Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help with getting rid of AntiVirus Gold [RESOLVED]

Started by meercat , Jul 07 2005 09:56 PM

  • This topic is locked This topic is locked

#1
meercat
Posted 07 July 2005 - 09:56 PM

meercat

    Member

  • Member
  • PipPip
  • 12 posts
hi,
my computer has also been infected by this antivirus gold program and the azesearch program. the azsearch toolbar disappeared after i downloaded and initiated all the anri-ad warew programs that was suggested to be used before usinf highjackthis, however the antivirus program and desktop screen as well as the quick launch icon remains and keeps saying annoyin little messages like "u have been infected"
please help
here is my highjackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:45:45 AM, on 7/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\program files\180searchassistant\salm.exe
C:\WINDOWS\System32\qgui9vrv.exe
C:\WINDOWS\System32\humh.exe
C:\WINDOWS\System32\hookdump.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aamir Mansoor\Shared\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BPIEInterface Class - {B40A6610-1D16-11D3-80B2-005004994DA2} - C:\PROGRA~1\ICHOOSE\BPIECL~1.DLL
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [xmbahut] C:\WINDOWS\xmbahut.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [qgui9vrv] C:\WINDOWS\System32\qgui9vrv.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\humh.exe reg_run
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async9x
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\Run: [bqzojud] C:\WINDOWS\bqzojud.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120265171473
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} - http://www.180search...com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  • 0

Advertisements

#2
Trevuren
Posted 07 July 2005 - 10:11 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi meercat and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window.
b. In the left hand column, click "View Topics"
c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren
  • 0

#3
meercat
Posted 07 July 2005 - 10:36 PM

meercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i did as u said with the other hijackthis program and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:33:45 AM, on 7/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\program files\180searchassistant\salm.exe
C:\WINDOWS\System32\qgui9vrv.exe
C:\WINDOWS\System32\humh.exe
C:\WINDOWS\System32\hookdump.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Aim\aim.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BPIEInterface Class - {B40A6610-1D16-11D3-80B2-005004994DA2} - C:\PROGRA~1\ICHOOSE\BPIECL~1.DLL
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [xmbahut] C:\WINDOWS\xmbahut.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [qgui9vrv] C:\WINDOWS\System32\qgui9vrv.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\humh.exe reg_run
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async9x
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\Run: [bqzojud] C:\WINDOWS\bqzojud.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120265171473
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} - http://www.180search...com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  • 0

#4
Trevuren
Posted 08 July 2005 - 11:38 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: BPIEInterface Class - {B40A6610-1D16-11D3-80B2-005004994DA2} - C:\PROGRA~1\ICHOOSE\BPIECL~1.DLL
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O4 - HKLM\..\Run: [xmbahut] C:\WINDOWS\xmbahut.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [qgui9vrv] C:\WINDOWS\System32\qgui9vrv.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\humh.exe reg_run
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\Run: [bqzojud] C:\WINDOWS\bqzojud.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} - http://www.180search...com/180saax.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab

Now using Windows Explorer, please DELETE the following files/folders (with all their content), if they still exist:

C:\program files\180searchassistant<==Folder
C:\WINDOWS\System32\qgui9vrv.exe
C:\WINDOWS\System32\humh.exe
azentretien.dll <== You will have to search for this one
C:\PROGRAM FILES\ICHOOSE\BPIECL~1.DLL
C:\WINDOWS\System32\azesearch4.ocx
C:\WINDOWS\xmbahut.exe
C:\Program Files\Media Access<==Folder
C:\WINDOWS\bqzojud.exe

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.


Regards,

Trevuren
  • 0

#5
meercat
Posted 11 July 2005 - 12:20 PM

meercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
thank you for your help, as far as i can tell the AntivirusGold virus is gone.
here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:35 PM, on 7/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [xmbahut] C:\WINDOWS\xmbahut.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [qgui9vrv] C:\WINDOWS\System32\qgui9vrv.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\humh.exe reg_run
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async9x
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: rctr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120265171473
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

here is the eWido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:47:56 AM, 7/11/2005
+ Report-Checksum: 79F26BA2

+ Scan result:

C:\WINDOWS\SYSTEM32\ncun.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\ivni.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\undo\backup.cab/C:\WINDOWS\Start Menu\Programs\StartUp\rctr.exe -> TrojanDownloader.Qoologic.u : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\Desktop\cmb_260918.vxd -> Heuristic.Win32.Dialer : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\Application Data\lmrc.vxd -> Spyware.PurityScan : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\P2P Networking\p2p networking2.vxd -> Spyware.P2PNetworking : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.eXact : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\SYSTEM32\iasad.dll -> Spyware.AzeSearch : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\SYSTEM32\QaBar.dll -> Spyware.Hijacker.Generic : Error during cleaning
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rctr.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Documents and Settings\Default\Application Data\hpbt.exe -> Spyware.PurityScan : Cleaned with backup
:mozilla.5:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP11\A0000897.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001394.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001400.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001426.ocx -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001428.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001447.exe -> Spyware.WeirWeb : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001475.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001476.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001498.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001504.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001505.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001506.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001507.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001509.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001516.ocx -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001555.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001568.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001569.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001843.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001844.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001848.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001849.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001852.DLL -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001855.exe -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001856.dll -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001857.dll -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001858.exe -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001875.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001876.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001877.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001879.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001880.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001885.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001886.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002212.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002213.exe -> TrojanDownloader.Agent.ed : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002216.dll -> Trojan.TalkStocks.a : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002218.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002219.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002220.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002221.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002222.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002223.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002224.ocx -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002225.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002226.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002227.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002228.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002229.dll -> Trojan.Goldid : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002230.dll -> Trojan.Goldid : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002231.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002232.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002233.dll -> TrojanDropper.Noname.a : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002234.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002235.exe -> Trojan.Golid : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002236.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002237.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002238.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002239.exe -> TrojanDownloader.Small.cg : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002240.dll -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002241.exe -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002242.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002243.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002244.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002245.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002246.dll -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002247.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002250.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002251.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002252.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002253.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002254.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002258.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002259.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002260.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002261.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002320.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup


::Report End

and here is the smitRem log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:47:56 AM, 7/11/2005
+ Report-Checksum: 79F26BA2

+ Scan result:

C:\WINDOWS\SYSTEM32\ncun.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\ivni.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\undo\backup.cab/C:\WINDOWS\Start Menu\Programs\StartUp\rctr.exe -> TrojanDownloader.Qoologic.u : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\Desktop\cmb_260918.vxd -> Heuristic.Win32.Dialer : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\Application Data\lmrc.vxd -> Spyware.PurityScan : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\P2P Networking\p2p networking2.vxd -> Spyware.P2PNetworking : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.eXact : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\system\netut80ex.vxd/C:/WINDOWS/SYSTEM/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\SYSTEM32\iasad.dll -> Spyware.AzeSearch : Error during cleaning
C:\undo\backup.cab/C:\WINDOWS\SYSTEM32\QaBar.dll -> Spyware.Hijacker.Generic : Error during cleaning
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rctr.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Documents and Settings\Default\Application Data\hpbt.exe -> Spyware.PurityScan : Cleaned with backup
:mozilla.5:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\manso003\7w2n83jr.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP11\A0000897.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001394.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001400.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001426.ocx -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001428.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001447.exe -> Spyware.WeirWeb : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001475.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001476.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001498.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001504.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001505.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001506.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001507.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001509.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001516.ocx -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP17\A0001555.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001568.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001569.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001843.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001844.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001848.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001849.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001852.DLL -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001855.exe -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001856.dll -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001857.dll -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001858.exe -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001875.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001876.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001877.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001879.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001880.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001885.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP18\A0001886.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002212.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002213.exe -> TrojanDownloader.Agent.ed : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002216.dll -> Trojan.TalkStocks.a : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002218.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002219.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002220.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002221.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002222.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002223.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002224.ocx -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002225.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002226.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002227.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002228.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002229.dll -> Trojan.Goldid : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002230.dll -> Trojan.Goldid : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002231.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002232.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002233.dll -> TrojanDropper.Noname.a : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002234.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002235.exe -> Trojan.Golid : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002236.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002237.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002238.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002239.exe -> TrojanDownloader.Small.cg : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002240.dll -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002241.exe -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002242.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002243.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002244.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002245.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002246.dll -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002247.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002250.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002251.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002252.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002253.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002254.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002258.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002259.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002260.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002261.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{07B72A25-53D0-48D5-ADB8-096C3371FE4F}\RP22\A0002320.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup


::Report End

once again thank you very much.
  • 0

#6
meercat
Posted 11 July 2005 - 12:22 PM

meercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i had one other question, would it be ok for me to uninstall all the antivirus programs except avg???
  • 0

#7
Trevuren
Posted 11 July 2005 - 03:47 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Not yet, your system is still heavily infected with other stuff.


Trevuren
  • 0

#8
Trevuren
Posted 11 July 2005 - 03:53 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Please RUN HijackThis.
. Click the SCAN button to produce a log.

Place a check mark beside each one of the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O4 - HKLM\..\Run: [xmbahut] C:\WINDOWS\xmbahut.exe
O4 - HKLM\..\Run: [qgui9vrv] C:\WINDOWS\System32\qgui9vrv.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\humh.exe reg_run
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - Global Startup: rctr.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab



Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode

*Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.


Using Windows Explorer, locate the following files/folders (and all their content), and DELETE them (if they are present):

azentretien.dll<===You will have to search for this one
c:\program files\180searchassistant<===Folder
C:\WINDOWS\System32\azesearch4.ocx [/B
C:\WINDOWS\xmbahut.exe
C:\WINDOWS\System32\qgui9vrv.exe
C:\Program Files\Media Access<===Folder
C:\WINDOWS\System32\humh.exe
C:\Program Files\AntivirusGold<===Folder
C:\WINDOWS\System32\hookdump.exe
rctr.exe<===You will have to search for this one

Exit Explorer, and REBOOT BACK INTO NORMAL MODE

Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everytjhing looks now.

[b]Regards,

Trevuren
  • 0

#9
meercat
Posted 11 July 2005 - 07:32 PM

meercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
all of the items that u told me to put a check next to in HJT aren't there after the scan is complete. also i looked for the files that u wanted me to delete and none of them exist either. what should i do next?
  • 0

#10
Trevuren
Posted 11 July 2005 - 07:36 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please post a nw HJT log. Thanks


Trevuren
  • 0

Advertisements

#11
meercat
Posted 11 July 2005 - 09:21 PM

meercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
here is the new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:15:23 PM, on 7/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async9x
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120265171473
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

#12
Trevuren
Posted 11 July 2005 - 09:34 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
One last deletion. Then please tell me how everything is working.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Please RUN HijackThis.
. Click the SCAN button to produce a log.

Place a check mark beside each one of the following items:

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode

*Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.


Using Windows Explorer, locate the following file, and DELETE it (if it is still present):

C:\Program Files\Media Gateway<===Folder and its content

Exit Explorer, and REBOOT BACK INTO NORMAL MODE

Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everytjhing looks now.

Regards,

Trevuren
  • 0

#13
meercat
Posted 12 July 2005 - 06:27 PM

meercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i did as u said, here is the new HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 7:21:25 PM, on 7/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\dvdupgrd.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async9x
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120265171473
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe


what should i do next?
  • 0

#14
Trevuren
Posted 12 July 2005 - 06:40 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
One last thing, please do a search for this file using the Windows Search function:

systray.exe

Rightclick on every instance of the file found and check that it if it is a Microsoft file. If you find one that isn't, write down its location and post both the location and its description back into this thread.

If nothing abnormal is found, please post that fact and we will commence final but essential cleanup procedures.


Regards,


Trevuren
  • 0

#15
meercat
Posted 12 July 2005 - 08:03 PM

meercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
how can u tell if the file is a microsoft file?
two files appeared
one of them is named sytray.exe and its location is C:\WINDOWS\SYSTEM32
ans the other one is named SYSTRAY.EXE-345DCC1C.pf and its location is C:\WINDOWS\Prefetch
i am not sure how to check if it is a microsoft file
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP