\InSearch.exe
C:\WINDOWS\vtlftej.exe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\VCMnet11.exe
C:\WINDOWS\System32\newsvinn.exe



Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============




Reboot back into normal mode


===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.


================


Run another Hijackthis scan and post back the new log :thumbsup:
Posted Image
A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. -Sir Winston Churchill

#8 P3-450

P3-450

    Malware Destroyer


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Location:Leeds, UK
  • Local time:09:13 AM

Posted 19 October 2005 - 11:12 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.


Topic reopened

Edited by P3-450, 20 October 2005 - 11:10 AM.

Posted Image
A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. -Sir Winston Churchill

#9 jphil0744

jphil0744
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 20 October 2005 - 11:33 AM

Hi,

The PC is working much better. Here is the new HJT log from last night. Thanks again for all your help.

Logfile of HijackThis v1.99.1
Scan saved at 8:21:22 PM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Logitech\iTouch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system\drtg.exe
C:\Program Files\LCC Statewide Dialup Platform\dialer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
J:\Window First Aid\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lcc.edu/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{19D4A564-BA77-496E-A614-BF0A412B3334}: NameServer = 216.157.192.2 216.157.192.3
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGVkIFMA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe


I will be installing SpyBlaster on my next visit. His dial-up takes to long to download.

#10 P3-450

P3-450

    Malware Destroyer


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Location:Leeds, UK
  • Local time:09:13 AM

Posted 21 October 2005 - 12:00 PM

Hi

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGVkIFMA\command.exe (file missing)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============


1. Please download LSPFix from here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of newdotnet6_38.dll.
5. Select every instance of newdotnet6_38.dll and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish>>.


================


Please do the below

1) Go to START-RUN and type cmd and hit enter.
2) At the prompt type in sc stop cmdservice hit enter
3) type int sc delete cmdservice hit enter
4) Close that command window.


=================


Reboot and post back a fresh hijackthis log :thumbsup:
Posted Image
A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. -Sir Winston Churchill




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users