My wife's co-worker has given us a laptop. It had a history of virii trouble of some sort, apparently in its checkered youth.
My intent is to use it to communicate with my wife vie Teamspeak while she is overseas on a four-month business trip. It has been working very well for several months, right up until a week before my wife left with the "good" laptop. I'd heard rumors of trouble from the two kids in the house, but as soon as my wife flew out of the country my niece informed me that she'd "been having trouble lately with MySpace and the Internet on the Compaq!"
Trouble as in Ceres ad popups, a missing file on boot-up (ccw32.dll ) that was associated with something called "Carbon Copy", constant lockup, and POR re-boots. Sex ads with amazingly graphic animations, ads for "adware removal tools", the works.
Joy. I had no idea it was this bad out there. I've been spoiled by my somewhat careful care of the "good" laptop! I let this one slide...
Before posting, I have spent the past five days completing the first four steps listed at "GeeksToGo: Before you post a HijackThis log!" I hope that I've covered most of it.
(It took three days just to get the machine to reliably boot. Fun stuff! )
Someone had done a partial uninstall of McAfee AntiVirus at some point. I should clean that up the rest of the way, but my skills are about a five on a 1-to-10 scale, and I have to be careful not to cause more trouble than I'm trying to cure.
I did install AVG anti-virus. I've run the full scan today, and I've also run the following crapware removal tools:
PanicWare's PopUpScanner (PopUpStopper has always been on this machine)
Spybot S&D
SpywareBlaster
Ad-Aware SE Personal
HijackThis
The only step I could not complete was the installation and use of CWShredder. (Missing dll file: oleacc.dll ) That, and the missing ccw32.dll file...
I have resisted the temptation to jump in and start deleting things without good advice, so I apologize if this listing is extensive to the point of idiotic.
Thank you for any time you might have for this!
- Pat Hough
The computer is a Compaq Presario 1690
64 MBytes RAM
AMD K6 processor
running Windows 98 ver 4.10.1998
Here's the HijackThis log:
- - - - - - - - - - - - - - - -
Logfile of HijackThis v1.99.1
Scan saved at 1:54:29 AM, on 5/31/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN\AUTOLAUNCH.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\XUJPIGL.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\CALC.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=enu
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.altavista...ort/runonce.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\SYSTEM\RSYNCMON.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\JUNO\TOOLBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [xujpigl] c:\windows\system\xujpigl.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\bwtray.exe
O4 - HKLM\..\Run: [OEMCLEANUP] c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.EXE"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavist...avie5/babelfish
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
- - - - - - - - - - - - - - - - -
...and here's the Panda ActiveScan report:
Incident Status Location
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\CFGMGR52.DLL
Virus:Trj/Imiserv.D Disinfected Operating system
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\SYSTEM\XUJPIGL.EXE
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\SYSTEM\RSYNCMON.DLL
Adware:Adware/Kingporn No disinfected C:\WINDOWS\SYSTEM\COMMCOSS.DLL
Adware:Adware/Twain-Tech No disinfected c:\WINDOWS\SYSTEM\XUJPIGL.EXE
Adware:Adware/SaveNow No disinfected C:\windows\TEMP\atf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL
Spyware:Spyware/ShopNav No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/Apropos No disinfected C:\windows\TEMP\AutoUpdate0
Adware:Adware/WinTools No disinfected C:\windows\TEMP\down.cab
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM\wrapperouter.exe
Adware:Adware/DealHelper No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINDOWS\SYSTEM\246765-ventura-hot.exe
Adware:Adware/IEPlugin No disinfected C:\WINDOWS\systb.dll
Adware:Adware/WUpd No disinfected Windows Registry
Adware:Adware/ExactSearch No disinfected C:\windows\TEMP\installer_MARKETING??.exe
Adware:Adware/Kingporn No disinfected C:\WINDOWS\SYSTEM\commcoss.dll
Adware:Adware/Transponder No disinfected Windows Registry
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\SYSTEM\psoft1.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\SYSTEM\xujpigl.exe
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\SYSTEM\psoft1.exe
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\SYSTEM\installer_MARKETING18.exe
Adware:Adware/Kingporn No disinfected C:\WINDOWS\SYSTEM\COMMCOSS.DLL
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\SYSTEM\wrapperouter.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\SYSTEM\246765-ventura-hot.exe
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\SYSTEM\bs51-eginwl51-vb.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\SYSTEM\thin-94-1-x-x.exe
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\SYSTEM\InstallerV34.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Uxlkca.exe
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\SYSTEM\rsyncmon.dll
Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDow_AS2.exe
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\SYSTEM\netsync.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\dun.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Bjwhkp.exe
Virus:Trj/Downloader.BYZ Disinfected C:\WINDOWS\SYSTEM\dist001.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM\cxtpls_loader.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM\tpptvout.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM\fintvt16.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\CERES.INF
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\TEMP\installer_MARKETING18.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\TEMP\wrapperouter.exe
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\TEMP\ExtractDLL.dll
Adware:Adware/WinTools No disinfected C:\WINDOWS\TEMP\down.cab
Adware:Adware/MyWebSearch No disinfected C:\WINDOWS\TEMP\down.cab[WToolsB.dll]
Adware:Adware/MyWebSearch No disinfected C:\WINDOWS\TEMP\down.cab[WToolsA.exe]
Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab
Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab[ceres.inf]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab[ceres.dll]
Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab[spike.exe]
Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.dll
Adware:Adware/MyWebSearch No disinfected C:\WINDOWS\TEMP\WToolsB.dll
Adware:Adware/MyWebSearch No disinfected C:\WINDOWS\TEMP\WToolsA.exe
Adware:Adware/SaveNow No disinfected C:\WINDOWS\TEMP\auf0.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\TEMP\auf1.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\TEMP\AutoUpdate0\auto_update_install.exe
Adware:Adware/Envolo No disinfected C:\WINDOWS\TEMP\AutoUpdate0\setup.inf
Adware:Adware/Apropos No disinfected C:\WINDOWS\TEMP\cxtpls_loader.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL
Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\systb.dll
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32.ini
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\hoprcvdi.exe
Virus:Trj/Updagent.A Disinfected C:\Program Files\Internet Explorer\svchost.exe